The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cy...The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cyber Threat Intelligence(CTI)can facilitate APT actors’profiling for an immediate response.However,it is difficult for traditional manual methods to analyze attack behaviors from cyber threat intelligence due to its heterogeneous nature.Based on the Adversarial Tactics,Techniques and Common Knowledge(ATT&CK)of threat behavior description,this paper proposes a threat behavioral knowledge extraction framework that integrates Heterogeneous Text Network(HTN)and Graph Convolutional Network(GCN)to solve this issue.It leverages the hierarchical correlation relationships of attack techniques and tactics in the ATT&CK to construct a text network of heterogeneous cyber threat intelligence.With the help of the Bidirectional EncoderRepresentation fromTransformers(BERT)pretraining model to analyze the contextual semantics of cyber threat intelligence,the task of threat behavior identification is transformed into a text classification task,which automatically extracts attack behavior in CTI,then identifies the malware and advanced threat actors.The experimental results show that F1 achieve 94.86%and 92.15%for the multi-label classification tasks of tactics and techniques.Extend the experiment to verify the method’s effectiveness in identifying the malware and threat actors in APT attacks.The F1 for malware and advanced threat actors identification task reached 98.45%and 99.48%,which are better than the benchmark model in the experiment and achieve state of the art.The model can effectivelymodel threat intelligence text data and acquire knowledge and experience migration by correlating implied features with a priori knowledge to compensate for insufficient sample data and improve the classification performance and recognition ability of threat behavior in text.展开更多
The difficulty of extracting hidden information, which is essentially a kindof secrecy, is analyzed by information-theoretic method. The relations between key rate, messagerate, hiding capacity and difficulty of extra...The difficulty of extracting hidden information, which is essentially a kindof secrecy, is analyzed by information-theoretic method. The relations between key rate, messagerate, hiding capacity and difficulty of extraction are studied in the terms of unicity distance ofstego-key, and the theoretic conclusion is used to analyze the actual extracting attack on LeastSignificant Bit(LSB) steganographic algorithms.展开更多
This paper is based on previous quantum encryption proposed by researchers developing a scheme for cryptography using symmetric keys.This study has pointed out that the scheme consists of a pitfall that could lead to ...This paper is based on previous quantum encryption proposed by researchers developing a scheme for cryptography using symmetric keys.This study has pointed out that the scheme consists of a pitfall that could lead to a controlled-NOT(CNOT)extraction attack.A malicious user can obtain the secret message of a sender without being detected by using a sequence of single photons and a controlled-NOT gate.展开更多
基金supported by China’s National Key R&D Program,No.2019QY1404the National Natural Science Foundation of China,Grant No.U20A20161,U1836103the Basic Strengthening Program Project,No.2019-JCJQ-ZD-113.
文摘The continuous improvement of the cyber threat intelligence sharing mechanism provides new ideas to deal with Advanced Persistent Threats(APT).Extracting attack behaviors,i.e.,Tactics,Techniques,Procedures(TTP)from Cyber Threat Intelligence(CTI)can facilitate APT actors’profiling for an immediate response.However,it is difficult for traditional manual methods to analyze attack behaviors from cyber threat intelligence due to its heterogeneous nature.Based on the Adversarial Tactics,Techniques and Common Knowledge(ATT&CK)of threat behavior description,this paper proposes a threat behavioral knowledge extraction framework that integrates Heterogeneous Text Network(HTN)and Graph Convolutional Network(GCN)to solve this issue.It leverages the hierarchical correlation relationships of attack techniques and tactics in the ATT&CK to construct a text network of heterogeneous cyber threat intelligence.With the help of the Bidirectional EncoderRepresentation fromTransformers(BERT)pretraining model to analyze the contextual semantics of cyber threat intelligence,the task of threat behavior identification is transformed into a text classification task,which automatically extracts attack behavior in CTI,then identifies the malware and advanced threat actors.The experimental results show that F1 achieve 94.86%and 92.15%for the multi-label classification tasks of tactics and techniques.Extend the experiment to verify the method’s effectiveness in identifying the malware and threat actors in APT attacks.The F1 for malware and advanced threat actors identification task reached 98.45%and 99.48%,which are better than the benchmark model in the experiment and achieve state of the art.The model can effectivelymodel threat intelligence text data and acquire knowledge and experience migration by correlating implied features with a priori knowledge to compensate for insufficient sample data and improve the classification performance and recognition ability of threat behavior in text.
文摘The difficulty of extracting hidden information, which is essentially a kindof secrecy, is analyzed by information-theoretic method. The relations between key rate, messagerate, hiding capacity and difficulty of extraction are studied in the terms of unicity distance ofstego-key, and the theoretic conclusion is used to analyze the actual extracting attack on LeastSignificant Bit(LSB) steganographic algorithms.
基金supported by the Research Center of Quantum Communication and Security,National Cheng Kung University,Taiwan,China (Grant No. D100-36002)
文摘This paper is based on previous quantum encryption proposed by researchers developing a scheme for cryptography using symmetric keys.This study has pointed out that the scheme consists of a pitfall that could lead to a controlled-NOT(CNOT)extraction attack.A malicious user can obtain the secret message of a sender without being detected by using a sequence of single photons and a controlled-NOT gate.
