From Words to Intelligence: Leveraging the Cyber Operation Constraint Principle, Natural Language Understanding, and Association Rules for Cyber Threat Analysis
2023-04-22 | 09:30 – 09:55
This presentation describes a system ingesting natural language threat report using Natural Language Processing to generate a graph-based model using the STIXv2 structured language and a relational database. The natural language expressions are normalized using MITRE structured vocabularies and industry recognized threat actor catalogs. To uncover potentially missing threat report information, we apply the association rule learning Apriori algorithm on a threat report based on the structured knowledge we model.