ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management
read the original abstract
Open-source cyber threat intelligence (OSCTI) has become essential for keeping up with the rapidly changing threat landscape. However, current OSCTI gathering and management solutions mainly focus on structured Indicators of Compromise (IOC) feeds, which are low-level and isolated, providing only a narrow view of potential threats. Meanwhile, the extensive and interconnected knowledge found in the unstructured text of numerous OSCTI reports (e.g., security articles, threat reports) available publicly is still largely underexplored. To bridge the gap, we propose ThreatKG, an automated system for OSCTI gathering and management. ThreatKG efficiently collects a large number of OSCTI reports from multiple sources, leverages specialized AI-based techniques to extract high-quality knowledge about various threat entities and their relationships, and constructs and continuously updates a threat knowledge graph by integrating new OSCTI data. ThreatKG features a modular and extensible design, allowing for the addition of components to accommodate diverse OSCTI report structures and knowledge types. Our extensive evaluations demonstrate ThreatKG's practical effectiveness in enhancing threat knowledge gathering and management.
This paper has not been read by Pith yet.
Forward citations
Cited by 3 Pith papers
-
GRID: Graph Representation of Intelligence Data for Security Text Knowledge Graph Construction
GRID trains Qwen-based 4B models on a task-bank reward system of multi-select questions and regex targets to extract security KGs from CTI text, reporting 84.62% precision and 64.91% recall on 249 articles from five sources.
-
CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors
Constructs a CVE-TTP knowledge graph using transformer models to link vulnerabilities to attack behaviors, reporting F1 scores of 87.71% for techniques and 96.16% for tactics on a new annotated dataset.
-
Can social media shape the security of next-generation connected vehicles?
SOCMATI is a proposed social-media threat-intelligence framework for automotive cybersecurity, illustrated with four use cases.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.