Noise Contrastive Estimation-based Matching Framework for Low-Resource Security Attack Pattern Recognition

Tu Nguyen, Nedim Šrndić, Alexander Neth


Abstract
Techniques, Tactics and Procedures (TTP) mapping is an important and difficult task in the application of cyber threat intelligence (CTI) extraction for threat reports. TTPs are typically expressed in semantic forms within security knowledge bases like MITRE ATT&CK, serving as textual high-level descriptions for sophisticated attack patterns. Conversely, attacks in CTI threat reports are detailed in a combination of natural and technical language forms, presenting a significant challenge even for security experts to establish correlations or mappings with the corresponding TTPs.Conventional learning approaches often target the TTP mapping problem in the classical multiclass/label classification setting. This setting hinders the learning capabilities of the model, due to the large number of classes (i.e., TTPs), the inevitable skewness of the label distribution and the complex hierarchical structure of the label space. In this work, we approach the problem in a different learning paradigm, such that the assignment of a text to a TTP label is essentially decided by the direct semantic similarity between the two, thus, reducing the complexity of competing solely over the large labeling space. In order that, we propose a neural matching architecture that incorporates a sampling based learn-to-compare mechanism, facilitating the learning process of the matching model despite constrained resources.
Anthology ID:
2024.findings-eacl.25
Volume:
Findings of the Association for Computational Linguistics: EACL 2024
Month:
March
Year:
2024
Address:
St. Julian’s, Malta
Editors:
Yvette Graham, Matthew Purver
Venue:
Findings
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
355–373
Language:
URL:
https://aclanthology.org/2024.findings-eacl.25
DOI:
Bibkey:
Cite (ACL):
Tu Nguyen, Nedim Šrndić, and Alexander Neth. 2024. Noise Contrastive Estimation-based Matching Framework for Low-Resource Security Attack Pattern Recognition. In Findings of the Association for Computational Linguistics: EACL 2024, pages 355–373, St. Julian’s, Malta. Association for Computational Linguistics.
Cite (Informal):
Noise Contrastive Estimation-based Matching Framework for Low-Resource Security Attack Pattern Recognition (Nguyen et al., Findings 2024)
Copy Citation:
PDF:
https://preview.aclanthology.org/nschneid-patch-1/2024.findings-eacl.25.pdf
Note:
 2024.findings-eacl.25.note.tgz