Using LLMs to Automate Threat Intelligence Analysis Workflows in Security Operation Centers
PeiYu Tseng, ZihDwo Yeh, Xushu Dai, Peng Liu
TL;DR
This paper presents an AI agent leveraging large language models like GPT-4 to automate the analysis of cyber threat intelligence reports, reducing manual effort in Security Operation Centers.
Contribution
It introduces a novel AI agent that automates CTI report analysis in SOCs using LLMs without human intervention, enhancing efficiency.
Findings
The AI agent effectively automates CTI report analysis tasks.
Reduces manual workload for SOC analysts.
Demonstrates potential for integrating LLMs in cybersecurity workflows.
Abstract
SIEM systems are prevalent and play a critical role in a variety of analyst workflows in Security Operation Centers. However, modern SIEMs face a big challenge: they still cannot relieve analysts from the repetitive tasks involved in analyzing CTI (Cyber Threat Intelligence) reports written in natural languages. This project aims to develop an AI agent to replace the labor intensive repetitive tasks involved in analyzing CTI reports. The agent exploits the revolutionary capabilities of LLMs (e.g., GPT-4), but it does not require any human intervention.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Digital and Cyber Forensics · Information and Cyber Security