基于多标签机器学习的攻击技巧提取方法

Attack Technique Extraction with Multi-Label Machine Learning Method

随着网络安全防御手段的不断发展,攻击者所采取的攻击技巧正成为阻止网络攻击的重要指标。针对于各类安全产品对于攻击技巧数据的广泛需求,提出一种从开源网络安全事件报告中提取攻击技巧的方法。首先利用隐藏语义分析方法从安全事件报告中提取出关键词词组,然后通过计算关键词词组与不同攻击技巧标准的语义相似度作为分类特征,最后采用多标签机器学习算法分类出不同文章中所含有的攻击技巧。实验结果表明,所提出的攻击技巧提取率达到60%以上,在多标签机器学习领域属于令人满意的结果,在攻击技巧提取方面,具有直接和间接的参考借鉴价值。

To adopt to the rapid development of cyber threats,cyber security staffs are sharing their newly found,through the Internet,which are al⁃ways in report format.By collecting details shared in these reports,cyber security products can make the preparation in advance and pre⁃vent the advance persistent threats.Proposes an automatic extraction method to collect the attack techniques used by the adversary.By combing the semantic analysis method and multi-label machine learning method,this method achieves a considerable result.The research indicates this method can be used to extract attack techniques from open source security reports.