Semantic Ranking for Automated Adversarial Technique Annotation in Security Text

Udesh Kumarasinghe; Ahmed Lekssays; Husrev Taha Sencar; Sabri Boughorbel; Charitha Elvitigala; Preslav Nakov

Semantic Ranking for Automated Adversarial Technique Annotation in Security Text

Udesh Kumarasinghe, Ahmed Lekssays, Husrev Taha Sencar, Sabri Boughorbel, Charitha Elvitigala, Preslav Nakov

Published: 01 Jan 2024, Last Modified: 13 Jan 2025AsiaCCS 2024EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: We introduce a novel approach for mapping attack behaviors described in threat analysis reports to entries in an adversarial techniques knowledge base. Our method leverages a multi-stage ranking architecture to efficiently rank the most related techniques based on their semantic relevance to the input text. Each ranker in our pipeline uses a distinct design for text representation. To enhance relevance modeling, we leverage pretrained language models, which we fine-tune for the technique annotation task. While generic large language models are not yet capable of fully addressing this challenge, we obtain very promising results. We achieve a recall rate improvement of +35% compared to the previous state-of-the-art results. We further create new public benchmark datasets for training and validating methods in this domain, which we release to the research community aiming to promote future research in this important direction.

Loading