TIPS: Threat Actor Informed Prioritization of Applications using SecEncoder

TL;DR

TIPS combines the strengths of both encoder and decoder language models to detect and prioritize compromised applications by integrating threat actor intelligence, which enhances the accuracy and relevance of its detections.

Abstract

This paper introduces TIPS: Threat Actor Informed Prioritization using SecEncoder, a specialized language model for security. TIPS combines the strengths of both encoder and decoder language models to detect and prioritize compromised applications. By integrating threat actor intelligence, TIPS enhances the accuracy and relevance of its detections. Extensive experiments with a real-world benchmark dataset of applications demonstrate TIPS's high efficacy, achieving an F-1 score of 0.90 in identifying malicious applications. Additionally, in real-world scenarios, TIPS significantly reduces the backlog of investigations for security analysts by 87%, thereby streamlining the threat response process and improving overall security posture.

Figures (10)

• Figure 1: Steps to compromise an application.
• Figure 2: TIPS architecture, consisting of multiple components.
• Figure 3: Sign-in counts. Each bar represents one application. Y axis in logarithmic scale.
• Figure 4: Comparison of TIPS$_{General}$ and TIPS$_{Focused}$ using F-1 score.
• Figure 5: Comparison of precision and recall for TIPS$_{General}$ for malicious apps.