English

AttackER: Towards Enhancing Cyber-Attack Attribution with a Named Entity Recognition Dataset

Cryptography and Security 2024-08-12 v1 Artificial Intelligence

Abstract

Cyber-attack attribution is an important process that allows experts to put in place attacker-oriented countermeasures and legal actions. The analysts mainly perform attribution manually, given the complex nature of this task. AI and, more specifically, Natural Language Processing (NLP) techniques can be leveraged to support cybersecurity analysts during the attribution process. However powerful these techniques are, they need to deal with the lack of datasets in the attack attribution domain. In this work, we will fill this gap and will provide, to the best of our knowledge, the first dataset on cyber-attack attribution. We designed our dataset with the primary goal of extracting attack attribution information from cybersecurity texts, utilizing named entity recognition (NER) methodologies from the field of NLP. Unlike other cybersecurity NER datasets, ours offers a rich set of annotations with contextual details, including some that span phrases and sentences. We conducted extensive experiments and applied NLP techniques to demonstrate the dataset's effectiveness for attack attribution. These experiments highlight the potential of Large Language Models (LLMs) capabilities to improve the NER tasks in cybersecurity datasets for cyber-attack attribution.

Keywords

Cite

@article{arxiv.2408.05149,
  title  = {AttackER: Towards Enhancing Cyber-Attack Attribution with a Named Entity Recognition Dataset},
  author = {Pritam Deka and Sampath Rajapaksha and Ruby Rani and Amirah Almutairi and Erisa Karafili},
  journal= {arXiv preprint arXiv:2408.05149},
  year   = {2024}
}

Comments

Submitted to WISE 2024

R2 v1 2026-06-28T18:08:46.217Z