English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113822/144841 (79%)
Visitors : 51778528      Online Users : 628
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 商學院 > 資訊管理學系 > 學位論文 >  Item 140.119/139546
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/139546


    Title: 基於Transformer語言模型之自動化ATT&CK戰術識別
    Automatic ATT&CK Tactics Identification by Transformer-Based Language Model
    Authors: 林伶軒
    Lin, Ling-Hsuan
    Contributors: 蕭舜文
    Hsiao, Shun-Wen
    林伶軒
    Lin, Ling-Hsuan
    Keywords: 封包分析
    語言模型
    多標籤分類
    網路威脅情報
    網路安全
    MITRE ATT&CK
    Transformers
    Multi-label classification
    Threat intelligence
    Cybersecurity
    Date: 2021
    Issue Date: 2022-04-01 15:01:32 (UTC+8)
    Abstract: 隨著資安攻擊和數據洩露的迅速增加,資訊安全已成為全球關注的重要問題。人工智慧可以幫助人類自動分析攻擊,特別是分析攻擊意圖以生成威脅情報。基此,本研究旨在透過人工智慧模型自動地識別封包的攻擊意圖。我們提出一個基於 Transformer 的語言模型,藉由分析 MITRE 網站上的文章來學習戰術(意圖)和攻擊封包之間的關係。該模型嵌入一個封包並輸出一個表示封包內容及其意圖的高維向量。本研究亦建立一套標籤數據集生成流程,使用無監督學習方法生成用於訓練語言模型的標籤數據,有效減輕人工標記大數據資料集的負擔。實驗結果顯示,本研究微調的多標籤分類語言模型在識別封包攻擊戰術的 F1 分數為 1。
    Cybersecurity has become a primary global concern with the rapid increase in security attacks and data breaches. Artificial intelligence can help humans analyze attacks, specifically to generate threat intelligence. This study aims to automatically identify the intention of attack packets through an artificial intelligence model. We propose a Transformer-based language model that learns the relationship between tactics (intentions) and attack packets by analyzing the articles on the MITRE website. The model embeds a packet and outputs a high-dimensional vector representing packet content and its intent (if any). This study also establishes a label dataset generation process by using an unsupervised learning method to generate label data for training language models, effectively reducing the burden of manually labeling big data datasets. The experimental results show that the multi-label classification language model fine-tuned in this study has an F1 score of 1 for identifying packet attack tactics.
    Reference: [1] A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, u. Kaiser, and I. Polosukhin, “Attention is All You Need,” in Proceedings of the 31st International Conference on Neural Information Processing Systems, 2017.
    [2] J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, “Bert: Pre-training of deep bidirectional transformers for language understanding,” arXiv preprint arXiv:1810.04805, 2018.
    [3] B. Binde, R. McRee, and T. J. O’Connor, “Assessing outbound traffic to uncover advanced persistent threat,” SANS Institute. Whitepaper, vol. 16, 2011.
    [4] S. Morgan, “2021 Report: Cyberwarfare in the C-Suite,” Cybersecurity Ventures, Tech. Rep., January 2021.
    [5] “MITRE ATT&CK,” 2021. [Online]. Available: https://attack.mitre.org/.
    [6] R. McMillan, “Definition: Threat Intelligence,” 2013. [Online]. Available: https://www.gartner.com/en/documents/2487216
    [7] G. Husari, E. Al-Shaer, M. Ahmed, B. Chu, and X. Niu, “Ttpdrill: Automatic and accurate extraction of threat actions from unstructured text of cti sources,” in Proceedings of the 33rd Annual Computer Security Applications Conference, 2017, pp. 103–115.
    [8] G. Ayoade, S. Chandra, L. Khan, K. Hamlen, and B. Thuraisingham, “Automated threat report classification over multi-source data,” in 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC). IEEE, 2018, pp. 236–245.
    [9] T. T. Thein, Y. Ezawa, S. Nakagawa, K. Furumoto, Y. Shiraishi, M. Mohri, Y. Takano, and
    M. Morii, “Paragraph-based Estimation of Cyber Kill Chain Phase from Threat Intelligence Reports,” Journal of Information Processing, vol. 28, pp. 1025–1029, 2020.
    [10] V. Legoy, M. Caselli, C. Seifert, and A. Peter, “Automated Retrieval of ATT&CK Tactics and Techniques for Cyber Threat Reports,” arXiv preprint arXiv:2004.14322, 2020.
    [11] “Wireshark · Go Deep.” 2021. [Online]. Available: https://www.wireshark.org/.
    [12] “Snort - Network Intrusion Detection & Prevention System,” 2021. [Online]. Available: https://snort.org/.
    [13] E. M. Hutchins, M. J. Cloppert, R. M. Amin et al., “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” Leading Issues in Information Warfare & Security Research, vol. 1, no. 1, p. 80, 2011.
    [14] B. E. Strom, A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, and C. B. Thomas, “MITRE ATT&CK™: Design and Philosophy,” The MITRE Corporation, Tech. Rep., 2018.
    [15] I. Mokube and M. Adams, “Honeypots: concepts, approaches, and challenges,” in
    Proceedings of the 45th annual southeast regional conference, 2007, pp. 321–326.
    [16] “The Honeynet Project,” 1999. [Online]. Available: https://www.honeynet.org/
    [17] Y. Liu, M. Ott, N. Goyal, J. Du, M. Joshi, D. Chen, O. Levy, M. Lewis, L. Zettlemoyer, and
