Threat Intelligence

Cyber threat intelligence (CTI) focuses on collecting, analyzing, and sharing information about cyber threats to improve cybersecurity defenses. Current research emphasizes automating CTI processes using large language models (LLMs) and knowledge graphs, particularly for tasks like summarization, threat actor attribution, and the extraction of actionable insights from unstructured data. This work is crucial for enhancing the efficiency and effectiveness of cybersecurity practices, enabling faster threat detection and response, and facilitating more informed decision-making in the face of increasingly sophisticated cyberattacks. The development of robust benchmarks and standardized datasets is also a key focus to improve the reliability and comparability of CTI analysis methods.

Papers

November 9, 2024

Web Scale Graph Mining for Cyber Threat Intelligence
Scott Freitas, Amir Gharib
Threat Intelligence

October 28, 2024

CTINEXUS: Leveraging Optimized LLM In-Context Learning for Constructing Cybersecurity Knowledge Graphs Under Data Scarcity
Yutong Cheng, Osama Bajaber, Saimon Amanuel Tsegai, Dawn Song, Peng Gao
Knowledge Graph Data Scarcity Threat Intelligence Relation Prediction LLM in Context

October 26, 2024

AI-Driven Cyber Threat Intelligence Automation
Shrit Shah, Fatemeh Khoda Parast
Threat Intelligence Cyber Threat Threat Landscape AI Based Technology

September 23, 2024

Evaluating the Usability of LLMs in Threat Intelligence Enrichment
Sanchana Srikanth, Mohammad Hasanuzzaman, Farah Tasnur Meem
Large Language Model Important Usability Challenge Threat Intelligence Attack Dataset

August 13, 2024

CTISum: A New Benchmark Dataset For Cyber Threat Intelligence Summarization
Wei Peng, Junmei Ding, Wei Wang, Lei Cui, Wei Cai, Zhiyu Hao, Xiaochun Yun
Benchmark Dataset Threat Intelligence Cybersecurity Domain

August 6, 2024

The Use of Large Language Models (LLM) for Cyber Threat Intelligence (CTI) in Cybercrime Forums
Vanessa Clairoux-Trepanier, Isa-May Beauchamp, Estelle Ruellan, Masarah Paquet-Clouston, Serge-Olivier Paquette, Eric Clay
Large Language Model Medical LLM State of the Art LLM Threat Intelligence Cyber Threat Hacker Forum

August 3, 2024

Towards an ontology of state actors in cyberspace
Giacomo De Colle
Top Level Ontology Threat Intelligence Cybersecurity Domain

July 6, 2024

LLMCloudHunter: Harnessing LLMs for Automated Extraction of Detection Rules from Cloud-Based CTI
Yuval Schwartz, Lavi Benshimol, Dudu Mimran, Yuval Elovici, Asaf Shabtai
Large Language Model Automatic Extraction Threat Intelligence Cloud Based Threat Hunting Adversarial Cloud Detection Rule

June 30, 2024

Actionable Cyber Threat Intelligence using Knowledge Graphs and Large Language Models
Romy Fieblinger, Md Tanvirul Alam, Nidhi Rastogi
Knowledge Graph Threat Intelligence

June 11, 2024

CTIBench: A Benchmark for Evaluating LLMs in Cyber Threat Intelligence
Md Tanvirul Alam, Dipkamal Bhusal, Le Nguyen, Nidhi Rastogi
Large Language Model New Benchmark Threat Intelligence Threat Landscape

May 21, 2024

Generative AI and Large Language Models for Cyber Security: All Insights You Need
Mohamed Amine Ferrag, Fatima Alwahedi, Ammar Battah, Bilel Cherif, Abdechakour Mechri, Norbert Tihanyi
Generative AI Real Time DCU Insight AQ LLM Safety Threat Intelligence Cyber Security Cybersecurity Framework

May 14, 2024

Distributed Threat Intelligence at the Edge Devices: A Large Language Model-Driven Approach
Syed Mhamudul Hasan, Alaa M. Alotaibi, Sajedul Talukder, Abdur R. Shahid
Edge Device Large Language Edge Network Threat Intelligence Threat Detection Model Driven

