English
Related papers

Related papers: EXTRACTOR: Extracting Attack Behavior from Threat …

200 papers

A cyber-attack is a malicious attempt by experienced hackers to breach the target information system. Usually, the cyber-attacks are characterized as hybrid TTPs (Tactics, Techniques, and Procedures) and long-term adversarial behaviors,…

Cryptography and Security · Computer Science 2021-12-17 Mingqi Lv , Chengyu Dong , Tieming Chen , Tiantian Zhu , Qijie Song , Yuan Fan

Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal.…

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources. The uncertainty about the attacker's behaviour makes Bayesian networks…

Cryptography and Security · Computer Science 2016-11-07 Luis Muñoz-González , Daniele Sgandurra , Martín Barrère , Emil Lupu

The automatic extraction of information from Cyber Threat Intelligence (CTI) reports is crucial in risk management. The increased frequency of the publications of these reports has led researchers to develop new systems for automatically…

Information Retrieval · Computer Science 2023-09-11 Francesco Marchiori , Mauro Conti , Nino Vincenzo Verde

Cyber Threat Intelligence (CTI) parsing aims to extract key threat information from massive data, transform it into actionable intelligence, enhance threat detection and defense efficiency, including attack graph construction, intelligence…

Cryptography and Security · Computer Science 2025-06-23 Yongheng Zhang , Xinyun Zhao , Yunshan Ma , Haokai Ma , Yingxiao Guan , Guozheng Yang , Yuliang Lu , Xiang Wang

Ability to effectively investigate indicators of compromise and associated network resources involved in cyber attacks is paramount not only to identify affected network resources but also to detect related malicious resources. Today, most…

Advanced Persistent Threat (APT) attacks have caused significant damage worldwide. Various Endpoint Detection and Response (EDR) systems are deployed by enterprises to fight against potential threats. However, EDR suffers from high false…

Cryptography and Security · Computer Science 2024-05-07 Tiantian Zhu , Jie Ying , Tieming Chen , Chunlin Xiong , Wenrui Cheng , Qixuan Yuan , Aohan Zheng , Mingqi Lv , Yan Chen

To remain aware of the fast-evolving cyber threat landscape, open-source Cyber Threat Intelligence (OSCTI) has received growing attention from the community. Commonly, knowledge about threats is presented in a vast number of OSCTI reports.…

Cryptography and Security · Computer Science 2021-03-02 Peng Gao , Xiaoyuan Liu , Edward Choi , Bhavna Soman , Chinmaya Mishra , Kate Farris , Dawn Song

Cybersecurity Knowledge Graphs (CKGs) unify diverse Cyber Threat Intelligence (CTI) sources into structured, queryable formats, offering scalable solutions for automating proactive and real-time security responses. Their increasing adoption…

Machine Learning · Computer Science 2026-05-18 Inoussa Mouiche , sherif Saad

This study introduces an innovative approach to automating Cyber Threat Intelligence (CTI) processes in industrial environments by leveraging Microsoft's AI-powered security technologies. Historically, CTI has heavily relied on manual…

Cryptography and Security · Computer Science 2024-10-29 Shrit Shah , Fatemeh Khoda Parast

Cyber Threat Intelligence (CTI) summarization involves generating concise and accurate highlights from web intelligence data, which is critical for providing decision-makers with actionable insights to swiftly detect and respond to cyber…

Computation and Language · Computer Science 2025-07-01 Wei Peng , Junmei Ding , Wei Wang , Lei Cui , Wei Cai , Zhiyu Hao , Xiaochun Yun

Cyber Threat Intelligence (CTI) enables organizations to anticipate, detect, and mitigate evolving cyber threats. Its effectiveness depends on high-quality datasets, which support model development, training, evaluation, and benchmarking.…

Cryptography and Security · Computer Science 2025-09-26 Dincy R. Arikkat , Sneha B. T. , Serena Nicolazzo , Antonino Nocera , Vinod P. , Rafidha Rehiman K. A. , Karthika R

Despite the high volume of open-source Cyber Threat Intelligence (CTI), our understanding of long-term threat actor-victim dynamics remains fragmented due to inconsistent reporting standards and the lack of structured datasets containing…

Cryptography and Security · Computer Science 2026-05-22 Manuel Suarez-Roman , Francesco Marchiori , Mauro Conti , Juan Tapiador

Cyber Threat hunting is a proactive search for known attack behaviors in the organizational information system. It is an important component to mitigate advanced persistent threats (APTs). However, the attack behaviors recorded in…

Cryptography and Security · Computer Science 2021-04-21 Renzheng Wei , Lijun Cai , Aimin Yu , Dan Meng

Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. However, this activity presents challenges due to the tension between data sharing and confidentiality, that…

To defend against Advanced Persistent Threats on the endpoint, threat hunting employs security knowledge such as cyber threat intelligence to continuously analyze system audit logs through retrospective scanning, querying, or pattern…

Cryptography and Security · Computer Science 2025-08-11 Mingjun Ma , Tiantian Zhu , Shuang Li , Tieming Chen , Mingqi Lv , Zhengqiu Weng , Guolang Chen

With the ever-changing landscape of cyber threats, identifying their origin has become paramount, surpassing the simple task of attack classification. Cyber threat attribution gives security analysts the insights they need to device…

Cryptography and Security · Computer Science 2025-09-16 Rimsha Kanwal , Umara Noor , Zafar Iqbal , Zahid Rashid

Cyber threat hunting is the practice of proactively searching for latent threats in a network. Engaging in threat hunting can be difficult due to the volume of network traffic, variety of adversary techniques, and constantly evolving…

Cryptography and Security · Computer Science 2025-03-10 Matthew J. Turner , Mike Carenzo , Jackie Lasky , James Morris-King , James Ross

Efficient defense against dynamically evolving advanced persistent threats (APT) requires the structured threat intelligence feeds, such as techniques used. However, existing threat-intelligence extraction techniques predominantly focuses…

Cryptography and Security · Computer Science 2025-12-23 Ming Xu , Hongtai Wang , Jiahao Liu , Xinfeng Li , Zhengmin Yu , Weili Han , Hoon Wei Lim , Jin Song Dong , Jiaheng Zhang

We present a new machine learning and text information extraction approach to detection of cyber threat events in Twitter that are novel (previously non-extant) and developing (marked by significance with respect to similarity with a…

Information Retrieval · Computer Science 2019-07-19 Avishek Bose , Vahid Behzadan , Carlos Aguirre , William H. Hsu