Leveraging Large Language Models for supporting Cyber Threat Analysis

The efficient and accurate analysis of cyber threat data is crucial in the constantly evolving cybersecurity landscape. However, a major challenge lies in the vast amounts of unstructured, human-readable information that is often used for threat intelligence communication, such as threat reports and news articles. While structured formats like STIX (Structured Threat Information eXpression) enable effective machine-tomachine exchange of threat data, they often lack the contextual information needed by human analysts. This paper proposes a novel framework that leverages Large Language Models (LLMs) to bridge the gap between unstructured text and structured cyber threat intelligence. The key contributions of this work are twofold:
(1) Automating the conversion of unstructured cyber threat data into the standardized STIX format, enabling the efficient incorporation of diverse threat intelligence sources into automated analysis and sharing systems. (2) Generating human-readable reports and insights from structured STIX data, tailored to the needs of different personas within an organization, such as CISOs, security analysts, executives, etc.
... mehr
By combining the power of LLMs with structured threat data formats, the proposed framework improves the efficiency, accessibility, and interpretability of cyber threat intelligence. The evaluation of a prototype implementation demonstrates the accuracy of unstructured-to-structured conversion, the quality of the generated reports, and the positive feedback from users across various roles. This research contributes to the field of cybersecurity by enhancing the flow of critical threat information, streamlining cross-platform communication, and ultimately supporting more effective and informed decision-making in cyber defense.