Knowledge mining of unstructured information: application to cyber domain

dc.contributorAalto Universityen
dc.contributor.authorTakko, Tuomas
dc.contributor.authorBhattacharya, Kunal
dc.contributor.authorLehto, Martti
dc.contributor.authorJalasvirta, Pertti
dc.contributor.authorCederberg, Aapo
dc.contributor.authorKaski, Kimmo
dc.contributor.departmentDepartment of Computer Science
dc.contributor.departmentDepartment of Industrial Engineering and Management
dc.contributor.departmentUniversity of Jyväskylä
dc.contributor.departmentCyberwatch Finland
dc.contributor.departmentKaski Kimmo group
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.departmentDepartment of Industrial Engineering and Managementen
dc.descriptionFunding Information: TT, KB, ML and KK acknowledge research project funding from Cyberwatch Finland. AC is the CEO of the company. PJ and AC are founders and partners in the company. KK and ML are on the advisory board of the company. Funding Information: TT, KB, ML and KK acknowledge research project funding from Cyberwatch Finland. TT acknowledges funding from the Vilho, Yrjö and Kalle Väisälä Foundation of the Finnish Academy of Science and Letters. Publisher Copyright: © 2023, The Author(s).
dc.description.abstractInformation on cyber-related crimes, incidents, and conflicts is abundantly available in numerous open online sources. However, processing large volumes and streams of data is a challenging task for the analysts and experts, and entails the need for newer methods and techniques. In this article we present and implement a novel knowledge graph and knowledge mining framework for extracting the relevant information from free-form text about incidents in the cyber domain. The computational framework includes a machine learning-based pipeline for generating graphs of organizations, countries, industries, products and attackers with a non-technical cyber-ontology. The extracted knowledge graph is utilized to estimate the incidence of cyberattacks within a given graph configuration. We use publicly available collections of real cyber-incident reports to test the efficacy of our methods. The knowledge extraction is found to be sufficiently accurate, and the graph-based threat estimation demonstrates a level of correlation with the actual records of attacks. In practical use, an analyst utilizing the presented framework can infer additional information from the current cyber-landscape in terms of the risk to various entities and its propagation between industries and countries.en
dc.description.versionPeer revieweden
dc.identifier.citationTakko , T , Bhattacharya , K , Lehto , M , Jalasvirta , P , Cederberg , A & Kaski , K 2023 , ' Knowledge mining of unstructured information: application to cyber domain ' , Scientific Reports , vol. 13 , no. 1 , 1714 , pp. 1-13 .
dc.identifier.otherPURE UUID: 5d5124a9-76d4-4222-83cf-3914ec29cbba
dc.identifier.otherPURE ITEMURL:
dc.identifier.otherPURE LINK:
dc.identifier.otherPURE FILEURL:
dc.publisherNature Publishing Group
dc.relation.ispartofseriesScientific Reportsen
dc.relation.ispartofseriesVolume 13, issue 1en
dc.titleKnowledge mining of unstructured information: application to cyber domainen
dc.typeA1 Alkuperäisartikkeli tieteellisessä aikakauslehdessäfi