Ambiguous Techniques
Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …
August 24, 2023
Project Summary
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at solving that problem.
Previous iterations of the Threat Report ATT&CK Mapper (TRAM) focused on creating a data annotation tool and using supervised learning methods to extract and predict TTPs. Our latest project improves the quality of the training data and makes effective use of fine-tuned Large Language Models (LLMs) for model training and predictions. We have improved the speed and accuracy of TTP mappings to meet the demands of defenders.
Problem
The cybersecurity community needs to identify which adversary tactics, techniques, and procedures (TTPs) are found in cyber threat intelligence (CTI) reports. This task of mapping TTPs is difficult, error-prone, and time-consuming.
Solution
Train a Large Language Model on data for the Threat Report ATT&CK Mapping (TRAM) tool to automatically find TTPs.
Impact
CTI analysts will automatically, accurately, and efficiently identify ATT&CK TTPs in CTI reports.
Funding Research Participants
Explore More of Our Work:
Prioritize Known Exploited Vulnerabilities
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.