【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 2704次   下载 1487 本文二维码信息
码上扫一扫!
面向威胁情报的大语言模型技术应用综述
崔孟娇,姜政伟,陈奕任,江钧,张开,凌志婷,封化民,杨沛安
分享到: 微信 更多
(中国科学院信息工程研究所 北京 中国 100093;中国科学院大学网络空间安全学院 北京 中国 100049;中国科学院大学网络空间安全学院 北京 中国 100049;北京电子科技学院 北京 中国 100070)
摘要:
随着计算机与网络技术的不断发展,网络空间面临着日益复杂的安全威胁。为了有效防御网络攻击,网络威胁情报应运而生。然而当前网络威胁如零日漏洞、高级可持续性威胁(Advanced Persistent Threat,APT)等,具有形式复杂、针对性强、危害性高、隐蔽性强,时间跨度长等特征,传统的威胁情报技术难以有效应对。近年来,大语言模型(Large Language Models,LLM)的兴起不仅降低了攻击成本,还促进了网络攻击技术的普及化。因此,本文旨在通过探讨大语言模型在威胁情报领域的技术应用现状,利用大语言模型的潜能提高对威胁情报聚合,分析及应用的能力,从而更为精准地识别、分析和应对网络威胁。本文首先概述了网络威胁情报背景知识,接着介绍大语言模型的概念、发展历程和研究现状,以发掘大语言模型在威胁情报领域应用的可能。然后深入分析了威胁情报与大语言模型结合的相关文献,围绕威胁情报生命周期系统地梳理了大语言模型在增强威胁情报聚合、驱动威胁情报分析以及赋能威胁情报应用方面的成果,并从技术应用场景和主要方法等角度对其进行分类归纳。此外,针对这三个方面分别总结了研究现状、技术特点和潜在发展方向。最后本文讨论了大语言模型应用于威胁情报和网络安全领域所面临的挑战,并给出了未来研究方向,进一步推动网络威胁情报的发展。
关键词:  网络威胁情报  大语言模型  情报聚合  情报分析  情报应用
DOI:10.19363/J.cnki.cn10-1380/tn.2024.09.09
投稿时间:2024-01-16修订日期:2024-04-08
基金项目:本课题得到中科院战略先导项目课题(No.XDC02030200),国家自然科学基金(No.62202466),中国科学院青年创新促进会(No.2020166),中科院网络测评实验室、北京市网络安全防护技术重点实验室资助。
Applications of Large Language Models Technology for Threat Intelligence: A Survey
CUI Mengjiao,JIANG Zhengwei,CHEN Yiren,JIANG Jun,ZHANG Kai,LING Zhiting,FENG Huamin,YANG Peian
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Beijing Electronic Science & Technology Institute, Beijing 100070, China
Abstract:
With the continuous development of computer and network technology, cyberspace faces increasingly complex security threats. To effectively defend against cyber attacks, cyber threat intelligence has emerged. However, the current network threats such as zero-day vulnerability and Advanced Persistent Threat (APT) are characterized by their complex form, strong targeting, high harm, high covert, and long time span, which are difficult to be effectively dealt with by the traditional threat intelligence technology. In recent years, the rise of Large Language Models (LLM) has not only reduced the costs of attacks but also facilitated the widespread adoption of cyber attack techniques. Therefore, the goal of this article aims to explore the current state of technology application of LLM in the field of threat intelligence and to utilize the potential of LLM to improve the ability to aggregate, analyze, and apply threat intelligence, so as to identify, analyze, and respond to cyber threats more accurately. This paper first outlines the background knowledge of cyber threat intelligence and then introduces the concept, development history, and research status of large language models to explore the possibility of applying large language models in the field of threat intelligence. Then, we analyze in-depth the relevant literature on the combination of threat intelligence and large language model. Around the threat intelligence life cycle, we systematically combine the results of the large language model in enhancing threat intelligence aggregation, driving threat intelligence analysis, and empowering threat intelligence application, and categorize them from the perspectives of technical application scenarios and main methods. In addition, the research status, technical characteristics and potential development directions are summarized for each of these three aspects. Finally, this paper discusses the challenges faced by the application of large language models to threat intelligence and cyber security and gives future research directions to further promote the development of cyber threat intelligence.
Key words:  cyber threat intelligence  intelligence aggregation  intelligence analysis  intelligence application