Actionable Cyber Threat Intelligence using Knowledge Graphs and Large Language Models
- Cyber threats are constantly evolving, making the automated extraction of actionable insights from unstructured cyber threat intelligence (CTI) data essential for guiding cybersecurity decisions. Leading organizations such as Microsoft, Trend Micro, and CrowdStrike are increasingly using generative artificial intelligence to facilitate CTI extraction. This master thesis addresses the challenge of automating the extraction of actionable CTI using advancements in large language models (LLMs) and knowledge graphs (KGs). The exploration involves the application of state-of-the-art open-source LLMs, including the Llama 2 series, Mistral 7B Instruct, and Zephyr, for extracting meaningful triples from CTI texts. The methodology evaluates various techniques, such as prompt engineering, the guidance framework, and fine-tuning, to optimize information extraction and structuring. The extracted data is then utilized to construct a KG, offering a structured and queryable representation of threat intelligence. Experimental results demonstrate the effectiveness of this approach in extracting relevant information, with guidance and fine-tuning showing superior performance over prompt engineering. However, while these methods prove effective in small-scale tests, applying LLMs to large-scale data for KG construction and link prediction presents ongoing challenges.
Author: | Romy Fieblinger |
---|---|
Advisor: | Andreas Ittner, Nidhi Rastogi |
Document Type: | Master's Thesis |
Language: | English |
Date of Publication (online): | 2024/09/11 |
Year of first Publication: | 2024 |
Publishing Institution: | Hochschule Mittweida |
Granting Institution: | Hochschule Mittweida |
Date of final exam: | 2024/05/24 |
Release Date: | 2024/09/11 |
GND Keyword: | Computerkriminalität; Künstliche Intelligenz; Maschinelles Lernen |
Page Number: | 53 |
Institutes: | Angewandte Computer‐ und Biowissenschaften |
DDC classes: | 006.31 Maschinelles Lernen |
Open Access: | Frei zugänglich |