QBC Inconsistency-Based Threat Intelligence IOC Recognition
With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defe...
Enregistré dans:
| Auteurs principaux: | , , , , |
|---|---|
| Format: | article |
| Langue: | EN |
| Publié: |
IEEE
2021
|
| Sujets: | |
| Accès en ligne: | https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e |
| Tags: |
Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
|
| Résumé: | With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy. |
|---|