Day 1
ChatGPT doesn’t cut it
Track:
Ariane
Session complexity:
Time:
11:10
11:35
Cyber threat intelligence (CTI) plays a critical role in sharing knowledge about new and evolving threats among security experts. However, with the increased prevalence and sophistication of threat actors, intelligence has expanded from simple indicators of compromise to extensive reports describing high-level attack steps. This higher-level view makes CTI significantly more valuable, but also harder to interpret and process, requiring time and manual effort from experts.
To assist experts in understanding CTI, several works proposed the adoption of Natural Language Processing (NLP) techniques. However, such application has been rudimentary so far, leading to insufficient, unexplainable, and unreproducible results. In this talk, we explore the recent advances made in NLP, and we identify limitations affecting usage for CTI. Finally, we design a new unified framework that leverages domain-specific semantics to allow experts to automatically detect techniques described in natural text within CTI reports, and map them to the MITRE ATT&CK framework.
To assist experts in understanding CTI, several works proposed the adoption of Natural Language Processing (NLP) techniques. However, such application has been rudimentary so far, leading to insufficient, unexplainable, and unreproducible results. In this talk, we explore the recent advances made in NLP, and we identify limitations affecting usage for CTI. Finally, we design a new unified framework that leverages domain-specific semantics to allow experts to automatically detect techniques described in natural text within CTI reports, and map them to the MITRE ATT&CK framework.
