Author(s):
Journal
Association for Computing Machinery (ACM)
Abstract
Cybersecurity researchers have contributed to the automated extraction of CTI from textual sources, such as threat reports and online articles describing cyberattack strategies, procedures, and tools. The goal of this article is to aid cybersecurity researchers in understanding the current techniques used for cyberthreat intelligence extraction from text through a survey of relevant studies in the literature.
Concluding remarks
Our work finds 11 types of extraction purposes and 7 types of textual sources for CTI extraction. We observe the technical challenges associated with obtaining available clean and labeled data for replication, validation, and further extension of the studies. We advocate for building upon the current CTI extraction work to help cybersecurity practitioners with proactive decision-making such as in threat prioritization and mitigation strategy formulation to utilize knowledge from past cybersecurity incidents.
Reference details
DOI
10.1145/3571726
Resource type
Journal Article
Year of Publication
2023
ISSN Number
0360-0300
Publication Area
Cybersecurity and defense
Date Published
2023-03-02
How to cite this reference:
Rahman, M. R., Hezaveh, R. M., & Williams, L. (2023). What Are the Attackers Doing Now? Automating Cyberthreat Intelligence Extraction from Text on Pace with the Changing Threat Landscape: A Survey. Association for Computing Machinery (ACM). https://doi.org/10.1145/3571726 (Original work published)