QBC Inconsistency-Based Threat Intelligence IOC Recognition

With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defe...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Wenli Zeng, Zhi Liu, Yaru Yang, Gen Yang, Qin Luo
Formato: article
Lenguaje:EN
Publicado: IEEE 2021
Materias:
IOC
QBC
Acceso en línea:https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
Descripción
Sumario:With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy.