计算机工程与应用2024,Vol.60Issue(13):1-22,22.DOI:10.3778/j.issn.1002-8331.2309-0489
网络威胁技战术情报自动化识别提取研究综述
Survey on Automated Recognition and Extraction of TTPs
摘要
Abstract
In the ever-evolving landscape of cyber threats,tactics,techniques and procedures(TTPs)play a crucial role in understanding malicious activities,providing a fine-grained perspective on the status of cybersecurity,and comprehensively illustrating cyber attack behaviors.Despite significant research efforts in the field of automated identification and extrac-tion of TTPs,a comprehensive systematic review is currently lacking.This paper presents an in-depth analysis of the prog-ress in this area by employing three principal approaches:traditional natural language processing,machine learning,and large language models.The study categorizes the tasks into information extraction,text classification,and text generation,and presents a summary of the general framework for identification and extraction processes.It offers a clear scope of unstructured text and TTPs,while refining the processing and analysis procedures,as well as innovative directions for each approaches.Moreover,building upon existing research,the paper identifies current challenges and proposes future research directions and development opportunities.This comprehensive survey serves as a valuable literature review to support readers in applying advanced technologies and methods for advancing research in this field.关键词
网络威胁情报/网络威胁技战术情报(TTPs)/深度学习/大语言模型/自然语言处理Key words
cyber threat intelligence(CTI)/tactics,techniques and procedures(TTPs)/deep learning/large language models(LLMs)/natural language processing(NLP)分类
信息技术与安全科学引用本文复制引用
于丰瑞..网络威胁技战术情报自动化识别提取研究综述[J].计算机工程与应用,2024,60(13):1-22,22.基金项目
中国人民公安大学网络空间安全执法技术双一流创新研究专项(2023SYL07) (2023SYL07)
内蒙古警察职业学院重点科研项目(NMJY2022-LX-ZD007). (NMJY2022-LX-ZD007)
