QBC Inconsistency-Based Threat Intelligence IOC Recognition

With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defe...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Wenli Zeng, Zhi Liu, Yaru Yang, Gen Yang, Qin Luo
Formato: article
Lenguaje:EN
Publicado: IEEE 2021
Materias:
IOC
QBC
Acceso en línea:https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:39c69d59f7834b62b164ce284bb4480e
record_format dspace
spelling oai:doaj.org-article:39c69d59f7834b62b164ce284bb4480e2021-11-20T00:02:28ZQBC Inconsistency-Based Threat Intelligence IOC Recognition2169-353610.1109/ACCESS.2021.3128070https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e2021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9614171/https://doaj.org/toc/2169-3536With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy.Wenli ZengZhi LiuYaru YangGen YangQin LuoIEEEarticleThreat intelligenceIOCactive learningQBCElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 153102-153107 (2021)
institution DOAJ
collection DOAJ
language EN
topic Threat intelligence
IOC
active learning
QBC
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
spellingShingle Threat intelligence
IOC
active learning
QBC
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Wenli Zeng
Zhi Liu
Yaru Yang
Gen Yang
Qin Luo
QBC Inconsistency-Based Threat Intelligence IOC Recognition
description With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy.
format article
author Wenli Zeng
Zhi Liu
Yaru Yang
Gen Yang
Qin Luo
author_facet Wenli Zeng
Zhi Liu
Yaru Yang
Gen Yang
Qin Luo
author_sort Wenli Zeng
title QBC Inconsistency-Based Threat Intelligence IOC Recognition
title_short QBC Inconsistency-Based Threat Intelligence IOC Recognition
title_full QBC Inconsistency-Based Threat Intelligence IOC Recognition
title_fullStr QBC Inconsistency-Based Threat Intelligence IOC Recognition
title_full_unstemmed QBC Inconsistency-Based Threat Intelligence IOC Recognition
title_sort qbc inconsistency-based threat intelligence ioc recognition
publisher IEEE
publishDate 2021
url https://doaj.org/article/39c69d59f7834b62b164ce284bb4480e
work_keys_str_mv AT wenlizeng qbcinconsistencybasedthreatintelligenceiocrecognition
AT zhiliu qbcinconsistencybasedthreatintelligenceiocrecognition
AT yaruyang qbcinconsistencybasedthreatintelligenceiocrecognition
AT genyang qbcinconsistencybasedthreatintelligenceiocrecognition
AT qinluo qbcinconsistencybasedthreatintelligenceiocrecognition
_version_ 1718419827594362880