May 8, 2024

AttacKG+:Boosting Attack Knowledge Graph Construction with Large Language Models
Yongheng Zhang, Tingwen Du, Yunshan Ma, Xiang Wang, Yi Xie, Guozheng Yang, Yuliang Lu, Ee-Chien Chang
Knowledge Graph Threat Intelligence Attack Graph

February 28, 2024

Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation
Dmitrijs Trizna, Luca Demetrio, Battista Biggio, Fabio Roli
Data Augmentation Threat Intelligence Rural Connectivity Attack Framework

February 20, 2024

APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion
Nan Xiao, Bo Lang, Ting Wang, Yikai Chen
Multimodal Phenomenon Feature Fusion Threat Intelligence Attribution Analysis Attack Attribution

January 18, 2024

LOCALINTEL: Generating Organizational Threat Intelligence from Global and Local Cyber Knowledge
Shaswata Mitra, Subash Neupane, Trisha Chakraborty, Sudip Mittal, Aritran Piplai, Manas Gaur, Shahram Rahimi
Knowledge Graph World Event Threat Intelligence Local Network

December 29, 2023

Tensor Networks for Explainable Machine Learning in Cybersecurity
Borja Aizpurua, Samuel Palmer, Roman Orus
Inherent Interpretability Tensor Network Model Interpretability Cybersecurity Perspective Explainable Machine Learning Threat Intelligence Matrix Product State

October 4, 2023

AGIR: Automating Cyber Threat Intelligence Reporting with Natural Language Generation
Filippo Perrina, Francesco Marchiori, Mauro Conti, Nino Vincenzo Verde
Language Generation Report Generation Threat Intelligence

September 6, 2023

CVE-driven Attack Technique Prediction with Semantic Information Extraction and a Domain-specific Language Model
Ehsan Aghaei, Ehab Al-Shaer
Domain Specific Language Model Threat Intelligence Common Vulnerability Semantic Extraction CVE Record

July 14, 2023

Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild
Giuseppe Siracusano, Davide Sanvito, Roberto Gonzalez, Manikantan Srinivasan, Sivakaman Kamatchi, Wataru Takahashi, Masaru Kawakita, Takahiro Kakumaru, Roberto Bifulco
Wild Challenge Time Matter Threat Intelligence Automatic Analysis

Threat Intelligence

Papers

Web Scale Graph Mining for Cyber Threat Intelligence

CTINEXUS: Leveraging Optimized LLM In-Context Learning for Constructing Cybersecurity Knowledge Graphs Under Data Scarcity

AI-Driven Cyber Threat Intelligence Automation

Evaluating the Usability of LLMs in Threat Intelligence Enrichment

CTISum: A New Benchmark Dataset For Cyber Threat Intelligence Summarization

The Use of Large Language Models (LLM) for Cyber Threat Intelligence (CTI) in Cybercrime Forums

Towards an ontology of state actors in cyberspace

LLMCloudHunter: Harnessing LLMs for Automated Extraction of Detection Rules from Cloud-Based CTI

Actionable Cyber Threat Intelligence using Knowledge Graphs and Large Language Models

CTIBench: A Benchmark for Evaluating LLMs in Cyber Threat Intelligence

Generative AI and Large Language Models for Cyber Security: All Insights You Need

Distributed Threat Intelligence at the Edge Devices: A Large Language Model-Driven Approach

AttacKG+:Boosting Attack Knowledge Graph Construction with Large Language Models

Living-off-The-Land Reverse-Shell Detection by Informed Data Augmentation

APT-MMF: An advanced persistent threat actor attribution method based on multimodal and multilevel feature fusion

LOCALINTEL: Generating Organizational Threat Intelligence from Global and Local Cyber Knowledge

Tensor Networks for Explainable Machine Learning in Cybersecurity

AGIR: Automating Cyber Threat Intelligence Reporting with Natural Language Generation

CVE-driven Attack Technique Prediction with Semantic Information Extraction and a Domain-specific Language Model

Time for aCTIon: Automated Analysis of Cyber Threat Intelligence in the Wild