NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
In the fast-evolving world of Cybersecurity, an analyst often has the difficult task of responding to new threats and attack campaigns within a limited amount of time. If an analyst fails to do so, this can lead to severe consequences for the system under attack. In this work, we are motivated to aid the security analyst by introducing a tool which will help to produce a swift and effective response to incoming threats. If an analyst identifies the nature of an incoming attack, our system can produce a ranked list of solutions for the analyst to quickly try out, saving both effort and time. Currently, the security analyst is typically left to manually produce a solution by consulting existing frameworks and knowledge bases, such as the ATT&CK and D3FEND frameworks by the MITRE Corporation. This task is made harder by the fact that existing knowledge bases are not always comprehensive, and so a lot of valuable security knowledge is instead found scattered across the web. To solve these challenges, our tool leverages existing frameworks as well as data crawled from the web. Our tool uses advanced natural language processing techniques, including a large language model (RoBERTa), to derive meaningful semantic associations between descriptions of offensive techniques and defensive countermeasures. Experimental results confirm that our proposed method can provide useful suggestions to the security analyst with good accuracy, especially in comparison to baseline approaches which fail to exhibit the semantic and contextual understanding necessary to make such associations.
Proceedings Title
Data and Applications Security and Privacy XXXVI
Volume
13383
Conference Dates
July 18-20, 2022
Conference Location
Newark, NJ, US
Conference Title
International Conference on Data and Application Security and Privacy 2022 (DBSec 2022)
Akbar, K.
, Halim, S.
, Hu, Y.
, Singhal, A.
, Khan, L.
and Thuraisingham, B.
(2022),
Knowledge Mining in Cybersecurity: From Attack to Defense, Data and Applications Security and Privacy XXXVI, Newark, NJ, US, [online], https://doi.org/10.1007/978-3-031-10684-2_7, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934782
(Accessed October 9, 2025)