当前位置:首页 > 报告详情

增强现代威胁情报:大型语言模型在提取可操作的TTP攻击链中的关键作用.pdf

上传人: 竿*** 编号:981827 2025-11-29 37页 3.84MB

1、#BHAS BlackHatEventsEnhancing Modern Threat IntelligenceThe Pivotal Role of Large Language Models in Extracting Actionable TTP Attack ChainsJack Tang,Lorin Wu,Porot Mo#BHAS BlackHatEventsAbout Us Jack TangJack,the team leader,has over 15 years of expertise in the security industry and is presently f

2、ocusing on the use of MITRE ATT&CK in security operations and threat intelligence.He is knowledgeable on kernel and virtualization vulnerability research for Android,Mac,and Windows.He ranked Top 16 on the MSRC in 2016 and Top 34 in 2015.In 2016,he was awarded the Microsoft Mitigation Bypass Bounty.

3、Jack has lectured at security conferences such as CanSecWest,Black Hat,HITCon,and PacSec.Lorin WuBuilding an offensive and defensive knowledge graph for cyber security is what Lorin is currently working on.He spent many years working at Trend Micro,where he concentrated on the creation of heuristic

4、patterns and mobile sandbox technologies.During this period,he identified various international cyber security operations that were reported to INTERPOL and Google Security Team.Porot MoPorot received a masters degree from the University of Chinese Academy of Sciences after graduating from the Unive

5、rsity of Scienceand Technology of China.He is currently devoted to the study of offensive and defensive technologies and has three years of expertise in sandbox development.#BHAS BlackHatEventsAgenda Background Solution IntroductionKey Modules&Architecture Overview Solution Implementation&ResultsTTP

6、 Extraction Evolution(Three Ages)&KGRAG-Based TTP ExtractionKGRAG-Based TTP Attack Chain EnrichmentRAG-Based TTP Actionable Conversion Takeaways#BHAS BlackHatEventsBackground Understanding TTP:Tactics,Techniques,and Procedures The Significance of TTP Extraction and Actionable Conversion The Challeng

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Enhancing Modern Threat Intelligence》文章,主要内容如下: 1. **TTP提取的重要性**:TTP(战术、技术和程序)是网络安全分析的关键,有助于防御升级和威胁狩猎。 2. **TTP提取的挑战**:传统方法存在主观描述、缺乏上下文和依赖人工分析等问题。 3. **解决方案**:文章提出了一种基于KGRAG(知识图谱增强的TTP提取)和RAG(检索增强生成)的方法,以提高TTP提取的准确性和可操作性。 4. **TTP提取演变**:从传统机器学习到预训练模型,再到大型语言模型(LLM),TTP提取技术不断进步。 5. **KGRAG应用**:通过知识图谱和LLM,KGRAG能够更准确地提取和丰富TTP攻击链。 6. **RAG应用**:RAG将结构化的TTP转换为可操作的信息,如Metasploit模块和命令。 7. **结果**:实验表明,KGRAG和RAG方法在TTP提取和转换方面均取得了显著成效。
AI如何助力安全防御?" TTP自动化转换揭秘" 构建高效威胁情报体系"
客服
商务合作
小程序
服务号
折叠