COMAT: 基於MITRE ATT&CK框架的資安本體庫

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：36

、訪客IP：3.138.119.50

姓名

廖子杰(ZIJIE LIAO) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

COMAT: 基於MITRE ATT&CK框架的資安本體庫
(COMAT: A Cybersecurity Ontology based on MITRE ATT&CK)

相關論文

★ 具多重樹狀結構之可靠性群播傳輸	★ 在嵌入式行動裝置上設計與開發跨平台Widget
★ 在 ARM 架構之嵌入式系統上實作輕量化的手持多媒體播放裝置圖形使用者介面函式庫	★ 基於網路行動裝置所設計可擴展的服務品質感知GStreamer模組
★ 針對行動網路裝置開發可擴展且跨平台之GSM/HSDPA引擎	★ 於單晶片多媒體裝置進行有效率之多格式解碼管理
★ IMS客戶端設計與即時通訊模組研發：個人資訊交換模組與即時訊息模組實作	★ 在可攜式多媒體裝置上實作人性化的嵌入式小螢幕網頁瀏覽器
★ 以IMS為基礎之及時語音影像通話引擎的實作:使用開放原始碼程式庫	★ 電子書嵌入式開發: 客制化下載服務實作, 資料儲存管理設計
★ 於數位機上盒實現有效率訊框參照處理與多媒體詮釋資料感知的播放器設計	★ 具數位安全性的電子書開發：有效率的更新模組與資料庫實作
★ 適用於異質無線寬頻系統的新世代IMS客戶端軟體研發	★ 在可攜式數位機上盒上設計並實作重配置的圖形使用者介面
★ Friendly GUI design and possibility support for E-book Reader based Android client	★ Effective GUI Design and Memory Usage Management for Android-based Services

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

MITRE ATT&CK 是一個全球可訪問的基於真實世界觀察的對手戰術和技術知識庫。這些收集到的知識可以詳細代表整個攻擊殺傷鏈階段的駭客組織、惡意軟體、戰術和技術的信息，並有助於對網絡威脅情報(CTI) 技術的調查。然而， MITRE 提供取得資訊的方式: Website、Navigator 不足以搜索複雜的相關信息，以至於花費大量的時間與人力在查尋。在本文中，我們提出了一種基於 MITRE ATT&CK 框架的資安本體庫，能夠有效地獲取資安的相關知識，並且，我們根據安全研究人員可能的需求，提供推理路徑，以深入分析資安威脅情資(CTI)的技術，並設計了基於惡意軟體、組織和技術的正向查詢與反向查詢，以更有效地生成完整的情報。

摘要(英)

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. These collected data uncover the information about adversary group, software, tactic, and technique that can represent whole kill chain phases in detail, and facilitate the investigation of cyber threat intelligence (CTI) techniques. However, the existed interfaces of ATT&CK such as website and Navigator are not enough to search for complex related information. In this paper, we present an ontology based on MITRE ATT&CK to efficiently gain the knowledge. Based on the requirement of security researchers, we derive inference paths to infer techniques that are leveraged to deeply analyze the technology of CTI, and we also design forward- and backward- query based on software, group and technique that are of great significance to the security domain for generating the completed intelligence more efficiency.

關鍵字(中)

★ MITRE ATT&CK
★ 資訊萃取
★ 本體庫

關鍵字(英)

★ MITRE ATT&CK
★ Information Extraction
★ Ontology

論文目次

摘要i
Abstract ii
致謝iii
1 Introduction 1
2 BACKGROUND AND RELATED WORK 5
2.1 MITRE ATT&CK FRAMEWORK . . . . . . . . . . . . . . . . . . . 5
2.2 ONTOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 Information extraction in cybersecurity . . . . . . . . . . . . . . . 6
2.4 RELATED WORK . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3 PROBLEM FORMULATION 11
4 METHODOLOGY 13
4.1 Construct ontology . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1.1 Define ontology entities . . . . . . . . . . . . . . . . . . . . 13
4.1.2 Data extraction . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2 Ontology inference . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.2.1 Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2.2 Technique inference . . . . . . . . . . . . . . . . . . . . . . 20
5 EVALUATION 22
5.1 Performance on Technique Inference . . . . . . . . . . . . . . . . . 22
5.1.1 Dataset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.1.2 Evaluation Metrics . . . . . . . . . . . . . . . . . . . . . . . 23
5.1.3 Technique Inference Performance . . . . . . . . . . . . . . 24
5.2 Ontology Component . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.3 Ontology Functionality . . . . . . . . . . . . . . . . . . . . . . . . . 26
5.3.1 Complex Query . . . . . . . . . . . . . . . . . . . . . . . . . 26
5.3.2 Forward- and Backward-query . . . . . . . . . . . . . . . . 26
6 CONCLUSION AND FUTURE WORKS 29
Bibliography 30

