An APT Event Extraction Method Based on BERT-BiGRU-CRF for APT Attack Detection-Reference-Cited by-同舟云学术

An APT Event Extraction Method Based on BERT-BiGRU-CRF for APT Attack Detection

Published:2023-08-04 Issue:15 Volume:12 Page:3349
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Xiang Ga¹,Shi Chen¹,Zhang Yangsen¹

Affiliation:

1. School of Information Management, Beijing Information Science and Technology University, Beijing 100192, China

Abstract

Advanced Persistent Threat (APT) seriously threatens a nation’s cyberspace security. Current defense technologies are typically unable to detect it effectively since APT attack is complex and the signatures for detection are not clear. To enhance the understanding of APT attacks, in this paper, a novel approach for extracting APT attack events from web texts is proposed. First, the APT event types and event schema are defined. Secondly, an APT attack event extraction dataset in Chinese is constructed. Finally, an APT attack event extraction model based on the BERT-BiGRU-CRF architecture is proposed. Comparative experiments are conducted with ERNIE, BERT, and BERT-BiGRU-CRF models, and the results show that the APT attack event extraction model based on BERT-BiGRU-CRF achieves the highest F1 value, indicating the best extraction performance. Currently, there is seldom APT event extraction research, the work in this paper contributes a new method to Cyber Threat Intelligence (CTI) analysis. By considering the multi-stages, complexity of APT attacks, and the data source from huge credible web texts, the APT event extraction method enhances the understanding of APT attacks and is helpful to improve APT attack detection capabilities.

Funder

R&D Program of Beijing Municipal Education Commission

National Natural Science Foundation of China

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/15/3349/pdf

Reference49 articles.

1. National Institute of Standards and Technology (2013). SP800—53 Managing Information Security Risks, National Institute of Standards and Technology.

2. APT attacks and defenses;Zhang;J. Tsinghua Univ. (Sci. Technol.),2017

3. Chinese CNCERT (2023, May 01). 2020 China Cybersecurity Analysis, [EB/OL]. (2021-5-26) [2021-6-4]. Available online: https://www.cert.org.cn/publish/main/upload/File/2020%20CNCERT%20Cybersecurity%20Analysis.pdf.

4. Yang, H. (2017). Research on APT Attack of Behavior Analyzing and Defense Decision. [Master’s Thesis, Information Engineering University].

5. Phase-based classification and evaluation of APT attack behaviors;Yang;Comput. Eng. Appl.,2017

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Joint Overlapping Event Extraction Model via Role Pre-Judgment with Trigger and Context Embeddings;Electronics;2023-11-18

2. An Intrusion Detection Method Based on Hybrid Machine Learning and Neural Network in the Industrial Control Field;Applied Sciences;2023-09-19

3. An edge cloud and Fibonacci-Diffie-Hellman encryption scheme for secure printer data transmission;Mathematical Biosciences and Engineering;2023