Large Language Models for Cyber Threat Intelligence
In current Cyber Threat Intelligence (CTI) environments, it is difficult and time-consuming for a security analyst to check the quality, confidentiality and integrity of relevant information.
One of the reasons for this is that several different sources of information are usually connected to the respective cyber threat intelligence environments in order to provide a security analyst with sufficient information for decision-making in the event of a cyber security incident.
Current cyber threat intelligence analyzers do not have the ability to make adequate automatic preliminary assessments of the quality, confidentiality and integrity of the incoming data, correctly identify multiple entries, evaluate the trustworthiness of the sources and generate meaningful summaries of the situation. The security analyst must manually evaluate all information in order to derive the appropriate next steps in the event of a potential incident.
In this exploratory project, we want to investigate the potential of automated techniques based on Large Language Models (LLM) to reduce the workload of security analysts and enable a faster and more targeted response to cybersecurity incidents. The goal is to investigate whether automated preliminary summaries and assessments of the quality, confidentiality, and integrity of source information can be generated with sufficient reliability. The possibility of pre-detection of anomalies will also be investigated.
In order to take account of digital sovereignty, the investigation will primarily employ open source tools.
Goals:
- Strengthen cybersecurity in Austria by preparing for disruptive technologies and building the knowledge and skills to drive them forward.
- Explore the potential of LLMs in CTI to prepare and position the consortium for high impact research and development projects (national and international).
- Prepare novel solutions to support and promote the implementation of upcoming EU regulations such as NIS2 and CRA.
- Focus on open source LLM and CTI solutions to provide affordable options to enhance security and resilience, thereby contributing to EU technological sovereignty.
Role and task for SBA Research:
SBA Research takes over the project management, for research SBA defines, analysis and checks the adaptivity and training for LLMs and many tasks more.
Project Lead: SBA Research gGmbH
Scientific Partners:
AIT
Condignum
cyan Security Group GmbH