Affiliation:
1. CREST – Centre for Research on Engineering Software Technologies, University of Adelaide, Adelaide SA, Australia and Cyber Security Cooperative Research Centre (CSCRC)
2. CREST – Centre for Research on Engineering Software Technologies, University of Adelaide, Adelaide SA, Australia
Abstract
Security Orchestration, Automation, and Response (SOAR) platforms integrate and orchestrate a wide variety of security tools to accelerate the operational activities of Security Operation Center (SOC). Integration of security tools in a SOAR platform is mostly done manually using APIs, plugins, and scripts. SOC teams need to navigate through API calls of different security tools to find a suitable API to define or update an incident response action. Analyzing various types of API documentation with diverse API format and presentation structure involves significant challenges such as data availability, data heterogeneity, and semantic variation for automatic identification of security tool APIs specific to a particular task. Given these challenges can have negative impact on SOC team’s ability to handle security incident effectively and efficiently, we consider it important to devise suitable automated support solutions to address these challenges. We propose a novel learning-based framework for automated security tool
API
R
ecommendation for security
O
rchestration, automation, and response,
APIRO
. To mitigate data availability constraint, APIRO enriches security tool API description by applying a wide variety of data augmentation techniques. To learn data heterogeneity of the security tools and semantic variation in API descriptions, APIRO consists of an API-specific word embedding model and a Convolutional Neural Network (CNN) model that are used for prediction of top three relevant APIs for a task. We experimentally demonstrate the effectiveness of APIRO in recommending APIs for different tasks using three security tools and 36 augmentation techniques. Our experimental results demonstrate the feasibility of APIRO for achieving 91.9% Top-1 Accuracy. Compared to the state-of-the-art baseline, APIRO is 26.93%, 23.03%, and 20.87% improved in terms of Top-1, Top-2, and Top-3 Accuracy and outperforms the baseline by 23.7% in terms of Mean Reciprocal Rank (MRR).
Funder
Australian Government’s Cooperative Research Centres Programme
super-computing resources provided by the Phoenix HPC service at the University of Adelaide
Publisher
Association for Computing Machinery (ACM)
Reference98 articles.
1. 2019. NLTK: Categorizing and Tagging Words. Retrieved January 13 2021 from https://www.nltk.org/book/ch05.html.
2. MISP. 2017. PyMISP - Python API. Retrieved from https://pymisp.readthedocs.io/en/latest/. Accessed March 3, 2021.
3. Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. 2016. You get where you’re looking for: The impact of information sources on code security. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 289–305.
4. Heike Adel and Hinrich Schütze. 2016. Exploring different dimensions of attention for uncertainty detection. arXiv:1612.06549. Retrieved from https://arxiv.org/abs/1612.06549.
5. Laura Bellamy, Michelle Carey, and Jenifer Schlotfeldt. 2011. DITA Best Practices: A Roadmap for Writing, Editing, and Architecting in DITA. IBM Press.
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献