IntelEX: A LLM-driven Attack-level Threat Intelligence Extraction Framework
- URL: http://arxiv.org/abs/2412.10872v1
- Date: Sat, 14 Dec 2024 15:56:13 GMT
- Title: IntelEX: A LLM-driven Attack-level Threat Intelligence Extraction Framework
- Authors: Ming Xu, Hongtai Wang, Jiahao Liu, Yun Lin, Chenyang Xu Yingshi Liu, Hoon Wei Lim, Jin Song Dong,
- Abstract summary: A common practice is to transform unstructured cyber threat intelligence (CTI) reports into structured intelligence.
This facilitates threat-focused security tasks such as summarizing detection rules or simulating attack scenarios for red team exercises.
- Score: 16.13807499082312
- License:
- Abstract: To combat increasingly sophisticated cyberattacks, a common practice is to transform unstructured cyber threat intelligence (CTI) reports into structured intelligence, facilitating threat-focused security tasks such as summarizing detection rules or simulating attack scenarios for red team exercises.
Related papers
- Intelligent Attacks on Cyber-Physical Systems and Critical Infrastructures [0.0]
This chapter provides an overview of the evolving landscape of attacks in cyber-physical systems and critical infrastructures.
It highlights the possible use of Artificial Intelligence (AI) algorithms to develop intelligent cyberattacks.
arXiv Detail & Related papers (2025-01-22T09:54:58Z) - Towards Type Agnostic Cyber Defense Agents [0.0]
Cyber threats have continued to grow, leading to labor shortages and a skills gap in cybersecurity.
Many cybersecurity product vendors and security organizations have looked to artificial intelligence to shore up their defenses.
This work considers how to characterize attackers and defenders in one approach to the automation of cyber defense.
arXiv Detail & Related papers (2024-12-02T14:32:18Z) - Multi-Agent Actor-Critics in Autonomous Cyber Defense [0.5261718469769447]
Multi-Agent Deep Reinforcement Learning (MADRL) presents a promising approach to enhancing the efficacy and resilience of autonomous cyber operations.
We demonstrate each agent is able to learn quickly and counter act on the threats autonomously using MADRL in simulated cyber-attack scenarios.
arXiv Detail & Related papers (2024-10-11T15:15:09Z) - SEvenLLM: Benchmarking, Eliciting, and Enhancing Abilities of Large Language Models in Cyber Threat Intelligence [27.550484938124193]
This paper introduces a framework to benchmark, elicit, and improve cybersecurity incident analysis and response abilities.
We create a high-quality bilingual instruction corpus by crawling cybersecurity raw text from cybersecurity websites.
The instruction dataset SEvenLLM-Instruct is used to train cybersecurity LLMs with the multi-task learning objective.
arXiv Detail & Related papers (2024-05-06T13:17:43Z) - Looking Beyond IoCs: Automatically Extracting Attack Patterns from
External CTI [3.871148938060281]
LADDER is a framework that can extract text-based attack patterns from cyberthreat intelligence reports at scale.
We present several use cases to demonstrate the application of LADDER in real-world scenarios.
arXiv Detail & Related papers (2022-11-01T12:16:30Z) - Towards Automated Classification of Attackers' TTPs by combining NLP
with ML Techniques [77.34726150561087]
We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research.
Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
arXiv Detail & Related papers (2022-07-18T09:59:21Z) - Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the
Age of AI-NIDS [70.60975663021952]
We study blackbox adversarial attacks on network classifiers.
We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions.
We show that a continual learning approach is required to study attacker-defender dynamics.
arXiv Detail & Related papers (2021-11-23T23:42:16Z) - Automating Privilege Escalation with Deep Reinforcement Learning [71.87228372303453]
In this work, we exemplify the potential threat of malicious actors using deep reinforcement learning to train automated agents.
We present an agent that uses a state-of-the-art reinforcement learning algorithm to perform local privilege escalation.
Our agent is usable for generating realistic attack sensor data for training and evaluating intrusion detection systems.
arXiv Detail & Related papers (2021-10-04T12:20:46Z) - A System for Automated Open-Source Threat Intelligence Gathering and
Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management.
It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z) - A System for Efficiently Hunting for Cyber Threats in Computer Systems
Using Threat Intelligence [78.23170229258162]
We build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI.
ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, and (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors.
arXiv Detail & Related papers (2021-01-17T19:44:09Z) - Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence [94.94833077653998]
ThreatRaptor is a system that facilitates threat hunting in computer systems using open-source Cyber Threat Intelligence (OSCTI)
It extracts structured threat behaviors from unstructured OSCTI text and uses a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities.
Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
arXiv Detail & Related papers (2020-10-26T14:54:01Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.