https://orcid.org/0000-0003-0603-0270
References
- Ahn, G., Kim, K., Park, W., and Shin, D. Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework. NATO Advanced Science Institutes series E: Applied Sciences, 12, 21 (2022), 10761.
- Al-Shaer, R., Spring, J.M., and Christou, E. Learning The Associations of MITRE ATT&CK Adversarial Techniques. In 2020 IEEE Conference on Communications and Network Security (CNS). 2020, pp. 1–9.
- Ampel, B. and Chen, H. Distilling Contextual Embeddings Into A Static Word Embedding For Improving Hacker Forum Analytics. In 2021 IEEE International Conference on Intelligence and Security Informatics (ISI). 2021, pp. 1–3.
- Ampel, B., Samtani, S., Ullman, S., and Chen, H. Linking Common Vulnerabilities and Exposures to the MITRE ATT&CK Framework: A Self-Distillation Approach. In Workshop on AI-enabled Cybersecurity Analytics, ACM Conference on Knowledge Discovery and Data Mining. 2021, pp. 1–5.
- Ampel, B., Samtani, S., Zhu, H., and Chen, H. Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach. MIS Quarterly, Forthcoming.
- Ampel, B.M., Samtani, S., Zhu, H., Ullman, S., and Chen, H. Labeling Hacker Exploits for Proactive Cyber Threat Intelligence: A Deep Transfer Learning Approach. In IEEE Conference on Intelligence and Security Informatics (ISI). 2020, pp. 1–6.
- Bellis, E. What is Vulnerability Management Prioritization? Kenna Security, 2021. https://www.kennasecurity.com/blog/what-is-vulnerability-management-prioritization/.
- Benaroch, M. Real Options Models for Proactive Uncertainty-Reducing Mitigations and Applications in Cybersecurity Investment Decision Making. Information Systems Research, 29, 2 (2018), 315–340.
- Benjamin, V., Valacich, J.S., and Chen, H. DICE-E: A Framework for Conducting Darknet Identification, Collection, Evaluation with Ethics. MIS Quarterly, 43, 1 (2019), 1–22.
- Benjamin, V., Zhang, B., Nunamaker, J.F., Jr, and Chen, H. Examining Hacker Participation Length in Cybercriminal Internet-Relay-Chat Communities. Journal of Management Information Systems, 33, 2 (2016), 485–510.
- Biswas, B., Mukhopadhyay, A., Bhattacharjee, S., Kumar, A., and Delen, D. A Text-mining based Cyber-risk Assessment and Mitigation Framework for Critical Analysis of Online Hacker Forums. Decision Support Systems, (2021), 113651.
- Briskilal, J. and Subalalitha, C.N. An Ensemble Model For Classifying Idioms and Literal Texts Using BERT and RoBERTa. Information Processing & Management, 59, 1 (2022), 102756.
- Byers, R., Waltermire, D., and Turner, C. National Vulnerability Database (NVD) Metadata Submission Guidelines for Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs). 2020.
- Chen, H., Chiang, R.H.L., and Storey, V.C. Business Intelligence and Analytics: From Big Data to Big Impact. MIS Quarterly, 36, 4 (2012), 11–65.
- Devlin, J., Chang, M.-W.W., Lee, K., and Toutanova, K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv, 2018, 4171–4186. http://arxiv.org/abs/1810.04805.
- Domschot, E., Ramyaa, R., and Smith, M.R. Improving Automated Labeling for ATT&CK Tactics in Malware Threat Reports. Digital Threats: Research and Practice, (2023), 1–16.
- Ebrahimi, M., Chai, Y., Samtani, S., and Chen, H. Cross-lingual Cybersecurity Analytics in the International Dark Web with Adversarial Deep Representation Learning. MIS Quarterly, 46, 2 (2022), 1209–1226.
- Ebrahimi, M., Nunamaker, J.F., and Chen, H. Semi-Supervised Cyber Threat Identification in Dark Net Markets: A Transductive and Deep Learning Approach. Journal of Management Information Systems, 37, 3 (2020), 694–722.
- Feng, Z., Guo, D., Tang, D., Duan, N., Feng, X., Gong, M., Shou, L., Qin, B., Jiang, D., Zhou, M. CodeBERT: A Pre-Trained Model for Programming and Natural Languages. In Findings of the Association for Computational Linguistics: EMNLP 2020. 2020, pp. 1536–1547.
- Gou, J., Yu, B., Maybank, S.J., and Tao, D. Knowledge Distillation: A Survey. International Journal of Computer Vision, 129, 6 (2021), 1789–1819.
- Gregor, S. and Hevner, A.R. Positioning and Presenting Design Science Research for Maximum Impact. MIS Quarterly, 37, 2 (2013), 337–355.
- Grigorescu, O., Nica, A., Dascalu, M., and Rughinis, R. CVE2ATT&CK: BERT-Based Mapping of CVEs to MITRE ATT&CK Techniques. Algorithms, 15, 9 (2022), 314.
- Haque, M.A., Shetty, S., Kamhoua, C.A., and Gold, K. Adversarial Technique Validation & Defense Selection Using Attack Graph & ATT&CK Matrix. In 2023 International Conference on Computing, Networking and Communications (ICNC). 2023, pp. 181–187.
- Hemberg, E., Kelly, J., Shlapentokh-Rothman, M., Reinstadler, B., Xu, K. BRON – Linking Attack Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations. arXiv, 2020. http://arxiv.org/abs/2010.00533.
- Hinton, G., Vinyals, O., and Dean, J. Distilling the Knowledge in a Neural Network. arXiv, 2015, 1–9. http://arxiv.org/abs/1503.02531.
- Huang, L.-K., Huang, J., Rong, Y., Yang, Q., and Wei, Y. Frustratingly Easy Transferability Estimation. In Proceedings of the 39th International Conference on Machine Learning. PMLR, 2022, pp. 9201–9225.
- Huang, Y.-T., Lin, C.Y., Guo, Y.-R., Lo, K.-C., Sun, Y.S., and Chen, M.C. Open Source Intelligence for Malicious Behavior Discovery and Interpretation. IEEE Transactions on Dependable and Secure Computing, 19, 2 (2021), 776–789.
- Jarjoui, S. and Murimi, R. A Framework for Enterprise Cybersecurity Risk Management. In Advances in Cybersecurity Management. 2021, pp. 139–161.
- Jiang, Yu, Zhou, Chen, Feng, and Yan. ConvBERT: Improving BERT with span-based dynamic convolution. Advances in Neural Information Processing Systems, 33, 1 (2020), 12837–12848.
- Jiao, X., Yin, Y., Shang, L., Jiang, X; Chen, X; Li, L; Wang, F; Liu, Q. TinyBERT: Distilling BERT for Natural Language Understanding. In Findings of the Association for Computational Linguistics: EMNLP 2020. 2020, pp. 4163–4417.
- Johnson, J. Average Organizational Cost to a Business in the United States. Statista, 2022. https://www.statista.com/statistics/273575/average-organizational-cost-incurred-by-a-data-breach/.
- Kowsari, K., Jafari Meimandi, K., Heidarysafa, M., Mendu, S., Barnes, L., and Brown, D. Text Classification Algorithms: A Survey. Information. An International Interdisciplinary Journal, 10, 4 (April 2019), 150.
- Kumar, A., Makhija, P., and Gupta, A. Noisy Text Data: Achilles’ Heel of BERT. In Proceedings of the Sixth Workshop on Noisy User-generated Text. 2020, pp. 16–21.
- Kuppa, A., Aouad, L., and Le-Khac, N.-A. Linking CVE’s to MITRE ATT&CK Techniques. In The 16th International Conference on Availability, Reliability and Security. 2021, pp. 1–12.
- Lazarine, B., Samtani, S., Patton, M. Identifying Vulnerable GitHub Repositories and Users in Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach. In IEEE International Conference on Intelligence and Security Informatics. 2020, pp. 1–6.
- Lewis, M., Liu, Y., Goyal, N. BART: Denoising Sequence-to-Sequence Pre-training for Natural Language Generation, Translation, and Comprehension. In Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. 2020, pp. 7871–7880.
- Li, Q., Peng, H., Li, J., Xia, C; Yang, R; Sun, L; Yu, P.S., He, L. A Survey on Text Classification: From Shallow to Deep Learning. arxiv, 2020, 1–21. http://arxiv.org/abs/2008.00364.
- Li, W. and Chen, H. Discovering Emerging Threats in the Hacker Community: A Nonparametric Emerging Topic Detection Framework. MIS Quarterly, 46, 4 (2022).
- Li, W., Chen, H., and Nunamaker, J.F., Jr. Identifying and Profiling Key Sellers in Cyber Carding Community: AZSecure Text Mining System. Journal of Management Information Systems, 33, 4 (2016), 1059–1086.
- Li, W., Leung, A., and Yue, W. Where is IT in Information Security? The Interrelationship among IT Investment, Security Awareness, and Data Breaches. MIS Quarterly, 47, 1 (2023), 317–342.
