Zaɓi Harshe

APIRO: Tsarin Shawarwarin API na Kayan Aikin Tsaro ta Atomatik don Dandamalin SOAR

APIRO tsari ne na koyo don ba da shawarar API na kayan aikin tsaro a cikin dandamalin SOAR, yana magance matsalolin bambancin bayanai da bambancin ma'ana tare da daidaiton Top-1 na 91.9%.
apismarket.org | PDF Size: 1.9 MB
Kima: 4.5/5
Kimarku
Kun riga kun ƙididdige wannan takarda
Murfin Takardar PDF - APIRO: Tsarin Shawarwarin API na Kayan Aikin Tsaro ta Atomatik don Dandamalin SOAR
Duba Takardar PDF Zazzage PDF Fassara PDF
Gida » Takaddun » APIRO: Tsarin Shawarwarin API na Kayan Aikin Tsaro ta Atomatik don Dandamalin SOAR

1 Gabatarwa

Cibiyoyin Ayyukan Tsaro (SOCs) suna ƙara amfani da dandamalin Tsaro, Kayan Aiki, da Amsa (SOAR) don sarrafa abubuwan da suka shafi tsaro na kan layi. Waɗannan dandamali suna haɗa kayan aikin tsaro daban-daban ta hanyar APIs, amma zaɓin API na hannu yana haifar da manyan kalubale saboda bambancin bayanai, bambancin ma'ana, da kuma yawan adadin APIs masu samuwa.

APIRO yana magance waɗannan kalubalen ta hanyar tsarin koyo na atomatik wanda ke ba da shawarar mafi dacewar API na kayan aikin tsaro don takamaiman ayyukan amsa lamari. Tsarin ya nuna daidaiton Top-1 na 91.9%, wanda ya fi dacewar hanyoyin da ake amfani da su.

91.9%

Daidaiton Top-1

26.93%

Inganci akan Ma'auni

3

Kayan Aikin Tsaro da aka Bincika

36

Dabarun Haɓakawa

2 Tsarin Tsarin APIRO

Tsarin APIRO ya ƙunshi manyan sassa guda uku waɗanda aka ƙera don ɗaukar kalubalen ba da shawarar API na kayan aikin tsaro a cikin yanayin SOAR.

2.1 Module na Haɓaka Bayanai

Don rage ƙarancin bayanai, APIRO yana amfani da dabarun haɓaka bayanai guda 36 waɗanda suka haɗa da maye gurbin ma'ana, fassarar baya, da saka mahallin. Wannan module yana haɓaka bayanin API ta hanyar samar da bayanan horo na roba yayin kiyaye ma'anar ma'ana.

2.2 Samfurin Saka API

APIRO yana amfani da samfurin saka kalmomi na musamman wanda aka horar da shi akan tarin kalmomin tsaro. Samfurin yana ɗaukar alaƙar ma'ana tsakanin ayyukan API ta amfani da manufar saka mai zuwa:

$\min_{\theta} \sum_{(w,c) \in D} -\log \sigma(v_c \cdot v_w) - \sum_{(w,c') \in D'} \log \sigma(-v_{c'} \cdot v_w)$

inda $v_w$ da $v_c$ ke wakiltar kalmomi da vectors na mahalli bi da bi, $D$ yana nuna ingantattun nau'ikan horo, kuma $D'$ yana wakiltar samfuran marasa kyau.

2.3 Rarraba CNN

Cibiyar Sadarwar Jijiya ta Convolutional tana sarrafa bayanan API da aka saka don hasashen manyan API 3 masu dacewa don wani aiki. Tsarin CNN ya haɗa da matakan tacewa da yawa (2,3,4 grams) don ɗaukar ƙirar n-gram a cikin takaddun API.

3 Sakamakon Gwaji

An kimanta APIRO ta amfani da kayan aikin tsaro guda uku tare da cikakkun takaddun API: Dandamalin Rarraba Bayanan Malware (MISP), Limacharlie EDR, da dandamalin SOAR na Phantom.

3.1 Ma'aunin Aiki

Tsarin ya sami aiki mai ban mamaki a cikin ma'auni daban-daban na kimantawa:

  • Daidaiton Top-1: 91.9%
  • Daidaiton Top-2: An inganta da 23.03% akan ma'auni
  • Daidaiton Top-3: An inganta da 20.87% akan ma'auni
  • Matsakaicin Matsayin Maido (MRR): Ingantacciyar 23.7%

3.2 Kwatancen da Ma'auni

APIRO ya fi manyan hanyoyin ma'auni gaba ɗaya a cikin kowane ma'auni. Ingantaccen aiki yana nuna ingancin haɓaka bayanai da kuma ingantaccen hanyar saka don sarrafa bambance-bambance na ma'ana a cikin takaddun API na tsaro.

Ginshiƙin Kwatancen Aiki

Sakamakon gwaji ya nuna ma'aunin daidaiton APIRO idan aka kwatanta da hanyoyin ma'auni. Hoto na ginshiƙi yana nuna fifiko mai daidaito a cikin ma'aunin Top-1, Top-2, da Top-3, tare da mafi girman ci gaba a cikin daidaiton Top-1 (ingantaccen 26.93%).

4 Bincike na Fasaha

Hankali na Asali

APIRO yana canza yadda ƙungiyoyin SOC ke hulɗa da API na kayan aikin tsaro ta hanyar maye gurbin hanyoyin hannu, masu kuskure tare da shawarwari masu hankali, masu dogaro da bayanai. Gaskiyar gaskiya ta tsarin tana cikin dabarunsa na aiki ga gaskiyar rikice-rikicen takaddun tsaro - baya ƙoƙarin daidaita rikice-rikicen amma yana koyon kewayawa yadda ya kamata.

Kwararar Ma'ana

Tsarin yana bin matakai uku masu sarƙaƙiya: na farko, yana ƙara haɓaka ƙayyadaddun bayanan horo ta hanyar dabarun 36 (tunawa da dabarun haɓaka bayanai na CycleGAN); na biyu, yana gina saka na musamman na yanki wanda ya fahimci bambance-bambancen kalmomin tsaro; na uku, yana amfani da matatun CNN masu yawa don ɗaukar ƙirar ma'ana na gida da na duniya. Wannan ba wani aikace-aikacen ML kawai bane - tsari ne da aka gina don takamaiman yanki mai mahimmanci.

Ƙarfi & Kurakurai

Daidaiton Top-1 na 91.9% yana da ban sha'awa, amma ina shakku game da haɓaka haƙiƙanin duniya fiye da kayan aikin guda uku da aka gwada. Dogaro da haɓaka bayanai mai yawa yana nuna matsalolin ƙarancin bayanai na asali waɗanda zasu iya iyakance haɓaka turawa. Duk da haka, ingantaccen 26.93% akan ma'auni yana nuna ingantaccen ƙirƙira na fasaha, ba kawai gyare-gyare ba.

Shawarwari masu Aiki

Yakamata masu sayar da tsaro su bincika haɗa ayyuka irin na APIRO cikin dandamalinsu na SOAR nan da nan. Tsarin yana ba da cikakkiyar hanya don magance matsalar haɗin API wanda ke addabar SOCs na zamani. Ya kamata ƙungiyoyi su matsa wa masu sayar da SOAR su karɓi waɗannan hanyoyin da AI ke tafiyar da su maimakon ci gaba da hanyoyin haɗin kai na hannu, marasa ƙarfi.

Misalin Tsarin Bincike

Yi la'akari da aikin amsa lamari: "Bincika zirga-zirgar cibiyar sadarwa mai shakku daga adireshin IP 192.168.1.100"

Aikin sarrafa APIRO:

  1. Bayanin aiki kafin sarrafawa da alama
  2. Duban saka ta amfani da vectors na kalmomi na musamman na tsaro
  3. Cire siffa na CNN mai yawa
  4. Maki kama da API na kayan aikin tsaro masu samuwa
  5. Shawarwarin Top-3 API tare da maki amincewa

Fitarwa: [MISP: search_events, Limacharlie: get_connections, Phantom: ip_reputation_check]

5 Aikace-aikacen Gaba

Hanyar APIRO tana da babban yuwuwar fiye da shawarwarin kayan aikin tsaro:

  • Gano API na Kasuwanci: Ƙara zuwa tsarin API na kasuwanci gabaɗaya don ingantaccen gano sabis da haɗin kai
  • Kayan Aikin Tsaro na Dandamali Daban-daban: Ba da damar ayyukan tsaro ta atomatik a cikin masu samar da girgije da masu sayar da tsaro
  • Daidaituwar API: Sanar da ci gaban ƙayyadaddun API na tsaro da aka daidaita
  • Tsarin Gini na Sifili-Amana: Taimakawa tilasta manufofin tsaro ta hanyar zaɓin API mai hankali

Hanyoyin bincike na gaba sun haɗa da haɗa koyon canja wuri don sabbin kayan aikin tsaro, haɗa ikon koyo kaɗan, da haɗa AI mai bayani don bayyana shawarwari.

6 Nassoshi

  1. Zhu, J.Y., et al. "Fassarar Hotuna-zuwa-Hotuna mara Haɗin gwiwa ta amfani da Cibiyoyin Sadarwa masu Daidaitaccen Zagayowar." ICCV 2017.
  2. Aikin MISP. "Dandamalin Rarraba Bayanan Malware." https://www.misp-project.org/
  3. Limacharlie. "Gano Ƙarshen Ƙarshen da Amsa." https://limacharlie.io/
  4. Saxe, J., et al. "Gano Malware na Cibiyar Sadarwar Jijiya mai zurfi ta amfani da Siffofin Shirye-shiryen Binary guda biyu." IEEE S&P 2015.
  5. MITRE ATT&CK. "Matrix na Kasuwanci." https://attack.mitre.org/
  6. Phantom. "Dandamalin Tsaro, Kayan Aiki, da Amsa." https://www.phantom.us/
  7. Rapid7. "Dandamalin SOAR don Farautar Barazana." Takaddun Fasaha, 2021.