Home >

news Help

Publication Information


Title
Japanese: 
English:A Study of Classification of Texts into Categories of Cybersecurity Incident and Attack with Topic Models 
Author
Japanese: 石井 将大, 松浦 知史, 森 健人, 友石 正彦, 金 勇, 北口 善明.  
English: Masahiro Ishii, Satoshi Matsuura, Kento Mori, Masahiko Tomoishi, Yong Jin, Yoshiaki Kitaguchi.  
Language English 
Journal/Book name
Japanese: 
English:Proceedings of the 6th International Conference on Information Systems Security and Privacy (ICISSP 2020) 
Volume, Number, Page         pp. 639-646
Published date Feb. 2020 
Publisher
Japanese: 
English: 
Conference name
Japanese: 
English: 
Conference site
Japanese: 
English: 
Official URL https://researchr.org/publication/0002MMTJK20
 
DOI https://doi.org/10.5220/0009099606390646
Abstract To improve and automate cybersecurity incident handling in security operations centers (SOCs) and com- puter emergency response teams (CERTs), security intelligences extracted from various internal and external sources, including incident response playbooks, incident reports in each SOCs and CERTs, the National Vul- nerability Database, and social media, must be utilized. In this paper, we apply various topic models to classify text related to cybersecurity intelligence and incidents according to topics derived from incidents and cyber attacks. We analyze cybersecurity incident reports and related text in our CERT and security blog posts using naive latent Dirichlet allocation (LDA), seeded LDA, and labeled LDA topic models. Labeling text based on designated categories is difficult and time-consuming. Training the seeded model does not require text to be labeled; instead, seed words are given to allow the model to infer topic-word and document-topic distributions for the text. We show that a seeded topic model can be used to extract and classify intelligence in our CERT, and we infer text more precisely compared with a supervised topic model.

©2007 Tokyo Institute of Technology All rights reserved.