par Gautam, Biplab 
Promoteur Dricot, Jean-Michel
;Sanvito, Davide DS
Publication Non publié, 2024-09-03
Promoteur Dricot, Jean-Michel
;Sanvito, Davide DSPublication Non publié, 2024-09-03
Mémoire
| Résumé : | The integration of Cyber Threat Intelligence (CTI) into an organization's cyber defense enables the prevention, identification, and response to emerging threats. Effective integration requires CTI information to follow a well-defined format and taxonomy, i.e., structured CTI. However, new threat intelligence is often shared in the form of unstructured texts, such as CTI reports, blogs, and articles. Manually converting this information into structured formats is time-consuming and error-prone. Large Language Models (LLMs) have demonstrated excellent capabilities not only in natural language text generation but also in text comprehension and reasoning. In this thesis, we address three CTI extraction tasks from CTI documents: state actor extraction, incident type classification, and attack pattern extraction leveraging these capabilities of LLMs. Through experiments with multiple LLMs and various prompting strategies, we demonstrate that LLMs perform impressively in these tasks. Notably, by applying ensembling and self-verification techniques, our attack pattern extraction system outperforms current state-of-the-art systems, achieving a 9% higher f1-score. These automated solutions significantly reduce the time and resources required for CTI extraction, providing an adaptable approach that can evolve with advancements in LLMs. |
