网络威胁情报的自动动态质量评估方法

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Computers & Security Pub Date : 2024-09-01 DOI:10.1016/j.cose.2024.104079
Libin Yang , Menghan Wang , Wei Lou
{"title":"网络威胁情报的自动动态质量评估方法","authors":"Libin Yang ,&nbsp;Menghan Wang ,&nbsp;Wei Lou","doi":"10.1016/j.cose.2024.104079","DOIUrl":null,"url":null,"abstract":"<div><div>The emergence of cyber threat intelligence (CTI) is a promising approach for alleviating malicious activities. However, the effectiveness of CTIs is heavily dependent on their quality. Current literature develops the CTI quality assessment ontology mainly from the perspective of CTI source or content separately, regardless of their availability in practice. In this paper, we propose an automated CTI quality assessment method that synthesizes the trustworthiness of CTI sources and the availability of CTI contents. Specifically, we model the interactions of CTI feeds as a correlation graph and propose an iterative algorithm to well discriminate the feeds’ trustworthiness. We elaborate a CTI content assessment together with a machine learning algorithm to automatically classify CTIs’ availability from a set of content metrics. A comprehensive CTI quality assessment is proposed by jointly considering the feed trustworthiness and content availability. Extensive experimental results on real datasets demonstrate that our proposed method can quantitatively as well as effectively assess CTI quality.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104079"},"PeriodicalIF":4.8000,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An automated dynamic quality assessment method for cyber threat intelligence\",\"authors\":\"Libin Yang ,&nbsp;Menghan Wang ,&nbsp;Wei Lou\",\"doi\":\"10.1016/j.cose.2024.104079\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The emergence of cyber threat intelligence (CTI) is a promising approach for alleviating malicious activities. However, the effectiveness of CTIs is heavily dependent on their quality. Current literature develops the CTI quality assessment ontology mainly from the perspective of CTI source or content separately, regardless of their availability in practice. In this paper, we propose an automated CTI quality assessment method that synthesizes the trustworthiness of CTI sources and the availability of CTI contents. Specifically, we model the interactions of CTI feeds as a correlation graph and propose an iterative algorithm to well discriminate the feeds’ trustworthiness. We elaborate a CTI content assessment together with a machine learning algorithm to automatically classify CTIs’ availability from a set of content metrics. A comprehensive CTI quality assessment is proposed by jointly considering the feed trustworthiness and content availability. Extensive experimental results on real datasets demonstrate that our proposed method can quantitatively as well as effectively assess CTI quality.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104079\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003845\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003845","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

网络威胁情报(CTI)的出现是缓解恶意活动的一种大有可为的方法。然而,CTI 的有效性在很大程度上取决于其质量。目前的文献主要从 CTI 来源或内容的角度分别开发 CTI 质量评估本体,而忽略了它们在实践中的可用性。在本文中,我们提出了一种自动 CTI 质量评估方法,该方法综合了 CTI 来源的可信度和 CTI 内容的可用性。具体来说,我们将 CTI 源的交互作用建模为相关图,并提出了一种迭代算法来很好地判别源的可信度。我们将 CTI 内容评估与机器学习算法结合起来,通过一系列内容指标对 CTI 的可用性进行自动分类。通过联合考虑信息源的可信度和内容的可用性,我们提出了一种全面的 CTI 质量评估方法。在真实数据集上的大量实验结果表明,我们提出的方法可以定量、有效地评估 CTI 质量。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
An automated dynamic quality assessment method for cyber threat intelligence
The emergence of cyber threat intelligence (CTI) is a promising approach for alleviating malicious activities. However, the effectiveness of CTIs is heavily dependent on their quality. Current literature develops the CTI quality assessment ontology mainly from the perspective of CTI source or content separately, regardless of their availability in practice. In this paper, we propose an automated CTI quality assessment method that synthesizes the trustworthiness of CTI sources and the availability of CTI contents. Specifically, we model the interactions of CTI feeds as a correlation graph and propose an iterative algorithm to well discriminate the feeds’ trustworthiness. We elaborate a CTI content assessment together with a machine learning algorithm to automatically classify CTIs’ availability from a set of content metrics. A comprehensive CTI quality assessment is proposed by jointly considering the feed trustworthiness and content availability. Extensive experimental results on real datasets demonstrate that our proposed method can quantitatively as well as effectively assess CTI quality.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
期刊最新文献
Beyond the sandbox: Leveraging symbolic execution for evasive malware classification Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks PdGAT-ID: An intrusion detection method for industrial control systems based on periodic extraction and spatiotemporal graph attention Dynamic trigger-based attacks against next-generation IoT malware family classifiers Assessing cybersecurity awareness among bank employees: A multi-stage analytical approach using PLS-SEM, ANN, and fsQCA in a developing country context
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1