Extractor: Extracting attack behavior from threat reports
The knowledge on attacks contained in Cyber Threat Intelligence (CTI) reports is very
important to effectively identify and quickly respond to cyber threats. However, this …
important to effectively identify and quickly respond to cyber threats. However, this …
Automated retrieval of att&ck tactics and techniques for cyber threat reports
Over the last years, threat intelligence sharing has steadily grown, leading cybersecurity
professionals to access increasingly larger amounts of heterogeneous data. Among those …
professionals to access increasingly larger amounts of heterogeneous data. Among those …
Poirot: Aligning attack behavior with kernel audit records for cyber threat hunting
Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might
have compromised an enterprise network for a long time without being discovered. To have …
have compromised an enterprise network for a long time without being discovered. To have …
{ATLAS}: A sequence-based learning approach for attack investigation
Advanced Persistent Threats (APT) involve multiple attack steps over a long period, and
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
their investigation requires analysis of myriad logs to identify their attack steps, which are a …
Tactical provenance analysis for endpoint detection and response systems
Endpoint Detection and Response (EDR) tools provide visibility into sophisticated intrusions
by matching system events against known adversarial behaviors. However, current solutions …
by matching system events against known adversarial behaviors. However, current solutions …
AttacKG: Constructing technique knowledge graph from cyber threat intelligence reports
Cyber attacks are becoming more sophisticated and diverse, making attack detection
increasingly challenging. To combat these attacks, security practitioners actively summarize …
increasingly challenging. To combat these attacks, security practitioners actively summarize …
{AIRTAG}: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts
The success of deep learning (DL) techniques has led to their adoption in many fields,
including attack investigation, which aims to recover the whole attack story from logged …
including attack investigation, which aims to recover the whole attack story from logged …
Preventing poisoning attacks on AI based threat intelligence systems
As AI systems become more ubiquitous, securing them becomes an emerging challenge.
Over the years, with the surge in online social media use and the data available for analysis …
Over the years, with the surge in online social media use and the data available for analysis …
Ttpdrill: Automatic and accurate extraction of threat actions from unstructured text of cti sources
With the rapid growth of the cyber attacks, sharing of cyber threat intelligence (CTI) becomes
essential to identify and respond to cyber attack in timely and cost-effective manner …
essential to identify and respond to cyber attack in timely and cost-effective manner …
A system for automated open-source threat intelligence gathering and management
To remain aware of the fast-evolving cyber threat landscape, open-source Cyber Threat
Intelligence (OSCTI) has received growing attention from the community. Commonly …
Intelligence (OSCTI) has received growing attention from the community. Commonly …