| Presentation | 2021-03-05 Information retrieval for security reports using behavior of cyber attacker Yuki Kawaguchi, Mayo Yamasaki, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Cyber security incident responders require related information about related incidents for the quick and comprehensiveinvestigation. Security reports, published by security vendors and researchers, are the intelligence source that fulfillsthe requirements. However, responders cannot utilize reports effectively because it is difficult to retrieve reports using onlyinformation observed in incident response. For resolving this problem, we proposed the system that can use adversaries’sbehaviors in natural language as search query. In this paper, we propose a weak supervision method, that focuses on semanticsimilarity, and a model architecture that integrate multiple queries. Our proposals improved the coverage of search results formultiple queries than traditional weak supervisions. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | information retrieval / threat intelligence / weak supervision / ATT&CK |
| Paper # | IT2020-154,ISEC2020-84,WBS2020-73 |
| Date of Issue | 2021-02-25 (IT, ISEC, WBS) |
| Conference Information | |
| Committee | WBS / IT / ISEC |
|---|---|
| Conference Date | 2021/3/4(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Joint Meeting of WBS, IT, and ISEC |
| Chair | Masanori Hamamura(Kochi Univ. of Tech.) / Tadashi Wadayama(Nagoya Inst. of Tech.) / Shoichi Hirose(Univ. of Fukui) |
| Vice Chair | Takashi Shono(INTEL) / Masahiro Fujii(Utsunomiya Univ.) / Tetsuya Kojima(Tokyo Kosen) / Tetsuya Izu(Fujitsu Labs.) / Noboru Kunihiro(Tsukuba Univ.) |
| Secretary | Takashi Shono(Okayama Univ. of Science) / Masahiro Fujii(National Defence Academy) / Tetsuya Kojima(Yamaguchi Univ.) / Tetsuya Izu(Saga Univ.) / Noboru Kunihiro(Tsukuba Univ.) |
| Assistant | Duong Quang Thang(NAIST) / Masafumi Moriyama(NICT) / Masayuki Kinoshita(Chiba Univ. of Tech.) / Takahiro Ohta(Senshu Univ.) / Kazuki Yoneyama(Ibaraki Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Wideband System / Technical Committee on Information Theory / Technical Committee on Information Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Information retrieval for security reports using behavior of cyber attacker |
| Sub Title (in English) | |
| Keyword(1) | information retrieval |
| Keyword(2) | threat intelligence |
| Keyword(3) | weak supervision |
| Keyword(4) | ATT&CK |
| 1st Author's Name | Yuki Kawaguchi |
| 1st Author's Affiliation | NTT Secure Platform Labratory(NTT) |
| 2nd Author's Name | Mayo Yamasaki |
| 2nd Author's Affiliation | NTT Secure Platform Labratory(NTT) |
| Date | 2021-03-05 |
| Paper # | IT2020-154,ISEC2020-84,WBS2020-73 |
| Volume (vol) | vol.120 |
| Number (no) | IT-410,ISEC-411,WBS-412 |
| Page | pp.pp.257-264(IT), pp.257-264(ISEC), pp.257-264(WBS), |
| #Pages | 8 |
| Date of Issue | 2021-02-25 (IT, ISEC, WBS) |