Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.
Relation extraction techniques in cyber threat intelligence
Nicolazzo S.;
2024-01-01
Abstract
Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.| File | Dimensione | Formato | |
|---|---|---|---|
|
NLDB24.pdf
file disponibile solo agli amministratori
Licenza:
DRM non definito
Dimensione
343.26 kB
Formato
Adobe PDF
|
343.26 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
