Knowledge mining of unstructured information: application to cyber domain

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorTakko, Tuomas
dc.contributor.authorBhattacharya, Kunal
dc.contributor.authorLehto, Martti
dc.contributor.authorJalasvirta, Pertti
dc.contributor.authorCederberg, Aapo
dc.contributor.authorKaski, Kimmo
dc.contributor.departmentDepartment of Computer Science
dc.contributor.departmentDepartment of Industrial Engineering and Management
dc.contributor.departmentUniversity of Jyväskylä
dc.contributor.departmentCyberwatch Finland
dc.contributor.departmentKaski Kimmo group
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.departmentDepartment of Industrial Engineering and Managementen
dc.date.accessioned2023-02-20T05:12:48Z
dc.date.available2023-02-20T05:12:48Z
dc.date.issued2023-12
dc.descriptionFunding Information: TT, KB, ML and KK acknowledge research project funding from Cyberwatch Finland. AC is the CEO of the company. PJ and AC are founders and partners in the company. KK and ML are on the advisory board of the company. Funding Information: TT, KB, ML and KK acknowledge research project funding from Cyberwatch Finland. TT acknowledges funding from the Vilho, Yrjö and Kalle Väisälä Foundation of the Finnish Academy of Science and Letters. Publisher Copyright: © 2023, The Author(s).
dc.description.abstractInformation on cyber-related crimes, incidents, and conflicts is abundantly available in numerous open online sources. However, processing large volumes and streams of data is a challenging task for the analysts and experts, and entails the need for newer methods and techniques. In this article we present and implement a novel knowledge graph and knowledge mining framework for extracting the relevant information from free-form text about incidents in the cyber domain. The computational framework includes a machine learning-based pipeline for generating graphs of organizations, countries, industries, products and attackers with a non-technical cyber-ontology. The extracted knowledge graph is utilized to estimate the incidence of cyberattacks within a given graph configuration. We use publicly available collections of real cyber-incident reports to test the efficacy of our methods. The knowledge extraction is found to be sufficiently accurate, and the graph-based threat estimation demonstrates a level of correlation with the actual records of attacks. In practical use, an analyst utilizing the presented framework can infer additional information from the current cyber-landscape in terms of the risk to various entities and its propagation between industries and countries.en
dc.description.versionPeer revieweden
dc.format.extent13
dc.format.extent1-13
dc.format.mimetypeapplication/pdf
dc.identifier.citationTakko , T , Bhattacharya , K , Lehto , M , Jalasvirta , P , Cederberg , A & Kaski , K 2023 , ' Knowledge mining of unstructured information: application to cyber domain ' , Scientific Reports , vol. 13 , no. 1 , 1714 , pp. 1-13 . https://doi.org/10.1038/s41598-023-28796-6en
dc.identifier.doi10.1038/s41598-023-28796-6
dc.identifier.issn2045-2322
dc.identifier.otherPURE UUID: 5d5124a9-76d4-4222-83cf-3914ec29cbba
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/5d5124a9-76d4-4222-83cf-3914ec29cbba
dc.identifier.otherPURE LINK: http://www.scopus.com/inward/record.url?scp=85147153208&partnerID=8YFLogxK
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/100313685/Knowledge_mining_of_unstructured_information.pdf
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/119768
dc.identifier.urnURN:NBN:fi:aalto-202302202115
dc.language.isoenen
dc.publisherNature Publishing Group
dc.relation.ispartofseriesScientific Reportsen
dc.relation.ispartofseriesVolume 13, issue 1en
dc.rightsopenAccessen
dc.titleKnowledge mining of unstructured information: application to cyber domainen
dc.typeA1 Alkuperäisartikkeli tieteellisessä aikakauslehdessäfi
dc.type.versionpublishedVersion
Files