OPUS


Volltext-Downloads (blau) und Frontdoor-Views (grau)

Actionable Cyber Threat Intelligence using Knowledge Graphs and Large Language Models

  • Cyber threats are constantly evolving, making the automated extraction of actionable insights from unstructured cyber threat intelligence (CTI) data essential for guiding cybersecurity decisions. Leading organizations such as Microsoft, Trend Micro, and CrowdStrike are increasingly using generative artificial intelligence to facilitate CTI extraction. This master thesis addresses the challenge of automating the extraction of actionable CTI using advancements in large language models (LLMs) and knowledge graphs (KGs). The exploration involves the application of state-of-the-art open-source LLMs, including the Llama 2 series, Mistral 7B Instruct, and Zephyr, for extracting meaningful triples from CTI texts. The methodology evaluates various techniques, such as prompt engineering, the guidance framework, and fine-tuning, to optimize information extraction and structuring. The extracted data is then utilized to construct a KG, offering a structured and queryable representation of threat intelligence. Experimental results demonstrate the effectiveness of this approach in extracting relevant information, with guidance and fine-tuning showing superior performance over prompt engineering. However, while these methods prove effective in small-scale tests, applying LLMs to large-scale data for KG construction and link prediction presents ongoing challenges.

Download full text files

Export metadata

Additional Services

Search Google Scholar

Statistics

frontdoor_oas
Metadaten
Author:Romy Fieblinger
Advisor:Andreas Ittner, Nidhi Rastogi
Document Type:Master's Thesis
Language:English
Date of Publication (online):2024/09/11
Year of first Publication:2024
Publishing Institution:Hochschule Mittweida
Granting Institution:Hochschule Mittweida
Date of final exam:2024/05/24
Release Date:2024/09/11
GND Keyword:Computerkriminalität; Künstliche Intelligenz; Maschinelles Lernen
Page Number:53
Institutes:Angewandte Computer‐ und Bio­wissen­schaften
DDC classes:006.31 Maschinelles Lernen
Open Access:Frei zugänglich