English
Related papers

Related papers: EXTRACTOR: Extracting Attack Behavior from Threat …

200 papers

Effective Cyber Threat Intelligence (CTI) relies upon accurately structured and semantically enriched information extracted from cybersecurity system logs. However, current methodologies often struggle to identify and interpret malicious…

Cryptography and Security · Computer Science 2026-04-28 Luca Cotti , Anisa Rula , Devis Bianchini , Federico Cerutti

In order to understand the overall picture of cyber attacks and to identify the source of cyber attacks, a method to identify malicious activities by automatically creating a graph that ties together the dependencies of a series of related…

Cryptography and Security · Computer Science 2025-03-26 Taishin Saito

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data…

Information Retrieval · Computer Science 2015-04-17 Corinne L. Jones , Robert A. Bridges , Kelly Huffer , John Goodall

Advanced Persistent Threats (APTs) remain difficult to detect due to their stealthy nature and long-term persistence. To tackle this challenge, provenance-based threat hunting has gained traction as a proactive defense mechanism. This…

Cryptography and Security · Computer Science 2026-03-23 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tiantian Zhu , Tieming Chen

Nowadays, threat reports from cybersecurity vendors incorporate detailed descriptions of attacks within unstructured text. Knowing vulnerabilities that are related to these reports helps cybersecurity researchers and practitioners…

Cryptography and Security · Computer Science 2024-07-12 Refat Othman , Bruno Rossi , Russo Barbara

Timely analysis of cyber-security information necessitates automated information extraction from unstructured text. While state-of-the-art extraction methods produce extremely accurate results, they require ample training data, which is…

Information Retrieval · Computer Science 2014-06-11 Robert A. Bridges , Corinne L. Jones , Michael D. Iannacone , Kelly M. Testa , John R. Goodall

Cyber Threat Intelligence (CTI) reports are factual records compiled by security analysts through their observations of threat events or their own practical experience with attacks. In order to utilize CTI reports for attack detection,…

Cryptography and Security · Computer Science 2024-10-16 Wenrui Cheng , Tiantian Zhu , Tieming Chen , Qixuan Yuan , Jie Ying , Hongmei Li , Chunlin Xiong , Mingda Li , Mingqi Lv , Yan Chen

The objectives of cyberattacks are becoming sophisticated, and attackers are concealing their identity by masquerading as other attackers. Cyber threat intelligence (CTI) is gaining attention as a way to collect meaningful knowledge to…

Cryptography and Security · Computer Science 2019-10-08 Daegeon Kim , Huy Kang Kim

Information on cyber-related crimes, incidents, and conflicts is abundantly available in numerous open online sources. However, processing the large volumes and streams of data is a challenging task for the analysts and experts, and entails…

Cryptography and Security · Computer Science 2022-08-03 Tuomas Takko , Kunal Bhattacharya , Martti Lehto , Pertti Jalasvirta , Aapo Cederberg , Kimmo Kaski

Textual descriptions in cyber threat intelligence (CTI) reports, such as security articles and news, are rich sources of knowledge about cyber threats, crucial for organizations to stay informed about the rapidly evolving threat landscape.…

Cryptography and Security · Computer Science 2025-04-22 Yutong Cheng , Osama Bajaber , Saimon Amanuel Tsegai , Dawn Song , Peng Gao

Dark web crawling is a complex process that involves specific methodologies and techniques to navigate the Tor network and extract data from hidden services. This study proposes a general dark web crawler designed to extract pages handling…

Cryptography and Security · Computer Science 2024-05-13 Daniel De Pascale , Giuseppe Cascavilla , Damian A. Tamburri , Willem-Jan Van Den Heuvel

Endpoint Detection and Response (EDR) solutions embrace the method of attack provenance graph to discover unknown threats through system event correlation. However, this method still faces some unsolved problems in the fields of…

Cryptography and Security · Computer Science 2026-02-18 Peilun Wu , Nan Sun , Nour Moustafa , Youyang Qu , Ming Ding

Cyber Threat Intelligence (CTI) has emerged as a vital complementary approach that operates in the early phases of the cyber threat lifecycle. CTI involves collecting, processing, and analyzing threat data to provide a more accurate and…

Cryptography and Security · Computer Science 2026-05-25 Samaneh Shafee , Alysson Bessani , Pedro M. Ferreira

Monitoring the threat landscape to be aware of actual or potential attacks is of utmost importance to cybersecurity professionals. Information about cyber threats is typically distributed using natural language reports. Natural language…

Computation and Language · Computer Science 2024-04-12 Lukas Lange , Marc Müller , Ghazaleh Haratinezhad Torbati , Dragan Milchevski , Patrick Grau , Subhash Pujari , Annemarie Friedrich

In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats (APTs) is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and…

Cryptography and Security · Computer Science 2025-07-11 Faissal Ahmadou , Sepehr Ghaffarzadegan , Boubakr Nour , Makan Pourzandi , Mourad Debbabi , Chadi Assi

The extraction of cyber threat intelligence (CTI) from open sources is a rapidly expanding defensive strategy that enhances the resilience of both Information Technology (IT) and Operational Technology (OT) environments against large-scale…

Cryptography and Security · Computer Science 2024-02-16 Prasasthy Balasubramanian , Sadaf Nazari , Danial Khosh Kholgh , Alireza Mahmoodi , Justin Seby , Panos Kostakos

Organizations are increasingly targeted by Advanced Persistent Threats (APTs), which involve complex, multi-stage tactics and diverse techniques. Cyber Threat Intelligence (CTI) sources, such as incident reports and security blogs, provide…

Cryptography and Security · Computer Science 2025-04-09 Sofia Della Penna , Roberto Natella , Vittorio Orbinato , Lorenzo Parracino , Luciano Pianese

Cyber threat intelligence (CTI) is practical real-world information that is collected with the purpose of assessing threats in cyber-physical systems (CPS). A practical notation for sharing CTI is STIX. STIX offers facilities to create,…

Cryptography and Security · Computer Science 2022-05-13 Ricardo M. Czekster , Roberto Metere , Charles Morisset

Cyber Threat Intelligence (CTI) reporting is pivotal in contemporary risk management strategies. As the volume of CTI reports continues to surge, the demand for automated tools to streamline report generation becomes increasingly apparent.…

Cryptography and Security · Computer Science 2023-10-05 Filippo Perrina , Francesco Marchiori , Mauro Conti , Nino Vincenzo Verde

Provenance analysis based on system audit data has emerged as a fundamental approach for investigating Advanced Persistent Threat (APT) attacks. Due to the high concealment and long-term persistence of APT attacks, they are only represented…

Cryptography and Security · Computer Science 2025-10-28 Qi Sheng