Kuehn, Philipp ; Nadermahmoodi, Dilara ; Kerk, Moritz ; Reuter, Christian (2024)
ThreatCluster: Threat Clustering for Information Overload Reduction in Computer Emergency Response Teams.
doi: 10.48550/arXiv.2210.14067
Report, Bibliographie
Kurzbeschreibung (Abstract)
The ever-increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). To respond to emerging threats, CERTs must gather information in a timely and comprehensive manner. But the volume of sources and information leads to information overload. This paper contributes to the question of how to reduce information overload for CERTs. We propose clustering incoming information as scanning this information is one of the most tiresome, but necessary, manual steps. Based on current studies, we establish conditions for such a framework. Different types of evaluation metrics are used and selected in relation to the framework conditions. Furthermore, different document embeddings and distance measures are evaluated and interpreted in combination with clustering methods. We use three different corpora for the evaluation, a novel ground truth corpus based on threat reports, one security bug report (SBR) corpus, and one with news articles. Our work shows, it is possible to reduce the information overload by up to 84.8% with homogeneous clusters. A runtime analysis of the clustering methods strengthens the decision of selected clustering methods. The source code and dataset will be made publicly available after acceptance.
| Typ des Eintrags: | Report |
|---|---|
| Erschienen: | 2024 |
| Autor(en): | Kuehn, Philipp ; Nadermahmoodi, Dilara ; Kerk, Moritz ; Reuter, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | ThreatCluster: Threat Clustering for Information Overload Reduction in Computer Emergency Response Teams |
| Sprache: | Englisch |
| Publikationsjahr: | 15 März 2024 |
| Verlag: | arXiv |
| Reihe: | Cryptography and Security |
| Auflage: | 2. Version |
| DOI: | 10.48550/arXiv.2210.14067 |
| URL / URN: | http://arxiv.org/abs/2210.14067v2 |
| Kurzbeschreibung (Abstract): | The ever-increasing number of threats and the existing diversity of information sources pose challenges for Computer Emergency Response Teams (CERTs). To respond to emerging threats, CERTs must gather information in a timely and comprehensive manner. But the volume of sources and information leads to information overload. This paper contributes to the question of how to reduce information overload for CERTs. We propose clustering incoming information as scanning this information is one of the most tiresome, but necessary, manual steps. Based on current studies, we establish conditions for such a framework. Different types of evaluation metrics are used and selected in relation to the framework conditions. Furthermore, different document embeddings and distance measures are evaluated and interpreted in combination with clustering methods. We use three different corpora for the evaluation, a novel ground truth corpus based on threat reports, one security bug report (SBR) corpus, and one with news articles. Our work shows, it is possible to reduce the information overload by up to 84.8% with homogeneous clusters. A runtime analysis of the clustering methods strengthens the decision of selected clustering methods. The source code and dataset will be made publicly available after acceptance. |
| Freie Schlagworte: | Student, Security, UsableSec, Projekt-ATHENE-SecUrban, Projekt-CYWARN |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) Forschungsfelder Forschungsfelder > Information and Intelligence Forschungsfelder > Information and Intelligence > Cybersecurity & Privacy |
| Hinterlegungsdatum: | 23 Jan 2025 09:39 |
| Letzte Änderung: | 23 Jan 2025 09:39 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum