@InProceedings{10.1007/978-3-031-56583-0_14,
author="Zhou, Chenxin
and Huang, Cheng
and Wang, Yanghao
and Zuo, Zheng",
editor="Goel, Sanjay
and Nunes de Souza, Paulo Roberto",
title="APTBert: Abstract Generation and Event Extraction from APT Reports",
booktitle="Digital Forensics and Cyber Crime",
year="2024",
publisher="Springer Nature Switzerland",
address="Cham",
pages="209--223",
abstract="Due to the rapid development of information technology in this century, APT attacks(Advanced Persistent Threat) occur more frequently. The best way to combat APT is to quickly extract and integrate the roles of the attack events involved in the report from the APT reports that have been released, and to further perceive, analyze and prevent APT for the relevant security professionals. With the above issues in mind, an event extraction model for APT attack is proposed. This model, which is called APTBert, uses targeted text characterization results from the security filed text generated by the APTBert pre-training model to feed into the multi-head self-attention mechanism neural network for training, improving the accuracy of sequence labelling. At the experiment stage, on the basis of 1300 open source APT attack reports from security vendors and forums, we first pre-trained an APTBert pre-training model. We ended up annotating 600 APT reports with event roles, which were used to train the extraction model and evaluate the effect of event extraction. Experiment results show that the proposed method has better performance in training time and F1(77.4{\%}) as compared to traditional extraction methods like BiLSTM.",
isbn="978-3-031-56583-0"
}