IEEE Access (Jan 2021)

QBC Inconsistency-Based Threat Intelligence IOC Recognition

  • Wenli Zeng,
  • Zhi Liu,
  • Yaru Yang,
  • Gen Yang,
  • Qin Luo

DOI
https://doi.org/10.1109/ACCESS.2021.3128070
Journal volume & issue
Vol. 9
pp. 153102 – 153107

Abstract

Read online

With the increase in cyber-attacks, Cyber Threat Intelligence (CTI) has become a hot topic. Log detection using Indicators of Compromise (IOCs) to detect critical risks, such as compromised internal hosts, is the most common use scenario for CTI. Recognition of the IOC is an important method to defend against cyber-attacks and is mainly divided into regular expression matching and supervised learning. However, regular expression matching does not consider contextual semantic information, resulting in low recognition accuracy, and the-state-of-the-art method is to train a neural network by supervised learning, which relies on a large amount of manually labeled data. To address these issues, we propose a QBC inconsistency-based sample selection strategy Query Committee Inconsistency (QCI) to select hard samples, that is, samples with poor model performance, more efficiently by combining committee inconsistency on sample entropy and sample similarity. The experimental results show that the proposed approach reduces the number of labeled samples required by the model by 62% and 39%, respectively, while maintaining accuracy, compared to the traditional QBC and QBC-based sample selection strategies using consistent entropy.

Keywords