- Lin, D. MATE: Summarizing Alerts to Interpretable Outcomes with MITRE ATT&CK. In 2022 IEEE International Conference on Big Data. 2022, pp. 4295–4302.
- Liu, C.-W., Huang, P., and Lucas, H.C., Jr. Centralized IT Decision Making And Cybersecurity Breaches: Evidence From U.S. Higher Education Institutions. Journal of Management Information Systems, 37, 3 (2020), 758–787.
- Liu, X., Tan, Y., Xiao, Z., Zhuge, J., and Zhou, R. Not the end of story: An evaluation of ChatGPT-driven vulnerability description mappings. In Findings of the Association for Computational Linguistics, (2023), pp. 3724–3731.
- Liu, Y., Ott, M., Goyal, N., Du, J. RoBERTa: A Robustly Optimized BERT Pretraining Approach. arXiv, 2019. http://arxiv.org/abs/1907.11692.
- Milajerdi, S.M., Gjomemo, R., Eshete, B., Sekar, R., and Venkatakrishnan, V.N. HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows. In 2019 IEEE Symposium on Security and Privacy (SP). 2019, pp. 1137–1152.
- Nehme, A. and George, J.F. Approaching IT Security & Avoiding Threats In The Smart Home Context. Journal of Management Information Systems, 39, 4 (2022), 1184–1214.
- Nguyen, T.T. and Luu, A.T. Improving Neural Cross-Lingual Abstractive Summarization Via Employing Optimal Transport Distance For Knowledge Distillation. Proceedings of the AAAI Conference on Artificial Intelligence, 36, 10 (2022), 11103–11111.
- Nunamaker, J.F., Briggs, R.O., Derrick, D.C., and Schwabe, G. The Last Research Mile: Achieving Both Rigor and Relevance in Information Systems Research. Journal of Management Information Systems, 32, 3 (2015), 10–47.
- Nunamaker, J.F., Chen, M., and Purdin, T.D.M. Systems Development in Information Systems Research. Journal of Management Information Systems, 7, 3 (1990), 89–106.
- Nuñez-Varela, A.S., Pérez-Gonzalez, H.G., Martínez-Perez, F.E., and Soubervielle-Montalvo, C. Source code metrics: A systematic mapping study. The Journal of Systems and Software, 128, (June 2017), 164–197.
- Onumo, A., Ullah-Awan, I., and Cullen, A. Assessing the Moderating Effect of Security Technologies on Employees Compliance with Cybersecurity Control Procedures. ACM Transactions on Management Information Systems, 12, 2 (2021), 1–29.
- Paul, J.A. and Wang, X. Socially Optimal IT Investment for Cybersecurity. Decision Support Systems, 122, (2019), 1–12.
- Peffers, K., Tuunanen, T., Rothenberger, M.A., and Chatterjee, S. A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems, 24, 3 (2007), 45–77.
- Qiu, X.P., Sun, T.X., Xu, Y.G., Shao, Y.F., Dai, N., and Huang, X.J. Pre-trained Models for Natural Language Processing: A Survey. Science China Technological Sciences, 63, 10 (2020), 1872–1897.
- Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., and Sutskever, I. Language Models Are Unsupervised Multitask Learners. OpenAI Blog, 2019.
- Radiya-Dixit, E. and Wang, X. How Fine Can Fine-tuning Be? Learning Efficient Language Models. arXiv, 2020. http://arxiv.org/abs/2004.14129.
- Raffel, C., Shazeer, N., Roberts, A., Lee, K; Narang, S; Matena, M; Zhou, Y; Li, W; Liu, P J. Exploring the Limits of Transfer Learning with a Unified Text-to-text Transformer. Journal of Machine Learning Research: JMLR, 21, 140 (2020), 1–67.
- Ramsdale, A., Shiaeles, S., and Kolokotronis, N. A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages. Electronics, 9, 5 (2020), 824–846.
- Samtani, S., Chai, Y., and Chen, H. Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-based Deep Structured Semantic Model. MIS Quarterly, 46, 2 (2022), 911–946.
- Samtani, S., Chinn, R., Chen, H., and Nunamaker, J.F. Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence. Journal of Management Information Systems, 34, 4 (2017), 1023–1053.
- Samtani, S., Zhu, H., and Chen, H. Proactively Identifying Emerging Hacker Threats from the Dark Web. ACM Transactions on Privacy and Security, 23, 4 (August 2020), 1–33.
- Sen, R., Verma, A., and Heim, G.R. Impact of Cyberattacks by Malicious Hackers on the Competition in Software Markets. Journal of Management Information Systems, 37, 1 (2020), 191–216.
- Strom, B.E., Miller, D.P., Nickels, K.C., Pennington, A.G., and Thomas, C.B. MITRE ATT&CKTM: Design and Philosophy. July (2018).
- Sun, S., Cheng, Y., Gan, Z., and Liu, J. Patient Knowledge Distillation for BERT Model Compression. In Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing. 2019, pp. 4322–4331.
- Tan, C., Sun, F., Kong, T., Zhang, W., Yang, C., and Liu, C. A Survey on Deep Transfer Learning. In Artificial Neural Networks and Machine Learning – ICANN 2018. Springer International Publishing, 2018, pp. 270–279.
- Ullman, S; Samtani, S; Lazarine, B; Zhu, H; Ampel, B; Patton, M; Chen, H. Smart Vulnerability Assessment for Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach. In IEEE International Conference on Intelligence and Security Informatics. 2020, pp. 1–6.
- Wagner, T.D., Mahbub, K., Palomar, E., and Abdallah, A.E. Cyber Threat Intelligence Sharing: Survey and Research Directions. Computers & Security, 87, 11 (2019), 1–13.
- Wang, L. and Yoon, K.-J. Knowledge Distillation and Student-Teacher Learning for Visual Intelligence: A Review and New Outlooks. IEEE Transactions on Pattern Analysis and Machine Intelligence, 44, 6 (2022), 3048–3068.
- Wang, Z., Dai, Z., Póczos, B., and Carbonell, J. Characterizing and avoiding negative transfer. In Conference On Computer Vision And Pattern Recognition, 2019, pp. 11293–11302.
- Williams, R., Samtani, S., Patton, M., and Chen, H. Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study. In IEEE International Conference on Intelligence and Security Informatics. 2018, pp. 94–99.
- Wu, C., Wu, F., and Huang, Y. One Teacher is Enough? Pre-trained Language Model Distillation from Multiple Teachers. In Findings of the Association for Computational Linguistics: ACL-IJCNLP. 2021, pp. 4408–4413.
- Wu, F., Fan, A., Baevski, A., Dauphin, Y.N., and Auli, M. Pay Less Attention with Lightweight and Dynamic Convolutions. arXiv, 2019, 1–14. http://arxiv.org/abs/1901.10430.
- Wu, Z., Liu, Z., Lin, J., Lin, Y., and Han, S. Lite Transformer with Long-Short Range Attention. arXiv, 2020, 1–13. http://arxiv.org/abs/2004.11886.
- Xia, P., Wu, S., and Van Durme, B. Which* BERT? A Survey Organizing Contextualized Encoders. In Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP). 2020, pp. 7516–7533.
- Yim, J., Joo, D., Bae, J., and Kim, J. A Gift from Knowledge Distillation: Fast Optimization, Network Minimization and Transfer Learning. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2017, pp. 4133–4141.
- Yin, H.H.S., Langenheldt, K., Harlev, M., Mukkamala, R.R., and Vatrapu, R. Regulating Cryptocurrencies: A Supervised Machine Learning Approach to De-Anonymizing the Bitcoin Blockchain. Journal of Management Information Systems, 36, 1 (2019), 37–73.
- Yoo, C.W., Goo, J., and Rao, H.R. Is Cybersecurity a Team Sport? A Multilevel Examination of Workgroup Information Security Effectiveness. MIS Quarterly, 44, 2 (2020), 907–931.
- Yuan, F., Shou, L., Pei, J., Lin, W; Gong, M; Fu, Y; Jiang, D. Reinforced Multi-Teacher Selection for Knowledge Distillation. In Proceedings of the AAAI Conference on Artificial Intelligence. 2020, pp. 14284–14291.
- Yue, W.T., Wang, Q.-H., and Hui, K.-L. See No Evil, Hear No Evil? Dissecting the Impact of Online Hacker Forums. MIS Quarterly, 43, 1 (2019), 73–95.
- Zhao, X., Xue, L., and Whinston, A.B. Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements. Journal of Management Information Systems, 30, 1 (2013), 123–152.
- Zhu, C; Ping, W; Xiao, C; Shoeybi, M; Goldstein, T; Anandkumar, A; Catanzaro, B. Long-Short Transformer: Efficient Transformers for Language and Vision. Advances in Neural Information Processing Systems, 34, 1 (2021), 17723–17736.