參考文獻

[1] Multibillion-dollar Equinix is the latest data-center firm to face ransomware incident.
URL: https://www.cyberscoop.com/equinix-ransomwaredata-
centers/.
[2] 7 worst security breaches of 2021 (so far). URL: https : / / resources .
infosecinstitute.com/topic/7-worst-security-breachesof-
2021-so-far/.
[3] Water companies are increasingly uninsurable due to ransomware, industry execs
say. URL: https://www.cyberscoop.com/water-industryransomware-
insurance/?category_news=money.
[4] Iranian steel facilities suffer apparent cyberattacks. URL: https : / / www .
cyberscoop . com / iran - cyberattack - israel - hacktivist -
steel-ics/.
[5] Zhenyuan Li et al. “AttacKG: Constructing Technique Knowledge
Graph from Cyber Threat Intelligence Reports”. In: arXiv preprint
arXiv:2111.07093 (2021).
[6] Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., &
Thomas, C. B. (2018). MITRE ATT&CK: Design and Philosophy. URL: https:
//www.mitre.org/sites/default/files/publications/pr-
18-0944-11-mitre-attack-design-and-philosophy.pdf.
[7] Lockheed Martin. Gaining the Advantage: Applying Cyber Kill Chain Methodology
to Network Defense. Lockheed Martin Corporation, 2015. URL: https:
/ / www . lockheedmartin . com / en - us / capabilities / cyber /
cyber-kill-chain.html.
[8] https://cve.mitre.org/. URL: https://cve.mitre.org/.
[9] Aritran Piplai et al. “Creating cybersecurity knowledge graphs from malware
after action reports”. In: IEEE Access 8 (2020), pp. 211691–211703.
[10] Peng Gao et al. “Enabling efficient cyber threat hunting with cyber threat
intelligence”. In: 2021 IEEE 37th International Conference on Data Engineering
(ICDE). IEEE. 2021, pp. 193–204.
[11] TTP Cyber Security. (accessed 05.03.2022). URL: https : / / www .
trustnetinc.com/ttp-cyber-security/.
30
[12] MITRE. ATT&CKR Navigator. 2022. URL: https : / / github . com /
mitre-attack/attack-navigator.
[13] Nidhi Rastogi et al. “Malont: An ontology for malware threat intelligence”.
In: International Workshop on Deployable Machine Learning for Security
Defense. Springer. 2020, pp. 28–44.
[14] Ghaith Husari et al. “TTPDrill: Automatic and Accurate Extraction of
Threat Actions from Unstructured Text of CTI Sources”. In: Proceedings
of the 33rd Annual Computer Security Applications Conference. ACSAC 2017.
Orlando, FL, USA: Association for Computing Machinery, 2017, 103–115.
ISBN: 9781450353458. DOI: 10.1145/3134600.3134646. URL: https:
//doi.org/10.1145/3134600.3134646.
[15] Zareen Syed et al. “UCO: A unified cybersecurity ontology”. In:Workshops
at the thirtieth AAAI conference on artificial intelligence. 2016.
[16] Sudip Mittal et al. “Cybertwitter: Using twitter to generate alerts for cybersecurity
threats and vulnerabilities”. In: 2016 IEEE/ACM International
Conference on Advances in Social Networks Analysis and Mining (ASONAM).
IEEE. 2016, pp. 860–867.
[17] Yali Gao et al. “Hincti: A cyber threat intelligence modeling and identification
system based on heterogeneous information network”. In: IEEE
Transactions on Knowledge and Data Engineering (2020).
[18] Yishuai Zhao, Bo Lang, and Ming Liu. “Ontology-based unified model for
heterogeneous threat intelligence integration and sharing”. In: 2017 11th
IEEE International Conference on Anti-counterfeiting, Security, and Identification
(ASID). IEEE. 2017, pp. 11–15.
[19] MITretrieval: Retrieving MITRE Techniques from Unstructured CTI Reports by
Fusion of Ontology and DL method.
[20] George A Miller. “WordNet: a lexical database for English”. In: Communications
of the ACM 38.11 (1995), pp. 39–41.
[21] Soren Auer et al. “Dbpedia: A nucleus for a web of open data”. In: The
semantic web. Springer, 2007, pp. 722–735.
[22] Gene Ontology Consortium. “The Gene Ontology (GO) database and informatics
resource”. In: Nucleic acids research 32.suppl_1 (2004), pp. D258–
D261.
[23] Hamish Cunningham. “Information extraction, automatic”. In: Encyclopedia
of language and linguistics, 3.8 (2005), p. 10.
[24] Christopher D Manning et al. “The Stanford CoreNLP natural language
processing toolkit”. In: Proceedings of 52nd annual meeting of the association
for computational linguistics: system demonstrations. 2014, pp. 55–60.
31
[25] Marie-Catherine De Marneffe and Christopher D Manning. Stanford typed
dependencies manual. Tech. rep. Technical report, Stanford University, 2008.
[26] Kiavash Satvat, Rigel Gjomemo, and VN Venkatakrishnan. “EXTRACTOR:
extracting attack behavior from threat reports”. In: 2021 IEEE European
Symposium on Security and Privacy (EuroS&P). IEEE. 2021, pp. 598–
615.
[27] Alireza Mansouri, Lilly Suriani Affendey, and Ali Mamat. “Named entity
recognition approaches”. In: International Journal of Computer Science and
Network Security 8.2 (2008), pp. 339–344.
[28] Matt Gardner et al. “Allennlp: A deep semantic natural language processing
platform”. In: arXiv preprint arXiv:1803.07640 (2018).
[29] Daniel Jurafsky & James H. Martin. Speech and Language Processing. 2019.
[30] Xiaojing Liao et al. “Acing the ioc game: Toward automatic discovery and
analysis of open-source cyber threat intelligence”. In: Proceedings of the
2016 ACM SIGSAC Conference on Computer and Communications Security.
2016, pp. 755–766.
[31] MITRE. ATT&CKR STIX Data. 2022. URL: https : / / github . com /
mitre-attack/attack-stix-data.
[32] Common types of malware defined by Microsoft. URL: https : / / docs .
microsoft . com / en - us / microsoft - 365 / security /
intelligence / malware - naming ? view = o365 - worldwide #
family.
[33] Nils Reimers and Iryna Gurevych. “Sentence-bert: Sentence embeddings
using siamese bert-networks”. In: arXiv preprint arXiv:1908.10084 (2019).
[34] JimWebber. “A programmatic introduction to neo4j”. In: Proceedings of the
3rd annual conference on Systems, programming, and applications: software for
humanity. 2012, pp. 217–218.

指導教授

吳曉光(Eric Hsiao-kuang Wu)

審核日期

2022-8-3

推文