AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset

Pritam Deka; Sampath Rajapaksha; Ruby Rani; Amirah Almutairi; Erisa Karafili

doi:10.1007/978-981-96-0576-7_20

AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset

Pritam Deka
, Sampath Rajapaksha
, Ruby Rani
, Amirah Almutairi
, Erisa Karafili^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Cyber-attack attribution is an important process that allows experts to put in place attacker-oriented countermeasures and legal actions. The analysts mainly perform attribution manually, given the complex nature of this task. AI and, more specifically, Natural Language Processing (NLP) techniques can be leveraged to support cybersecurity analysts during the attribution process. However powerful these techniques may be, they must address the lack of datasets in the attack attribution domain. In this work, we will fill this gap and will provide, to the best of our knowledge, the first dataset on cyber-attack attribution. We designed our dataset with the primary goal of extracting attack attribution information from cybersecurity texts, utilizing named entity recognition (NER) methodologies from the field of NLP. Unlike other cybersecurity NER datasets, ours offers a rich set of annotations with contextual details, including some that span phrases and sentences. We conducted extensive experiments and applied NLP techniques to demonstrate the dataset’s effectiveness for attack attribution. These experiments highlight the potential of Large Language Models (LLMs) capabilities to improve the NER tasks in cybersecurity datasets for cyber-attack attribution.

Original language	English
Title of host publication	Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings
Editors	Mahmoud Barhamgi, Hua Wang, Xin Wang
Publisher	Springer Singapore
Pages	255-270
Number of pages	16
ISBN (Electronic)	9789819605767
ISBN (Print)	9789819605750
DOIs	https://doi.org/10.1007/978-981-96-0576-7_20
Publication status	Published - 26 Nov 2024
Externally published	Yes
Event	25th International Conference on Web Information Systems Engineering, WISE 2024 - Doha, Qatar Duration: 02 Dec 2024 → 05 Dec 2024

Publication series

Name	Lecture Notes in Computer Science (LNCS)
Volume	15440
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	25th International Conference on Web Information Systems Engineering, WISE 2024
Country/Territory	Qatar
City	Doha
Period	02/12/2024 → 05/12/2024

Keywords

attribution
dataset
LLMs
Named entity recognition
NLP

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-981-96-0576-7_20Licence: Unspecified

Cite this

Deka, P., Rajapaksha, S., Rani, R., Almutairi, A., & Karafili, E. (2024). AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset. In M. Barhamgi, H. Wang, & X. Wang (Eds.), Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings (pp. 255-270). (Lecture Notes in Computer Science (LNCS); Vol. 15440 ). Springer Singapore. https://doi.org/10.1007/978-981-96-0576-7_20

Deka, Pritam ; Rajapaksha, Sampath ; Rani, Ruby et al. / AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset. Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings. editor / Mahmoud Barhamgi ; Hua Wang ; Xin Wang. Springer Singapore, 2024. pp. 255-270 (Lecture Notes in Computer Science (LNCS)).

@inproceedings{1a35384e268f46d09ff211cc65d5edf9,

title = "AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset",

abstract = "Cyber-attack attribution is an important process that allows experts to put in place attacker-oriented countermeasures and legal actions. The analysts mainly perform attribution manually, given the complex nature of this task. AI and, more specifically, Natural Language Processing (NLP) techniques can be leveraged to support cybersecurity analysts during the attribution process. However powerful these techniques may be, they must address the lack of datasets in the attack attribution domain. In this work, we will fill this gap and will provide, to the best of our knowledge, the first dataset on cyber-attack attribution. We designed our dataset with the primary goal of extracting attack attribution information from cybersecurity texts, utilizing named entity recognition (NER) methodologies from the field of NLP. Unlike other cybersecurity NER datasets, ours offers a rich set of annotations with contextual details, including some that span phrases and sentences. We conducted extensive experiments and applied NLP techniques to demonstrate the dataset{\textquoteright}s effectiveness for attack attribution. These experiments highlight the potential of Large Language Models (LLMs) capabilities to improve the NER tasks in cybersecurity datasets for cyber-attack attribution. ",

keywords = "attribution, dataset, LLMs, Named entity recognition, NLP",

author = "Pritam Deka and Sampath Rajapaksha and Ruby Rani and Amirah Almutairi and Erisa Karafili",

year = "2024",

month = nov,

day = "26",

doi = "10.1007/978-981-96-0576-7\_20",

language = "English",

isbn = "9789819605750",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer Singapore",

pages = "255--270",

editor = "Mahmoud Barhamgi and Hua Wang and Xin Wang",

booktitle = "Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings",

address = "Singapore",

note = "25th International Conference on Web Information Systems Engineering, WISE 2024 ; Conference date: 02-12-2024 Through 05-12-2024",

