当前位置:首页 > 报告详情

从数天到数小时:利用人工智能代理加速网络威胁响应.pdf

上传人: 竿*** 编号:982120 2025-11-29 33页 2.04MB

1、#SECTORCA BlackHatEventsFrom Days to Hours:Accelerating Cyber Threat Response with AI AgentsYuval Zacharia#SECTORCA BlackHatEvents$WHOAMI Chess nerd7+years at 8200 Ex-Director of R&D,Security Research&AI Hunters AI AI fanatic Building Building Yuval Zacharia#SECTORCA BlackHatEventsAGENDA Motivation

2、System architectureDEMO!EvaluationThe future#SECTORCA BlackHatEventsWHATS COMING NEXT?Chrome Extension Threat Campaign-(Cyberhaven&more)CVE-2025-30066:tj-actions Supply Chain Attack6M Records Exfiltrated from Oracle Cloud affecting over 140k TenantsCVE-2024-3094:XZ Utils backdoor CVE-2025-1974:Ingre

3、ss NightmareShai Hulud WormChrome Extension Threat Campaign-(Cyberhaven&more)LummApp Threat CampaignSilk Typhoon campaignCVE-2025-31324:SAP Visual ComposerCVE-2025-53770&CVE-2025-53771:ToolShell(SP)#SECTORCA BlackHatEventsTHE THREAT LIFECYCLEFirst DiscoveryPublic Disclosure/Recognition Official Patc

4、h Release/Mitigation GuidanceFull Mitigation?Days7-14 Days80-100 DaysBlack RiskPhaseGrey RiskPhaseWhite RiskPhase#SECTORCA BlackHatEvents“GPT4 was able to correctly exploit one-day vulnerabilities 87%of the time”#SECTORCA BlackHatEvents#SECTORCA BlackHatEvents#SECTORCA BlackHatEventsBusiness Context

5、Threat Identifier AgentThreat Analyst AgentThreat Hunter AgentSocial Social MediaMediaTrendsTrendsNeural/Semantic/KeywordsGet Full ContextPromptPrompttotoSQLSQLFINAL OUTPUTFINAL OUTPUTThreats SummaryQueries&CommsInputInputIdentified ThreatsIdentified ThreatsPrioritized ThreatsPrioritized ThreatsRAGR

6、AGThreat Hunting Threat Hunting QueriesQueriesLLM ClusteringLLM Clustering#SECTORCA BlackHatEvents“Characterizing Social Media Messages About Vulnerabilities:A Case Study of Twitter and Reddit”by Isuru S.Horawalavithana,Anurag K.Suri,et al.First DiscoveryPublic Disclosure/Recognition Official Patch

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **AI加速威胁响应**:利用AI代理从几天到几小时加速网络安全威胁响应。 2. **威胁生命周期**:分为黑、灰、白三个风险阶段,从发现到完全缓解。 3. **AI代理功能**: - **威胁识别代理**:通过业务背景和关键词识别潜在威胁。 - **威胁分析代理**:分析AI识别的威胁和结构化情报源,进行威胁丰富和优先级排序。 - **威胁猎人代理**:从结构化和非结构化源提取IOCs/IOEs/TTPs,生成SQL查询检测相关活动。 4. **技术亮点**: - 使用LLM聚类社交媒体趋势。 - 将OCSF数据模型转换为语义模型,优化LLM上下文,生成准确的SQL查询。 5. **评估方法**:使用黄金数据集评估代理性能,包括威胁识别、语义匹配、查询准确性和总结质量。 6. **未来展望**: - 扩展数据摄取,集成更多数据源。 - 深化SIEM集成,支持多种查询语言和数据模型。 - 执行狩猎查询,验证检测结果,自动调整查询。
"AI加速,威胁响应新篇章?" "AI助力,网络安全效率翻倍?" "AI赋能,威胁猎手进化论?"
客服
商务合作
小程序
服务号
折叠