TL;DR
This paper presents a novel CTI framework leveraging LLMs to extract high-level semantic indicators from disinformation, introduces the FakeCTI dataset linking fake news to threat actors, and evaluates multiple attribution techniques.
Contribution
It introduces a new CTI approach based on semantic indicators, along with the FakeCTI dataset, advancing disinformation campaign tracking beyond traditional low-level artifact analysis.
Findings
LLMs effectively extract structured semantic indicators from fake news.
FakeCTI dataset links disinformation to threat actors systematically.
Semantic-based CTI improves resilience against adversaries' evasion tactics.
Abstract
The swift spread of fake news and disinformation campaigns poses a significant threat to public trust, political stability, and cybersecurity. Traditional Cyber Threat Intelligence (CTI) approaches, which rely on low-level indicators such as domain names and social media handles, are easily evaded by adversaries who frequently modify their online infrastructure. To address these limitations, we introduce a novel CTI framework that focuses on high-level, semantic indicators derived from recurrent narratives and relationships of disinformation campaigns. Our approach extracts structured CTI indicators from unstructured disinformation content, capturing key entities and their contextual dependencies within fake news using Large Language Models (LLMs). We further introduce FakeCTI, the first dataset that systematically links fake news to disinformation campaigns and threat actors. To…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