}

Deka, P, Rajapaksha, S, Rani, R, Almutairi, A & Karafili, E 2024, AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset. in M Barhamgi, H Wang & X Wang (eds), Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings. Lecture Notes in Computer Science (LNCS), vol. 15440 , Springer Singapore, pp. 255-270, 25th International Conference on Web Information Systems Engineering, WISE 2024, Doha, Qatar, 02/12/2024. https://doi.org/10.1007/978-981-96-0576-7_20

AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset. / Deka, Pritam; Rajapaksha, Sampath; Rani, Ruby et al.
Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings. ed. / Mahmoud Barhamgi; Hua Wang; Xin Wang. Springer Singapore, 2024. p. 255-270 (Lecture Notes in Computer Science (LNCS); Vol. 15440 ).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset

AU - Deka, Pritam

AU - Rajapaksha, Sampath

AU - Rani, Ruby

AU - Almutairi, Amirah

AU - Karafili, Erisa

PY - 2024/11/26

Y1 - 2024/11/26

N2 - Cyber-attack attribution is an important process that allows experts to put in place attacker-oriented countermeasures and legal actions. The analysts mainly perform attribution manually, given the complex nature of this task. AI and, more specifically, Natural Language Processing (NLP) techniques can be leveraged to support cybersecurity analysts during the attribution process. However powerful these techniques may be, they must address the lack of datasets in the attack attribution domain. In this work, we will fill this gap and will provide, to the best of our knowledge, the first dataset on cyber-attack attribution. We designed our dataset with the primary goal of extracting attack attribution information from cybersecurity texts, utilizing named entity recognition (NER) methodologies from the field of NLP. Unlike other cybersecurity NER datasets, ours offers a rich set of annotations with contextual details, including some that span phrases and sentences. We conducted extensive experiments and applied NLP techniques to demonstrate the dataset’s effectiveness for attack attribution. These experiments highlight the potential of Large Language Models (LLMs) capabilities to improve the NER tasks in cybersecurity datasets for cyber-attack attribution.

AB - Cyber-attack attribution is an important process that allows experts to put in place attacker-oriented countermeasures and legal actions. The analysts mainly perform attribution manually, given the complex nature of this task. AI and, more specifically, Natural Language Processing (NLP) techniques can be leveraged to support cybersecurity analysts during the attribution process. However powerful these techniques may be, they must address the lack of datasets in the attack attribution domain. In this work, we will fill this gap and will provide, to the best of our knowledge, the first dataset on cyber-attack attribution. We designed our dataset with the primary goal of extracting attack attribution information from cybersecurity texts, utilizing named entity recognition (NER) methodologies from the field of NLP. Unlike other cybersecurity NER datasets, ours offers a rich set of annotations with contextual details, including some that span phrases and sentences. We conducted extensive experiments and applied NLP techniques to demonstrate the dataset’s effectiveness for attack attribution. These experiments highlight the potential of Large Language Models (LLMs) capabilities to improve the NER tasks in cybersecurity datasets for cyber-attack attribution.

KW - attribution

KW - dataset

KW - LLMs

KW - Named entity recognition

KW - NLP

U2 - 10.1007/978-981-96-0576-7_20

DO - 10.1007/978-981-96-0576-7_20

M3 - Conference contribution

AN - SCOPUS:85211225678

SN - 9789819605750

T3 - Lecture Notes in Computer Science (LNCS)

SP - 255

EP - 270

BT - Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings

A2 - Barhamgi, Mahmoud

A2 - Wang, Hua

A2 - Wang, Xin

PB - Springer Singapore

T2 - 25th International Conference on Web Information Systems Engineering, WISE 2024

Y2 - 2 December 2024 through 5 December 2024

ER -

Deka P, Rajapaksha S, Rani R, Almutairi A, Karafili E. AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset. In Barhamgi M, Wang H, Wang X, editors, Web Information Systems Engineering - WISE 2024 - 25th International Conference: Proceedings. Springer Singapore. 2024. p. 255-270. (Lecture Notes in Computer Science (LNCS)). doi: 10.1007/978-981-96-0576-7_20

AttackER: towards enhancing cyber-attack attribution with a named entity recognition dataset

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this