当前位置: X-MOL 学术MIS Quarterly › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach
MIS Quarterly ( IF 7.0 ) Pub Date : 2024-03-01 , DOI: 10.25300/misq/2023/17316
Benjamin Ampel , Sagar Samtani , Hongyi Zhu , Hsinchun Chen

The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.

中文翻译:

使用黑客漏洞标签创建主动网络威胁情报:深度迁移学习方法

复杂信息系统的快速扩散导致了越来越多的漏洞利用,可能导致无法修复的网络漏洞。为了减轻这些网络威胁,学术界和工业界高度重视主动识别和标记国际黑客社区开发的漏洞。然而,黑客论坛中标记漏洞的主流方法并没有利用来自漏洞暗网市场或公共漏洞存储库的元数据来增强标记性能。在这项研究中,我们采用计算设计科学范式开发了一种新颖的信息技术工件,即深度迁移学习利用标签器(DTL-EL)。DTL-EL 融合了预初始化设计、多层深度迁移学习 (DTL) 和自我关注机制,可自动标记黑客论坛中的漏洞。我们根据基于经典机器学习和深度学习的最先进的非 DTL 基准方法严格评估了所提出的 DTL-EL。结果表明,所提出的 DTL-EL 在准确度、精确度、召回率和 F1 分数方面显着优于基准方法。我们提出的 DTL-EL 框架为网络安全经理、分析师和教育工作者等关键利益相关者提供了重要的实际意义。
更新日期:2024-03-02
down
wechat
bug