| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 詹德蘭 | zh_TW |
| DC.creator | Vaitheeshwari Rajendran | en_US |
| dc.date.accessioned | 2025-1-22T07:39:07Z | |
| dc.date.available | 2025-1-22T07:39:07Z | |
| dc.date.issued | 2025 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=110582609 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 网?威?情?(CTI)?告提供了?网?安全威?和攻?的重要?解,但由于?些?告的复?性和?微差?,提取??因果因素和优先排序攻?技?仍然具有挑?性。??的方法面??如缺乏???据和?告中不一致的??使用等??。?了解??些挑?,我?提出了TRACE(技??系分析和因果因素提取),?是一种利用CTI?告提取与?抗技?相?的因果因素并生成?合因果?的新框架。TRACE?合了模式提取和??方法,克服了?有方法的局限性。利用增?知?映射和深度??技?的基于句子的?向??器表示??器(SBERT)嵌入,TRACE在?告中??并建模攻?技?之?的因果?系。我?在CTI?告?据集上?行的??表明,TRACE在??因果因素方面表?出色,F1得分?0.87。
在TRACE成功的基?上,我?引入了FOCUS(?略分析下的网?安全优化框架),?是一?旨在优先排序CTI?告中的攻?技?的精?框架。FOCUS利用SecureBERT模型和?有?件?机?(CRF)?的BiLSTM分?器?分析妥?指?(IoC),并?攻?技?和通用弱?枚?(CWE)?体?行句子???。我?的方法包括提取???、注?句子以及??与IoC相?的句子?行??。在?CTI?告中提取?体方面,FOCUS取得了卓越的F1得分90%,?著提升了??分析方法,通?有效分析超?930份?告?优先排序网?威?。我?基于?体的???系?建?体的?序流,并提出了七?度量?准??算CTI?告中技?的重要性。?种复?的方法?合了??分析和定性?估,以?算威?优先?,提供一??洁、优先的威?清?,以支持更有效的网?安全策略。 | zh_TW |
| dc.description.abstract | Cyber Threat Intelligence (CTI) reports provide critical insights into cybersecurity threats and attacks, yet extracting key causal factors and prioritizing attack techniques remains challenging due to the complexity and nuances of these reports. Traditional methodologies grapple with issues such as the lack of labeled data and inconsistent vocabulary usage across reports. To address these challenges, we propose TRACE (Technique Relationship Analysis and Causal Factor Extraction). This novel framework leverages CTI reports to extract causal factors related to adversarial techniques and generate a comprehensive causal graph. TRACE combines pattern extraction and tagging methods to overcome the limitations of existing approaches. Utilizing Sentence-based BERT embeddings enhanced with knowledge mappings and deep learning techniques, TRACE discovers and models causal relationships between attack techniques in the reports. Our experiments on a dataset of CTI reports demonstrated TRACE′s superior performance with a 0.87 F1 score in predicting causal factors.
Building on the success of TRACE, we introduce FOCUS (Framework for Optimizing Cybersecurity Under Strategic Analysis), a streamlined framework designed to prioritize attack techniques within CTI reports. FOCUS leverages the SecureBERT model and a BiLSTM classifier with a Conditional Random Fields layer to analyze Indicators of Compromise (IoC) and perform sentence-level prediction of attack techniques and Common Weakness Enumeration (CWE) entities. Our method involves extracting keywords, annotating sentences, and tagging IoC-associated sentences for training. Achieving an exceptional F1 score of 90% in entity extraction from CTI reports, FOCUS significantly enhances traditional analytical methods by effectively analyzing over 930 reports to prioritize cyber threats. We create a sequential flow of entities based on their temporal relations and propose seven metrics to calculate the significance of a technique in the CTI report. This sophisticated method combines both statistical analysis and qualitative assessments to calculate threat priorities, providing a concise, prioritized list of threats to support more effective cybersecurity strategies. | en_US |
| DC.subject | 攻?优先? | zh_TW |
| DC.subject | 因果分析 | zh_TW |
| DC.subject | 通用弱?枚?(CWE) | zh_TW |
| DC.subject | CTI | zh_TW |
| DC.subject | ?据?件 | zh_TW |
| DC.subject | IoC分析 | zh_TW |
| DC.subject | MITRE ATT&CK技? | zh_TW |
| DC.subject | MITRE?据源 | zh_TW |
| DC.subject | SecureBERT | zh_TW |
| DC.subject | Attack prioritization | en_US |
| DC.subject | causal analysis | en_US |
| DC.subject | Common Weakness Enumeration (CWE) | en_US |
| DC.subject | CTI | en_US |
| DC.subject | data components | en_US |
| DC.subject | IoC analysis | en_US |
| DC.subject | MITRE ATT&CK techniques | en_US |
| DC.subject | MITRE data source | en_US |
| DC.subject | SecureBERT | en_US |
| DC.title | Advanced Cyber Threat Intelligence Analysis – From Relationship Mapping to Threat Prioritization | en_US |
| dc.language.iso | en_US | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |