Full Program
Summary:
Cyber Threat Intelligence (CTI) enables organisations and individuals to gather knowledge about the cyber-attack landscape. This work presents a framework CTI-GEN for generating CTI in the Structured Threat Information eXpression (STIX) format from unstructured textual reports. The framework leverages Large Language Models (LLMs) to automate the generation of CTI in STIX. The framework consists of six components each designed to complement and correct the previous ones and uses detailed prompt engineering procedures to guide the model in generating CTI in STIX. To this end the STIX schema was preprocessed to simplify its complex and redundant interdependencies so that to be leveraged it effectively. CTI-GEN achieved an F1-Score of 81\% in generating relevant objects from the text 57\% in the generation of relationships between the objects and importantly a precision of 96\% in the assignment of values to attributes in the CTI objects. This work presents the first approach to generate.Author(s):
Angelos Papoutsis
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Athanasios Dimitriadis
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Dimitris Kavallieros
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Theodora Tsikrika
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Stefanos Vrochidis
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Ioannis Kompatsiaris
Information Technologies Institute, Centre for Research and Technology Hellas (CERTH), Thessaloniki, Greece
Greece
Georgios Meditskos
School of Informatics, AUTH
Greece