MAS-CTI : Machine Learning Assisted System for Cyber Threat Intelligence

• Cyber Threat Intelligence (CTI) is a critical component of modern cybersecurity, providing organizations with essential information to detect, prevent, and respond to cyber threats. However, CTI data is often non-uniform, incomplete, and inconsistent, making it challenging to analyze and manage effectively. Machine Learning (ML) models offer a powerful solution to overcome these challenges, providing advanced tools for data processing, sharing, and analysis. In this paper, we present MAS-CTI, an extended version of the popular CTI platform MISP, leveraging the power of ML for CTI processing. In particular, we address three key challenges in the CTI domain: event type identification, threat ranking, and IoC correlation. Additionally, to address concerns regarding IoC confidentiality, we explore the application of Federated Learning (FL) for event identification. We have conducted extensive testing of the models on three public CTI datasets, and the results obtained demonstrate the potential of ML models to enhance CTI processing and analysis, with only a few exceptions. 

Subject headings

TEKNIK OCH TEKNOLOGIER  -- Elektroteknik och elektronik (hsv//swe)

ENGINEERING AND TECHNOLOGY  -- Electrical Engineering, Electronic Engineering, Information Engineering (hsv//eng)

Keyword

Machine Learning

Cyber Threat Intelligence

Federated Learning

Learning to Rank

MISP

Publication and Content Type

vet (subject category)

ovr (subject category)