Abstract: A crucial component of unstructured threat information is the Indicator of Compromise (IOC), which includes malicious IP addresses and domain names. Because non-malicious IP addresses and domain names exist in the threat intelligence texts, the extracted IOCs are often blended with benign entities. Therefore, the current IOC extraction methods are limited in accuracy when determining whether an entity is malicious. In this paper, the problem of IOC recognition is defined as the issue of aspect-level text polarity classification and an aspect-enhanced deep network model for IOC recognition (AspIOC) is presented. While proposing a pre-training model, the network combines IOC contextual characteristics with IOC character features. We collect about 100,000 samples and construct a dataset using an open-source web platform. The experimental results demonstrate that the accuracy and F1 of the proposed IOC discovery method are 99.92%. Our model is better than the most advanced methods currently in use and satisfies industry standards for IOC recognition.
0 Replies
Loading