From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence
An average medium-sized organisation logs approx. 10 to 500 mln events per day on the system. Only less than 5% of threat alerts are being investigated by the specialised staff, leaving the security hole open for potential attacks. Insufficient information in alert message produced in machine-friend...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8960350/ |
| _version_ | 1818874541207715840 |
|---|---|
| author | Neda Afzaliseresht Yuan Miao Sandra Michalska Qing Liu Hua Wang |
| author_facet | Neda Afzaliseresht Yuan Miao Sandra Michalska Qing Liu Hua Wang |
| author_sort | Neda Afzaliseresht |
| collection | DOAJ |
| description | An average medium-sized organisation logs approx. 10 to 500 mln events per day on the system. Only less than 5% of threat alerts are being investigated by the specialised staff, leaving the security hole open for potential attacks. Insufficient information in alert message produced in machine-friendly rather than human-friendly format causes cognitive overload on currently limited cybersecurity resources. In this paper, the model that generates the report in natural language by means of applying novel storytelling techniques from security logs is proposed. The solution caters for different levels of reader expertise and preference by providing adjustable templates, filled from both local and global knowledge base. The validation is performed on case study from Security Operations Centre (SOC) at educational institution. The report generated proves superior to existing approach in terms of comprehension (increased cognition) and completeness (enriched context). The evaluation demonstrates power of storytelling in potential threats interpretation in cybersecurity context. |
| first_indexed | 2024-12-19T13:12:14Z |
| format | Article |
| id | doaj.art-1eb888f8aa884cf28a1b05b6abd19cd1 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-19T13:12:14Z |
| publishDate | 2020-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-1eb888f8aa884cf28a1b05b6abd19cd12022-12-21T20:19:54ZengIEEEIEEE Access2169-35362020-01-018190891909910.1109/ACCESS.2020.29667608960350From logs to Stories: Human-Centred Data Mining for Cyber Threat IntelligenceNeda Afzaliseresht0https://orcid.org/0000-0001-6964-6107Yuan Miao1https://orcid.org/0000-0002-6712-3465Sandra Michalska2https://orcid.org/0000-0002-3732-1882Qing Liu3https://orcid.org/0000-0001-7895-9551Hua Wang4https://orcid.org/0000-0002-8465-0996Institute for Sustainable Industries and Liveable cities, Victoria University, Melbourne, VIC, AustraliaInstitute for Sustainable Industries and Liveable cities, Victoria University, Melbourne, VIC, AustraliaInstitute for Sustainable Industries and Liveable cities, Victoria University, Melbourne, VIC, AustraliaThe Commonwealth Scientific and Industrial Research Organization (CSIRO), Hobart, TAS, AustraliaInstitute for Sustainable Industries and Liveable cities, Victoria University, Melbourne, VIC, AustraliaAn average medium-sized organisation logs approx. 10 to 500 mln events per day on the system. Only less than 5% of threat alerts are being investigated by the specialised staff, leaving the security hole open for potential attacks. Insufficient information in alert message produced in machine-friendly rather than human-friendly format causes cognitive overload on currently limited cybersecurity resources. In this paper, the model that generates the report in natural language by means of applying novel storytelling techniques from security logs is proposed. The solution caters for different levels of reader expertise and preference by providing adjustable templates, filled from both local and global knowledge base. The validation is performed on case study from Security Operations Centre (SOC) at educational institution. The report generated proves superior to existing approach in terms of comprehension (increased cognition) and completeness (enriched context). The evaluation demonstrates power of storytelling in potential threats interpretation in cybersecurity context.https://ieeexplore.ieee.org/document/8960350/Cybersecuritystorytellingthreat intelligencehuman cognitioninformation extractionknowledge Discovery |
| spellingShingle | Neda Afzaliseresht Yuan Miao Sandra Michalska Qing Liu Hua Wang From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence IEEE Access Cybersecurity storytelling threat intelligence human cognition information extraction knowledge Discovery |
| title | From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence |
| title_full | From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence |
| title_fullStr | From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence |
| title_full_unstemmed | From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence |
| title_short | From logs to Stories: Human-Centred Data Mining for Cyber Threat Intelligence |
| title_sort | from logs to stories human centred data mining for cyber threat intelligence |
| topic | Cybersecurity storytelling threat intelligence human cognition information extraction knowledge Discovery |
| url | https://ieeexplore.ieee.org/document/8960350/ |
| work_keys_str_mv | AT nedaafzaliseresht fromlogstostorieshumancentreddataminingforcyberthreatintelligence AT yuanmiao fromlogstostorieshumancentreddataminingforcyberthreatintelligence AT sandramichalska fromlogstostorieshumancentreddataminingforcyberthreatintelligence AT qingliu fromlogstostorieshumancentreddataminingforcyberthreatintelligence AT huawang fromlogstostorieshumancentreddataminingforcyberthreatintelligence |