Sophisticated cyber attacks have plagued many high-profile businesses. To remain aware of the fast-evolving threat landscape, open-source Cyber Threat Intelligence (OSCTI) has received growing attention from the community. Commonly, knowledge about threats is presented in a vast number of OSCTI reports. Despite the pressing need for high-quality OSCTI, existing OSCTI gathering and management platforms, however, have primarily focused on isolated, low-level Indicators of Compromise. On the other hand, higher-level concepts (e.g., adversary tactics, techniques, and procedures) and their relationships have been overlooked, which contain essential knowledge about threat behaviors that is critical to uncovering the complete threat scenario. To bridge the gap, we propose SecurityKG, a system for automated OSCTI gathering and management. SecurityKG collects OSCTI reports from various sources, uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors, and constructs a security knowledge graph. SecurityKG also provides a UI that supports various types of interactivity to facilitate knowledge graph exploration.
翻译:广受关注的网络攻击使许多高知名度企业深受其害。为了保持对快速变化的威胁景观的认识,开放源码网络威胁情报(OSCTI)日益受到社区的注意。一般而言,关于威胁的知识出现在大量OSCTI报告中。尽管迫切需要高质量的OSCTI,但现有的OSCTI收集和管理平台主要侧重于孤立的低层次的融合指标。另一方面,高层概念(例如对立策略、技术和程序)及其关系被忽略,这些概念包含对发现完整的威胁情景至关重要的威胁行为的基本知识。为了弥合这一差距,我们提议建立安全KG,这是一个自动收集和管理OSCTI的系统。安全KG收集来自不同来源的OSCTI报告,使用AI和NLP技术的组合来获取关于威胁行为的高不端知识,并构建一个安全知识图表。安全KG还提供一种支持各种互动性的信息界面,以支持知识图表的探索。