English
Related papers

Related papers: KnowHow: Automatically Applying High-Level CTI Kno…

200 papers

Cyber attacks are becoming more sophisticated and diverse, making detection increasingly challenging. To combat these attacks, security practitioners actively summarize and exchange their knowledge about attacks across organizations in the…

Cryptography and Security · Computer Science 2022-05-31 Zhenyuan Li , Jun Zeng , Yan Chen , Zhenkai Liang

Organizations are increasingly targeted by Advanced Persistent Threats (APTs), which involve complex, multi-stage tactics and diverse techniques. Cyber Threat Intelligence (CTI) sources, such as incident reports and security blogs, provide…

Cryptography and Security · Computer Science 2025-04-09 Sofia Della Penna , Roberto Natella , Vittorio Orbinato , Lorenzo Parracino , Luciano Pianese

Advanced Persistent Threats (APTs) remain difficult to detect due to their stealthy nature and long-term persistence. To tackle this challenge, provenance-based threat hunting has gained traction as a proactive defense mechanism. This…

Cryptography and Security · Computer Science 2026-03-23 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tiantian Zhu , Tieming Chen

Understanding the attack patterns associated with a cyberattack is crucial for comprehending the attacker's behaviors and implementing the right mitigation measures. However, majority of the information regarding new attacks is typically…

Machine Learning · Computer Science 2024-12-02 Weiqiu You , Youngja Park

Effective Cyber Threat Intelligence (CTI) relies upon accurately structured and semantically enriched information extracted from cybersecurity system logs. However, current methodologies often struggle to identify and interpret malicious…

Cryptography and Security · Computer Science 2026-04-28 Luca Cotti , Anisa Rula , Devis Bianchini , Federico Cerutti

A cyber-attack is a malicious attempt by experienced hackers to breach the target information system. Usually, the cyber-attacks are characterized as hybrid TTPs (Tactics, Techniques, and Procedures) and long-term adversarial behaviors,…

Cryptography and Security · Computer Science 2021-12-17 Mingqi Lv , Chengyu Dong , Tieming Chen , Tiantian Zhu , Qijie Song , Yuan Fan

Provenance-based threat hunting identifies Advanced Persistent Threats (APTs) on endpoints by correlating attack patterns described in Cyber Threat Intelligence (CTI) with provenance graphs derived from system audit logs. A fundamental…

Cryptography and Security · Computer Science 2026-01-01 Xuebo Qiu , Mingqi Lv , Yimei Zhang , Tieming Chen , Tiantian Zhu , Qijie Song , Shouling Ji

This work evaluates the performance of Cyber Threat Intelligence (CTI) extraction methods in identifying attack techniques from threat reports available on the web using the MITRE ATT&CK framework. We analyse four configurations utilising…

Cryptography and Security · Computer Science 2025-05-07 Hoang Cuong Nguyen , Shahroz Tariq , Mohan Baruwal Chhetri , Bao Quoc Vo

Cyber Threat Intelligence (CTI) plays a crucial role in assessing risks and enhancing security for organizations. However, the process of extracting relevant information from unstructured text sources can be expensive and time-consuming.…

Advanced Persistent Threats (APTs) have caused significant losses across a wide range of sectors, including the theft of sensitive data and harm to system integrity. As attack techniques grow increasingly sophisticated and stealthy, the…

Cryptography and Security · Computer Science 2025-03-27 Fei Zuo , Junghwan Rhee , Yung Ryn Choe

Over the last years, threat intelligence sharing has steadily grown, leading cybersecurity professionals to access increasingly larger amounts of heterogeneous data. Among those, cyber attacks' Tactics, Techniques and Procedures (TTPs) have…

Cryptography and Security · Computer Science 2020-04-30 Valentine Legoy , Marco Caselli , Christin Seifert , Andreas Peter

This study introduces an innovative approach to automating Cyber Threat Intelligence (CTI) processes in industrial environments by leveraging Microsoft's AI-powered security technologies. Historically, CTI has heavily relied on manual…

Cryptography and Security · Computer Science 2024-10-29 Shrit Shah , Fatemeh Khoda Parast

Cyber Threat Intelligence (CTI) has emerged as a vital complementary approach that operates in the early phases of the cyber threat lifecycle. CTI involves collecting, processing, and analyzing threat data to provide a more accurate and…

Cryptography and Security · Computer Science 2026-05-25 Samaneh Shafee , Alysson Bessani , Pedro M. Ferreira

Monitoring the threat landscape to be aware of actual or potential attacks is of utmost importance to cybersecurity professionals. Information about cyber threats is typically distributed using natural language reports. Natural language…

Computation and Language · Computer Science 2024-04-12 Lukas Lange , Marc Müller , Ghazaleh Haratinezhad Torbati , Dragan Milchevski , Patrick Grau , Subhash Pujari , Annemarie Friedrich

Textual descriptions in cyber threat intelligence (CTI) reports, such as security articles and news, are rich sources of knowledge about cyber threats, crucial for organizations to stay informed about the rapidly evolving threat landscape.…

Cryptography and Security · Computer Science 2025-04-22 Yutong Cheng , Osama Bajaber , Saimon Amanuel Tsegai , Dawn Song , Peng Gao

Defending from cyberattacks requires practitioners to operate on high-level adversary behavior. Cyberthreat intelligence (CTI) reports on past cyberattack incidents describe the chain of malicious actions with respect to time. To avoid…

Cryptography and Security · Computer Science 2024-01-04 Md Rayhanur Rahman , Brandon Wroblewski , Quinn Matthews , Brantley Morgan , Tim Menzies , Laurie Williams

Advanced persistent threats (APTs) pose significant challenges for organizations, leading to data breaches, financial losses, and reputational damage. Existing provenance-based approaches for APT detection often struggle with high false…

Cryptography and Security · Computer Science 2024-06-11 Yonatan Amaru , Prasanna Wudali , Yuval Elovici , Asaf Shabtai

Cyber Threat Intelligence (CTI) reports are factual records compiled by security analysts through their observations of threat events or their own practical experience with attacks. In order to utilize CTI reports for attack detection,…

Cryptography and Security · Computer Science 2024-10-16 Wenrui Cheng , Tiantian Zhu , Tieming Chen , Qixuan Yuan , Jie Ying , Hongmei Li , Chunlin Xiong , Mingda Li , Mingqi Lv , Yan Chen

Provenance graphs model causal system-level interactions from logs, enabling anomaly detectors to learn normal behavior and detect deviations as attacks. However, existing approaches rely on brittle, manually engineered rules to build…

Cryptography and Security · Computer Science 2026-03-19 Kushankur Ghosh , Mehar Klair , Kian Kyars , Euijin Choo , Jörg Sander

Cyber threat intelligence (CTI) is being used to search for indicators of attacks that might have compromised an enterprise network for a long time without being discovered. To have a more effective analysis, CTI open standards have…

Cryptography and Security · Computer Science 2019-10-02 Sadegh M. Milajerdi , Birhanu Eshete , Rigel Gjomemo , V. N. Venkatakrishnan
‹ Prev 1 2 3 10 Next ›