QBC Inconsistency-Based Threat Intelligence IOC Recognition
With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defe...
Guardado en:
Autores principales: | , , , , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
IEEE
2021
|
Materias: | |
Acceso en línea: | https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:39c69d59f7834b62b164ce284bb4480e |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:39c69d59f7834b62b164ce284bb4480e2021-11-20T00:02:28ZQBC Inconsistency-Based Threat Intelligence IOC Recognition2169-353610.1109/ACCESS.2021.3128070https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e2021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9614171/https://doaj.org/toc/2169-3536With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy.Wenli ZengZhi LiuYaru YangGen YangQin LuoIEEEarticleThreat intelligenceIOCactive learningQBCElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 153102-153107 (2021) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
Threat intelligence IOC active learning QBC Electrical engineering. Electronics. Nuclear engineering TK1-9971 |
spellingShingle |
Threat intelligence IOC active learning QBC Electrical engineering. Electronics. Nuclear engineering TK1-9971 Wenli Zeng Zhi Liu Yaru Yang Gen Yang Qin Luo QBC Inconsistency-Based Threat Intelligence IOC Recognition |
description |
With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy. |
format |
article |
author |
Wenli Zeng Zhi Liu Yaru Yang Gen Yang Qin Luo |
author_facet |
Wenli Zeng Zhi Liu Yaru Yang Gen Yang Qin Luo |
author_sort |
Wenli Zeng |
title |
QBC Inconsistency-Based Threat Intelligence IOC Recognition |
title_short |
QBC Inconsistency-Based Threat Intelligence IOC Recognition |
title_full |
QBC Inconsistency-Based Threat Intelligence IOC Recognition |
title_fullStr |
QBC Inconsistency-Based Threat Intelligence IOC Recognition |
title_full_unstemmed |
QBC Inconsistency-Based Threat Intelligence IOC Recognition |
title_sort |
qbc inconsistency-based threat intelligence ioc recognition |
publisher |
IEEE |
publishDate |
2021 |
url |
https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e |
work_keys_str_mv |
AT wenlizeng qbcinconsistencybasedthreatintelligenceiocrecognition AT zhiliu qbcinconsistencybasedthreatintelligenceiocrecognition AT yaruyang qbcinconsistencybasedthreatintelligenceiocrecognition AT genyang qbcinconsistencybasedthreatintelligenceiocrecognition AT qinluo qbcinconsistencybasedthreatintelligenceiocrecognition |
_version_ |
1718419827594362880 |