HinCTI: A Cyber Threat Intelligence Modeling and Identification System Based on Heterogeneous Information Network

Autor: Xiaoyong Li, Hao Peng, Philip S. Yu, Yali Gao, Binxing Fang
Rok vydání: 2022
Předmět:
Zdroj: IEEE Transactions on Knowledge and Data Engineering. 34:708-722
ISSN: 2326-3865
1041-4347
Popis: A rising number of organizations are showing a growing willingness to leverage cyber threat intelligence (CTI) for obtaining a full picture of cyber threat situation. Owing to the limited labels of cyber threat infrastructure nodes involved in CTI, automatically identifying the threat type of infrastructure nodes for early warning is also challenging. To tackle these challenges, a practical system called HinCTI is developed for modeling cyber threat intelligence and identifying threat types. We first design a threat intelligence meta-schema to depict the semantic relatedness of infrastructure nodes. We then model CTI on heterogeneous information network (HIN). Following, we define a meta-path and meta-graph instances-based threat Infrastructure similarity (MIIS) measure between threat infrastructure nodes and present a MIIS measure-based heterogeneous graph convolutional network (GCN) approach to identify the threat types of infrastructure nodes involved in CTI. To the best of our knowledge, this work is the first to model CTI on HIN for threat identification and propose a heterogeneous GCN-based approach for threat type identification of infrastructure nodes. With HinCTI, comprehensive experiments are conducted on real-world datasets, and experimental results demonstrate that our proposed approach can significantly improve the performance of threat type identification compared to the existing state-of-the-art baseline methods.
Databáze: OpenAIRE
Externí odkaz: