Paragraph-based Estimation of Cyber Kill Chain Phase from Threat Intelligence Reports

抄録

In order to keep up with the increasing number of cyberattacks, the defense tactics require timely and accurate understanding of the threats and corresponding risks. We propose a scheme for modeling threat information to extract event information from security reports on a paragraph basis and then estimate their kill chain phases. The experimental results show that the model got an average F1-score of 0.67, the average accuracy of 65% of the cyber kill chain phases and 86% of core features can be extracted by using this method.