HinCTI: A Heterogeneous Information Network-Based Cyber Threat Intelligence Modeling and Identification System PROJECT TITLE : HinCTI: A Cyber Threat Intelligence Modeling and Identification System Based on Heterogeneous Information Network ABSTRACT: Recent years have seen a rise in the sophistication, pervasiveness, organization, and armed nature of cyberattacks. As a result of this circumstance, an increasing number of organizations all over the world are demonstrating a growing willingness to leverage the open exchange of cyber threat intelligence (CTI) in order to obtain a complete picture of the rapidly evolving cyber threat situation and to protect themselves from cyber-attacks. However, modeling CTI is difficult because of the explicit and implicit relationships that exist between CTI as well as the heterogeneity of the cyber-threat infrastructure nodes that are a part of CTI. It is difficult to automatically identify the threat type of infrastructure nodes for early warning because there are only a limited number of labels assigned to cyber threat infrastructure nodes that are involved in CTI. In order to overcome these obstacles, a practical system known as HinCTI has been developed. This system is used for modeling cyber threat intelligence and determining the types of threats. In the first step of this process, we develop a threat intelligence meta-schema to depict the semantic relatedness of infrastructure nodes. After that, we model cyber threat intelligence on a heterogeneous information network (HIN), which is a network that can integrate many different kinds of infrastructure nodes as well as rich relations between them. Following this, we define a meta-path and meta-graph instances-based threat Infrastructure similarity (MIIS) measure between threat infrastructure nodes and present a MIIS measure-based heterogeneous graph convolutional network (GCN) approach to identify the threat types of infrastructure nodes involved in CTI. Both of these measures are based on the meta-path and meta-graph instances that connect threat infrastructure nodes. In addition, by utilizing a hierarchical regularization strategy, our model is able to mitigate the issue of overfitting and achieve satisfactory outcomes in the process of identifying the threat type posed by infrastructure nodes. This work is, as far as we are aware, the first to model CTI on HIN for the purpose of threat identification and to propose a heterogeneous GCN-based approach for the identification of threat types in infrastructure nodes. Extensive tests are run with HinCTI on real-world datasets, and the results of these tests show that our proposed approach has the potential to significantly improve the performance of threat type identification in comparison to the existing state-of-the-art baseline methods. Our work is useful because it significantly reduces the amount of heavy analysis work that security analysts have to do and improves the efficiency with which organizations are protected against cyberattacks. Did you like this research project? To get this research project Guidelines, Training and Code... Click Here facebook twitter google+ linkedin stumble pinterest Measuring Fitness and Precision of Automatically Discovered Process Models: A Principled and Scalable Approach A Quick Method to Accurately Find Important Items in Data Streams is LTC.
