| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 陳柊瑄 | zh_TW |
| DC.creator | Chung-Hsuan Chen | en_US |
| dc.date.accessioned | 2022-8-3T07:39:07Z | |
| dc.date.available | 2022-8-3T07:39:07Z | |
| dc.date.issued | 2022 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=109522134 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 隨著資安事件的層出不窮,網路威脅情資(CTI)已經被廣泛地用來作為了解與 抵禦威脅的一個重要方法,而這類情資常常以非結構化的文章方式來分享也稱作 情資威脅報告,通常在這類報告中會隱含著許多威脅組織的重要資訊像是攻擊行 為 與 攻 擊 模 式 , MITRE ATT&CK 提 供 了 一 個 定 義 了 tactic, technique, 與 procedure(TTP)的框架,防禦者可透過 TTP 了解威脅的目的與手法進而進行滲透 測試或模擬在他們的系統上,然而 TTP 幾乎都被隱藏在情資威脅報告中,要透過 人工的方法閱讀過越來越多的情資威脅報告是非常耗時耗人力的,然而現今研究 因為忽視了語意的相依性與標注資料的稀缺問題導致表現不如預期,因此在本研 究中我們提出一套自動化的情資威脅報告分類系統 MITREtrieval 來將情資威脅 報告中的技術取出,本系統透過融合深度學習與知識本體庫的方法來分類,我們 提出了以句子為基礎的 BERT 來在分類 MITRE 技術時代入語意的關係,並透過 融合知識本體庫來幫助訓練樣本數不多的 MITRE 技術,在效能方面我們將分類 問題分成 113 分類、46 分類與 23 分類來證明系統效能無論在多少分類都能夠勝 過現有研究,在 113 分類可以達到 58%的 F2 Score、62%在 46 分類與 69%在 23 分類皆勝過現有論文 15%以上,此自動分類系統可協助資安人員分類與分析情資 威脅報告並在資安專家與 MITREtrieval 合作下能更快速地產生精確的情資 | zh_TW |
| dc.description.abstract | Cyber threat intelligence(CTI) has been widely used to understand and defense proactively on incoming threat. CTIs are usually shared as unstructured reports which always implicit significant information such as threat action and attack patterns about threat actor. TTP(Technique ,Tactic ,Procedure) is representation about attacker′s goal and ways to achieve goals. Defenders can utilize TTP to comprehend attackers and perform penetration test and simulation on their system. However, TTP is often described in CTI report so that it is inefficient to read and analyze manually if there are big amount and lengthy documents. Therefore, in this paper, we propose an automatic retrieval system, MITREtrieval, to retrieve MITRE Techniques from unstructured CTI reports by fusion of ontology and deep learning. We evaluate performance on different technique thresholds to show that our system can get good performance not only on techniques that have sufficient samples but also on techniques with few ones. The result shows that MITREtrieval achieve 58% F2 score on 113 multi-label classification task, 62% on 46 multi-label classification task and 69% on 23 multi-label classification task, which outperforms state-of-the-art work. MITREtrieval can speed up the time on analyzing CTI reports manually and finally provide high quality threat intelligence to cybersecurity company. | en_US |
| DC.subject | 資訊安全 | zh_TW |
| DC.subject | 情資 | zh_TW |
| DC.subject | MITRE ATT&CK | zh_TW |
| DC.subject | 自然語言處理 | zh_TW |
| DC.subject | 深度學習 | zh_TW |
| DC.subject | 知識本體庫 | zh_TW |
| DC.subject | Cybersecurity, | en_US |
| DC.subject | Threat Intelligence, | en_US |
| DC.subject | MITRE ATT&CK | en_US |
| DC.subject | Natural Language Processing | en_US |
| DC.subject | Deep Learning | en_US |
| DC.subject | Ontology | en_US |
| DC.title | MITREtrieval: 藉由融合深度學習與知識本體庫 的情資威脅報告之 MITRE 技術分類 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | MITREtrieval: Retrieving MITRE Techniques from Unstructured Threat Reports by Fusion of Deep Learning and Ontology | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |