TIPS: Threat Actor Informed Prioritization of Applications using SecEncoder
This addresses the challenge of efficiently managing security threats for analysts, though it appears incremental as it builds on existing language model approaches.
The paper tackles the problem of detecting and prioritizing compromised applications by introducing TIPS, which integrates threat actor intelligence with a specialized language model. The system achieves an F-1 score of 0.90 on a benchmark dataset and reduces investigation backlog by 87% in real-world scenarios.
This paper introduces TIPS: Threat Actor Informed Prioritization using SecEncoder, a specialized language model for security. TIPS combines the strengths of both encoder and decoder language models to detect and prioritize compromised applications. By integrating threat actor intelligence, TIPS enhances the accuracy and relevance of its detections. Extensive experiments with a real-world benchmark dataset of applications demonstrate TIPS's high efficacy, achieving an F-1 score of 0.90 in identifying malicious applications. Additionally, in real-world scenarios, TIPS significantly reduces the backlog of investigations for security analysts by 87%, thereby streamlining the threat response process and improving overall security posture.