English
Related papers

Related papers: AttacKG: Constructing Technique Knowledge Graph fr…

200 papers

Organizations are increasingly targeted by Advanced Persistent Threats (APTs), which involve complex, multi-stage tactics and diverse techniques. Cyber Threat Intelligence (CTI) sources, such as incident reports and security blogs, provide…

Cryptography and Security · Computer Science 2025-04-09 Sofia Della Penna , Roberto Natella , Vittorio Orbinato , Lorenzo Parracino , Luciano Pianese

Monitoring the threat landscape to be aware of actual or potential attacks is of utmost importance to cybersecurity professionals. Information about cyber threats is typically distributed using natural language reports. Natural language…

Computation and Language · Computer Science 2024-04-12 Lukas Lange , Marc Müller , Ghazaleh Haratinezhad Torbati , Dragan Milchevski , Patrick Grau , Subhash Pujari , Annemarie Friedrich

System logs represent a valuable source of Cyber Threat Intelligence (CTI), capturing attacker behaviors, exploited vulnerabilities, and traces of malicious activity. Yet their utility is often limited by lack of structure, semantic…

Artificial Intelligence · Computer Science 2026-04-28 Luca Cotti , Idilio Drago , Anisa Rula , Devis Bianchini , Federico Cerutti

The objectives of cyberattacks are becoming sophisticated, and attackers are concealing their identity by masquerading as other attackers. Cyber threat intelligence (CTI) is gaining attention as a way to collect meaningful knowledge to…

Cryptography and Security · Computer Science 2019-10-08 Daegeon Kim , Huy Kang Kim

Cyber Threat Intelligence (CTI) reporting is pivotal in contemporary risk management strategies. As the volume of CTI reports continues to surge, the demand for automated tools to streamline report generation becomes increasingly apparent.…

Cryptography and Security · Computer Science 2023-10-05 Filippo Perrina , Francesco Marchiori , Mauro Conti , Nino Vincenzo Verde

Cyber Threat Intelligence (CTI) reports document observations of cyber threats, synthesizing evidence about adversaries' actions and intent into actionable knowledge that informs detection, response, and defense planning. However, the…

Cryptography and Security · Computer Science 2026-03-04 Haokai Ma , Javier Yong , Yunshan Ma , Kuei Chen , Anis Yusof , Zhenkai Liang , Ee-Chien Chang

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs (CKGs) relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly…

Cryptography and Security · Computer Science 2026-02-13 Zijing Xu , Ziwei Ning , Tiancheng Hu , Jianwei Zhuge , Yangyang Wang , Jiahao Cao , Mingwei Xu

Due to the variety of cyber-attacks or threats, the cybersecurity community enhances the traditional security control mechanisms to an advanced level so that automated tools can encounter potential security threats. Very recently, Cyber…

Machine Learning · Computer Science 2022-11-15 Md Imran Hossen , Ashraful Islam , Farzana Anowar , Eshtiak Ahmed , Mohammad Masudur Rahman , Xiali , Hei

Effective Cyber Threat Intelligence (CTI) relies upon accurately structured and semantically enriched information extracted from cybersecurity system logs. However, current methodologies often struggle to identify and interpret malicious…

Cryptography and Security · Computer Science 2026-04-28 Luca Cotti , Anisa Rula , Devis Bianchini , Federico Cerutti

Understanding the modus operandi of adversaries aids organizations in employing efficient defensive strategies and sharing intelligence in the community. This knowledge is often present in unstructured natural language text within threat…

Cryptography and Security · Computer Science 2024-09-24 Nanda Rani , Bikash Saha , Vikas Maurya , Sandeep Kumar Shukla

Efficient defense against dynamically evolving advanced persistent threats (APT) requires the structured threat intelligence feeds, such as techniques used. However, existing threat-intelligence extraction techniques predominantly focuses…

Cryptography and Security · Computer Science 2025-12-23 Ming Xu , Hongtai Wang , Jiahao Liu , Xinfeng Li , Zhengmin Yu , Weili Han , Hoon Wei Lim , Jin Song Dong , Jiaheng Zhang

Cybersecurity researchers have contributed to the automated extraction of CTI from textual sources, such as threat reports and online articles, where cyberattack strategies, procedures, and tools are described. The goal of this article is…

Cryptography and Security · Computer Science 2024-01-04 Md Rayhanur Rahman , Rezvan Mahdavi-Hezaveh , Laurie Williams

Provenance-based threat hunting identifies Advanced Persistent Threats (APTs) on endpoints by correlating attack patterns described in Cyber Threat Intelligence (CTI) with provenance graphs derived from system audit logs. A fundamental…

Cryptography and Security · Computer Science 2026-01-01 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tieming Chen , Tiantian Zhu , Qijie Song , Shouling Ji

In recent years, the cyber threat intelligence (CTI) community has invested significant effort in building knowledge bases that catalog threat groups. These knowledge bases associate each threat group with its observed behaviors, including…

Cryptography and Security · Computer Science 2026-01-08 Aakanksha Saha , Martina Lindorfer , Juan Caballero

Cyber threat hunting is a proactive search process for hidden threats in the organization's information system. It is a crucial component of active defense against advanced persistent threats (APTs). However, most of the current threat…

Cryptography and Security · Computer Science 2022-08-19 Jiawei Li , Ru Zhang , Jianyi Liu , Gongshen Liu

Cyber Threat Intelligence (CTI) is information describing threat vectors, vulnerabilities, and attacks and is often used as training data for AI-based cyber defense systems such as Cybersecurity Knowledge Graphs (CKG). There is a strong…

Computation and Language · Computer Science 2022-08-04 Casey Hanks , Michael Maiden , Priyanka Ranade , Tim Finin , Anupam Joshi

Cyber threat intelligence (CTI) encoded in STIX and structured according to the MITRE ATT&CK framework has become a global reference for describing adversary behavior. However, ATT&CK was designed as a descriptive knowledge base rather than…

Cryptography and Security · Computer Science 2026-05-08 Ágney Lopes Roth Ferraz , Sidnei Barbieri , Murray Evangelista de Souza , Lourenço Alves Pereira Júnior

A cyber-attack is a malicious attempt by experienced hackers to breach the target information system. Usually, the cyber-attacks are characterized as hybrid TTPs (Tactics, Techniques, and Procedures) and long-term adversarial behaviors,…

Cryptography and Security · Computer Science 2021-12-17 Mingqi Lv , Chengyu Dong , Tieming Chen , Tiantian Zhu , Qijie Song , Yuan Fan

Cyber Threat Intelligence (CTI) enables organizations to anticipate, detect, and mitigate evolving cyber threats. Its effectiveness depends on high-quality datasets, which support model development, training, evaluation, and benchmarking.…

Cryptography and Security · Computer Science 2025-09-26 Dincy R. Arikkat , Sneha B. T. , Serena Nicolazzo , Antonino Nocera , Vinod P. , Rafidha Rehiman K. A. , Karthika R

Today, human security analysts collapse under the sheer volume of alerts they have to triage during investigations. The inability to cope with this load, coupled with a high false positive rate of alerts, creates alert fatigue. This results…

Cryptography and Security · Computer Science 2021-03-29 Florian Wilkens , Felix Ortmann , Steffen Haas , Matthias Vallentin , Mathias Fischer