LLM4CTI

In the current cyber threat intelligence (CTI) environment, it is difficult and time-consuming for security analysts to verify the quality, confidentiality, and integrity of relevant information. One reason for this is that multiple different sources of information are typically connected to the respective cyber threat intelligence environments in order to provide security analysts with sufficient information for decision-making in the event of a cybersecurity incident. 
Current cyber threat intelligence analyzers are unable to perform adequate automated preliminary assessments of the quality, confidentiality, and integrity of incoming data, correctly identify duplicate entries, evaluate the trustworthiness of sources, and generate meaningful situation reports. The security analyst must manually evaluate all information in order to determine the appropriate next steps in the event of a potential incident. In this exploratory study, we want to explore the potential of automated techniques based on large language models (LLM) to relieve the burden on security analysts and enable them to respond to cybersecurity incidents more quickly and in a more targeted manner. The aim is to investigate whether situation reports and preliminary assessments of the quality, confidentiality, and integrity of source information can be generated with sufficient reliability. The possibility of early detection of anomalies will also be investigated.
In order to take digital sovereignty into account, open source tools will primarily be used in the investigation.