Show simple item record

dc.contributor.authorBo, T
dc.contributor.authorChen, Y
dc.contributor.authorWang, C
dc.contributor.authorZhao, Y
dc.contributor.authorLam, KY
dc.contributor.authorChi, CH
dc.contributor.authorTian, H
dc.description.abstractThreat profiling helps reveal the current trends of attacks, and underscores the significance of specific vulnerabilities, hence serves as the means for providing an early warning of potential attacks. However, the existing approaches on threat profiling models are mainly rule-based and depend on the domain experts’ knowledge, which limit their applicability in the automated processing of cyber threat information from heterogeneous sources, e.g. the cyber threat intelligence information from open sources. The threat profiling models based on analytic approaches, on the other hand, are potentially capable of automatically discovering the hidden patterns from a massive volume of information. This paper proposes to apply the data analytic approaches to develop the threat profiling models in order to identify the potential threats by analyzing a large number of cyber threat intelligence reports from open sources, extract information from the cyber threat intelligence reports, and represent them in a structure that facilitates the automated risk assessment, and hence achieve the early warning of likely cyber attacks. We introduce the Threat Operating Model (TOM) which captures important information of the identified cyber threats, while can be implemented as an extension of the Structured Threat Information eXpression (STIX). Both the matrix-decomposition based semi-supervised method and the term frequency based unsupervised method are proposed. The experiment results demonstrate a fairly effectiveness (accuracy around 0.8) and a robust performance w.r.t different temporal periods.
dc.relation.ispartofconferencename15th International Conference on Advanced Data Mining and Applications (ADMA 2019)
dc.relation.ispartofconferencetitleLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
dc.relation.ispartoflocationDalian, China
dc.relation.ispartofseriesLecture Notes in Computer Science
dc.subject.fieldofresearchSoftware engineering
dc.subject.fieldofresearchInformation and computing sciences
dc.titleTOM: A Threat Operating Model for Early Warning of Cyber Security Threats
dc.typeConference output
dc.type.descriptionE1 - Conferences
dcterms.bibliographicCitationBo, T; Chen, Y; Wang, C; Zhao, Y; Lam, KY; Chi, CH; Tian, H, TOM: A Threat Operating Model for Early Warning of Cyber Security Threats, Advanced Data Mining and Applications, 2019, 11888, pp. 696-711
gro.hasfulltextNo Full Text
gro.griffith.authorWang, Can
gro.griffith.authorTian, Hui

Files in this item


There are no files associated with this item.

This item appears in the following Collection(s)

  • Conference outputs
    Contains papers delivered by Griffith authors at national and international conferences.

Show simple item record