Open this publication in new window or tab >>2022 (English)In: 2022 IEEE 38TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE 2022), Institute of Electrical and Electronics Engineers (IEEE) , 2022, p. 3158-3161Conference paper, Published paper (Refereed)
Abstract [en]
Open-source cyber threat intelligence (OSCTI) provides a form of evidence-based knowledge about cyber threats, enabling businesses to gain visibility into the fast-evolving threat landscape. Despite the pressing need for high-fidelity threat knowledge, existing cyber threat knowledge acquisition systems have primarily focused on providing low-level, isolated indicators. These systems have ignored the rich higher-level threat knowledge entities and their relationships presented in OSCTI reports, and do not provide a flexible and intuitive way for threat analysts to acquire the desired knowledge. To bridge the gap, we propose THREATQA, a system that facilitates cyber threat knowledge acquisition via knowledge base question answering. Particularly, THREATQA uses a combination of AI-based techniques to (1) automatically harvest comprehensive knowledge about trending threats from massive OSCTI reports from various sources and construct a large threat knowledge base, and (2) intelligently respond to an input natural language threat knowledge acquisition question by fetching the answer from the threat knowledge base via question answering.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2022
Series
IEEE International Conference on Data Engineering, ISSN 1084-4627
National Category
Computer Sciences
Identifiers
urn:nbn:se:kth:diva-321012 (URN)10.1109/ICDE53745.2022.00287 (DOI)000855078403022 ()2-s2.0-85136370670 (Scopus ID)
Conference
38th IEEE International Conference on Data Engineering (ICDE), MAY 09-11, 2022, ELECTR NETWORK
Note
Part of proceedings: ISBN 978-1-6654-0883-7
QC 20221104
2022-11-042022-11-042022-11-04Bibliographically approved