Abstract
Cyber Threat Intelligence (CTI) provides a structured and interconnected model for threat information through Cybersecurity Knowledge Graphs. This allows researchers and practitioners to represent and organize complex relationships and entities in a more coherent form. Above all, the discovery of hidden relationships between different CTI entities, such as threat actors, malware, infrastructure, and attacks, is becoming a crucial task in this domain, facilitating proactive defense measures and helping to identify Tactics, Techniques, and Procedures (TTPs) employed by malicious parties. In this paper, we provide a Systematization of Knowledge (SoK) to analyze the existing literature and give insights into the important CTI task of Relation Extraction. In particular, we design a categorization of the relations used in CTI; we analyze the techniques employed for their extraction, the emerging trends and open issues in this context, and the main future directions. This work provides a novel and fresh perspective that can help the reader understand how relationships among entities can be schematized to provide a better view of the cyber threat landscape.
| Lingua originale | Inglese |
|---|---|
| Pagine | 348-363 |
| Numero di pagine | 16 |
| DOI | |
| Stato di pubblicazione | Pubblicato - 2024 |
| Evento | International conference on Natural language and information systems (NLDB) - Torino Durata: 1 gen 2024 → … |
???event.eventtypes.event.conference???
| ???event.eventtypes.event.conference??? | International conference on Natural language and information systems (NLDB) |
|---|---|
| Città | Torino |
| Periodo | 1/01/24 → … |
Keywords
- relation extraction
- large language model
- dependancy parsing
- cyber threat intelligence
- entities