网络威胁技战术情报自动化识别提取研究综述OA北大核心CSTPCD

In the ever-evolving landscape of cyber threats,tactics,techniques and procedures(TTPs)play a crucial role in understanding malicious activities,providing a fine-grained perspective on the status of cybersecurity,and comprehensively illustrating cyber attack behaviors.Despite significant research efforts in the field of automated identification and extrac-tion of TTPs,a comprehensive systematic review is currently lacking.This paper presents an in-depth analysis of the prog-ress in this area by employing three principal approaches:traditional natural language processing,machine learning,and large language models.The study categorizes the tasks into information extraction,text classification,and text generation,and presents a summary of the general framework for identification and extraction processes.It offers a clear scope of unstructured text and TTPs,while refining the processing and analysis procedures,as well as innovative directions for each approaches.Moreover,building upon existing research,the paper identifies current challenges and proposes future research directions and development opportunities.This comprehensive survey serves as a valuable literature review to support readers in applying advanced technologies and methods for advancing research in this field.