Tactics and Techniques Text Classification Based on Adversarial Contrastive Learning and Meta-Path

Tactics and techniques information in Cyber Threat Intelligence (CTI) represent the objectives of attackers and the means through which these objectives are achieved. The classification of tactics and techniques descriptions in CTI has been extensively studied to assist security experts in interpreting attack patterns. Although many recent studies have applied various deep learning methods to enhance classification performance, they mainly focus on improving performance from an average or top perspective. However, the imbalance between tactical and technical tag samples, as well as text sparsity, may lead to poor model performance, which has been under-explored. To address these issues, we propose a new tactics and techniques classification model based on adversarial contrastive learning and meta-path (TTC-ACLM). In TTC-ACLM, a novel text representation learning module is first designed. It includes pre-trained language model (PLM) and contrastive adversarial methods, which can better adapt to categories with smaller sample sizes while obtaining better text representations. Then, heterogeneous information networks are used to model the rich relationships between texts and labels (tactics and techniques), which can merge additional information, e.g., processes and tools, to address text sparsity. Next, we defined a meta-path based classifier learning module that maps text, tactics, and meta-path based context to a set of classifiers, which are applied to the text representation generated by the text representation module for better classification. Finally, the classification performance is further improved through the tactics and techniques correlation enhancement matrix. Through in-depth research, we demonstrate that the proposed model can effectively address the impact of sample imbalance and text sparsity. Extensive experimental results indicate that TTC-ACLM achieves state-of-the-art performance.

• Publication year

  2025

• Venue

  IEEE Transactions on Information Forensics and Security

• Publication date

  Unknown publication date

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TIFS.2025.3609218
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• CTI-HAL: A Human-Annotated Dataset for Cyber Threat Intelligence Analysis

  2025cited by this paper
• AnnoCTR: A Dataset for Detecting and Linking Entities, Tactics, and Techniques in Cyber Threat Reports

  2024cited by this paper
• Tactics And Techniques Classification In Cyber Threat Intelligence

  2023cited by this paper
• Cyber Threat Intelligence Mining for Proactive Cybersecurity Defense: A Survey and New Perspectives

  2023cited by this paper
• A Comprehensive Capability Analysis of GPT-3 and GPT-3.5 Series Models

  2023cited by this paper
• A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions

  2023cited by this paper
• GPT-4 Technical Report

  2023cited by this paper
• Constructing Knowledge Graph from Cyber Threat Intelligence Using Large Language Model

  2023cited by this paper
• TIM: threat context-enhanced TTP intelligence mining on unstructured threat data

  2022cited by this paper
• SecureBERT: A Domain-Specific Language Model for Cybersecurity

  2022cited by this paper
• Comparative Experiment on TTP Classification with Class Imbalance Using Oversampling from CTI Dataset

  2022cited by this paper
• Dual Contrastive Learning: Text Classification via Label-Aware Data Augmentation

  2022cited by this paper
• Extractor: Extracting Attack Behavior from Threat Reports

  2021cited by this paper
• Improved Text Classification via Contrastive Adversarial Training

  2021influential reference
• BertGCN: Transductive Text Classification by Combining GNN and BERT

  2021cited by this paper
• SimCSE: Simple Contrastive Learning of Sentence Embeddings

  2021cited by this paper
• A Simple Framework for Contrastive Learning of Visual Representations

  2020cited by this paper
• Automated Retrieval of ATT&CK Tactics and Techniques for Cyber Threat Reports

  2020cited by this paper
• DeBERTa: Decoding-enhanced BERT with Disentangled Attention

  2020cited by this paper
• Supervised Contrastive Learning for Pre-trained Language Model Fine-tuning

  2020cited by this paper
• Momentum Contrast for Unsupervised Visual Representation Learning

  2019cited by this paper
• Heterogeneous Graph Attention Networks for Semi-supervised Short Text Classification

  2019cited by this paper
• Extraction of Threat Actions from Threat-related Articles using Multi-Label Machine Learning Classification Method

  2019cited by this paper
• BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding

  2019cited by this paper
• Automated Threat Report Classification over Multi-Source Data

  2018cited by this paper
• ChainSmith: Automatically Learning the Semantics of Malicious Campaigns by Mining Threat Intelligence Reports

  2018cited by this paper
• Leveraging Meta-path based Context for Top- N Recommendation with A Neural Co-Attention Model

  2018cited by this paper
• A survey on technical threat intelligence in the age of sophisticated cyber attacks

  2018cited by this paper
• Joint Embedding of Words and Labels for Text Classification

  2018cited by this paper
• TTPDrill: Automatic and Accurate Extraction of Threat Actions from Unstructured Text of CTI Sources

  2017cited by this paper
• HIN2Vec: Explore Meta-paths in Heterogeneous Information Networks for Representation Learning

  2017cited by this paper
• Decoupled Weight Decay Regularization

  2017cited by this paper
• Deep Pyramid Convolutional Neural Networks for Text Categorization

  2017cited by this paper
• A Structured Self-attentive Sentence Embedding

  2017cited by this paper
• node2vec: Scalable Feature Learning for Networks

  2016cited by this paper
• Training deep neural networks on imbalanced data sets

  2016cited by this paper
• Adversarial Training Methods for Semi-Supervised Text Classification

  2016influential reference
• Semantic expansion using word embedding clustering and convolutional neural network for improving short text classification

  2016cited by this paper
• Character-level Convolutional Networks for Text Classification

  2015cited by this paper
• Recurrent Convolutional Neural Networks for Text Classification

  2015cited by this paper
• Explaining and Harnessing Adversarial Examples

  2014cited by this paper
• DeepWalk: online learning of social representations

  2014cited by this paper
• Automatic Labeling for Entity Extraction in Cyber Security

  2013cited by this paper
• Ieee Transactions on Knowledge and Data Engineering a Survey of Heterogeneous Information Network Analysis Ieee Transactions on Knowledge and Data Engineering 2

  year unknowncited by this paper

• No citing papers are available for this paper.