LABELING METHOD FOR INFORMATION SECURITY PROTECTION DETECTION RULES AND TACTIC, TECHNIQUE AND PROCEDURE LABELING DEVICE FOR THE SAME｜Patents Search｜Patents｜Service

2022.10.12

LABELING METHOD FOR INFORMATION SECURITY PROTECTION DETECTION RULES AND TACTIC, TECHNIQUE AND PROCEDURE LABELING DEVICE FOR THE SAME

Taiwan, Province of China

Overview

A labeling method for information security protection detection rules and an information security threat tactic, technique and procedure (TTP) labeling device. The labeling method includes: obtaining a plurality of reference documents related to definitions of TTP and classify them to generate corpuses; building a keyword thesaurus; obtaining a plurality of to-be-labeled detection rules, and extracting key information fields from them and comparing the key information fields with keywords, so as to label the to-be-labeled detection rules; for those not labeled of the to-be-labeled detection rules, performing a text similarity calculation on the key information fields and the corpuses, and labeling those not labeled of the to-be-labeled detection rules with the corpus having the highest similarity; training with the labeled detection rules and the corpuses as a training data set to generate a TTP labeling model; and inputting a current to-be-labeled detection rule to generate a TTP labeling result.