TIPS: Threat Actor Informed Prioritization of Applications using SecEncoder
Muhammed Fatih Bulut, Acar Tamersoy, Naveed Ahmad, Yingqi Liu, Lloyd, Greenwald
TL;DR
TIPS is a specialized language model that leverages threat actor intelligence to accurately detect and prioritize compromised applications, significantly aiding security analysts in threat response.
Contribution
The paper introduces TIPS, a novel language model that combines encoder and decoder architectures with threat intelligence for improved application security prioritization.
Findings
Achieves an F-1 score of 0.90 in identifying malicious applications.
Reduces investigation backlog by 87% in real-world scenarios.
Demonstrates high efficacy on a real-world benchmark dataset.
Abstract
This paper introduces TIPS: Threat Actor Informed Prioritization using SecEncoder, a specialized language model for security. TIPS combines the strengths of both encoder and decoder language models to detect and prioritize compromised applications. By integrating threat actor intelligence, TIPS enhances the accuracy and relevance of its detections. Extensive experiments with a real-world benchmark dataset of applications demonstrate TIPS's high efficacy, achieving an F-1 score of 0.90 in identifying malicious applications. Additionally, in real-world scenarios, TIPS significantly reduces the backlog of investigations for security analysts by 87%, thereby streamlining the threat response process and improving overall security posture.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Information and Cyber Security · Advanced Malware Detection Techniques