    V. Stoyanov, “Roberta: A robustly optimized bert pretraining approach,” arXiv preprint arXiv:1907.11692, 2019.
    [18] Z. Lan, M. Chen, S. Goodman, K. Gimpel, P. Sharma, and R. Soricut, “Albert: A lite bert for self-supervised learning of language representations,” arXiv preprint arXiv:1909.11942, 2019.
    [19] V. Sanh, L. Debut, J. Chaumond, and T. Wolf, “Distilbert, a distilled version of BERT: smaller, faster, cheaper and lighter,” arXiv preprint arXiv:1910.01108, 2019.
    [20] X. Jiao, Y. Yin, L. Shang, X. Jiang, X. Chen, L. Li, F. Wang, and Q. Liu, “Tinybert: Distilling bert for natural language understanding,” arXiv preprint arXiv:1909.10351, 2019.
    [21] J. Lee, W. Yoon, S. Kim, D. Kim, S. Kim, C. H. So, and J. Kang, “Biobert: a pre-trained biomedical language representation model for biomedical text mining,” Bioinformatics, vol. 36, no. 4, pp. 1234–1240, 2020.
    [22] K. Huang, J. Altosaar, and R. Ranganath, “Clinicalbert: Modeling clinical notes and predicting hospital readmission,” arXiv preprint arXiv:1904.05342, 2019.
    [23] I. Beltagy, K. Lo, and A. Cohan, “Scibert: A pretrained language model for scientific text,”
    arXiv preprint arXiv:1903.10676, 2019.
    [24] “Common Attack Pattern Enumeration and Classification.” [Online]. Available: https://capec.mitre.org/index.html.
    [25] S. Barnum, “Standardizing cyber threat intelligence information with the structured threat information expression (stix),” Mitre Corporation, vol. 11, pp. 1–22, 2012.
    [26] S. Caltagirone, A. Pendergast, and C. Betz, “The diamond model of intrusion analysis,” Center For Cyber Intelligence Analysis and Threat Research Hanover Md, Tech. Rep., 2013.
    [27] R.-H. Hwang, M.-C. Peng, V.-L. Nguyen, and Y.-L. Chang, “An LSTM-based deep learning approach for classifying malicious traffic at the packet level,” Applied Sciences, vol. 9, no. 16, p. 3414, 2019.
    [28] Y. Yu, H. Yan, H. Guan, and H. Zhou, “DeepHTTP: semantics-structure model with attention for anomalous HTTP traffic detection and pattern mining,” arXiv preprint arXiv:1810.12751, 2018.
    [29] L. Han, Y. Sheng, and X. Zeng, “A packet-length-adjustable attention model based on bytes embedding using flow-WGAN for smart cybersecurity,” IEEE Access, vol. 7, pp. 82 913–82 926, 2019.
    [30] T. Mikolov, I. Sutskever, K. Chen, G. Corrado, and J. Dean, “Distributed representations of words and phrases and their compositionality,” arXiv preprint arXiv:1310.4546, 2013.
    [31] E. L. Goodman, C. Zimmerman, and C. Hudson, “Packet2Vec: Utilizing Word2Vec for Feature Extraction in Packet Data,” arXiv preprint arXiv:2004.14477, 2020.
    [32] F. Dehghani, N. Movahhedinia, M. R. Khayyambashi, and S. Kianian, “Real-time traffic classification based on statistical and payload content features,” in 2010 2nd international workshop on intelligent systems and applications. IEEE, 2010, pp. 1–4.
    [33] G. Betarte, Á. Pardo, and R. Martínez, “Web application attacks detection using machine learning techniques,” in 2018 17th ieee International Conference on Machine Learning and Applications (icmla). IEEE, 2018, pp. 1065–1072.
    [34] H. Liu, B. Lang, M. Liu, and H. Yan, “CNN and RNN based payload classification methods for attack detection,” Knowledge-Based Systems, vol. 163, pp. 332–341, 2019.
    [35] e. a. Falcon, WA, “Pytorch lightning,” GitHub. Note: https://github.com/PyTorchLightning/pytorch-lightning, vol. 3, 2019.
    [36] T. Wolf, L. Debut, V. Sanh, J. Chaumond, C. Delangue, A. Moi, P. Cistac, T. Rault,
    R. Louf, M. Funtowicz, J. Davison, S. Shleifer, P. von Platen, C. Ma, Y. Jernite, J. Plu,
    C. Xu, T. L. Scao, S. Gugger, M. Drame, Q. Lhoest, and A. M. Rush, “Transformers: State-of-the-art natural language processing,” in Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations. Online: Association for Computational Linguistics, Oct. 2020, pp. 38–45. [Online]. Available: https://www.aclweb.org/anthology/2020.emnlp-demos.6
    [37] F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel,
    P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher,
    M. Perrot, and E. Duchesnay, “Scikit-learn: Machine Learning in Python,” Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011.
    [38] P. Qi, Y. Zhang, Y. Zhang, J. Bolton, and C. D. Manning, “Stanza: A Python Natural Language Processing Toolkit for Many Human Languages,” in Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics: System Demonstrations, 2020.
    Description: 碩士
    國立政治大學
    資訊管理學系
    108356038
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0108356038
    Data Type: thesis
    DOI: 10.6814/NCCU202200359
    Appears in Collections:[資訊管理學系] 學位論文

    Files in This Item:

    File Description SizeFormat
    603801.pdf7404KbAdobe PDF20View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback