Amplifying Threat Intelligence via Generative AI-Driven Aggregation and Enrichment
In the ever-evolving landscape of cybersecurity threats, the rapid and accurate aggregation and enrichment of threat intelligence is of fundamental importance for organizations seeking to safeguard their digital assets. This presentation provides a novel approach leveraging Generative AI, specifically the GPT model, to revolutionize the process of threat intelligence aggregation and enrichment.
Traditional methods of sifting through an overwhelming volume of threat bulletins, articles, and reports can be time-consuming and error-prone. Our proposed system harnesses the power of Generative AI to automate and enhance this process. By utilizing GPT’s natural language understanding capabilities, our system can intelligently summarize complex threat narratives, extracting key elements like malware names and threat actor identities, while concurrently enriching associated Indicators of Compromise (IOCs) with these critical components.
The core of our approach lies in the ability of GPT to comprehend contextual information and extract relevant insights from disparate textual sources. Through a combination of supervised and fine-tuned learning, our model has been trained to identify and categorize crucial threat intelligence elements accurately. This not only accelerates the analysis process but also reduces the chances of overlooking critical information.
In this presentation, we will discuss the architecture of our AI-driven threat intelligence system, highlighting the pivotal factors that culminate in achieving optimal performance. We will also present real-world case studies to demonstrate the efficacy of our generative AI-driven approach.
Dr. Jason Zhang
Jason Zhang is the Director of Cyber Intelligence at Anomali. As a highly motivated cyber threat researcher and a proven product and technology pioneer, Jason has a wealth of experience in technology and product R&D. Prior to joining Anomali, Jason worked at VMware, Lastline, Sophos, Symantec and MessageLabs, specialising in cutting-edge research and automation in threat detection and intelligence analysis. Jason is a regular speaker at leading technical conferences including Black Hat, Virus Bulletin and InfoSec. Jason earned his Ph.D. in signal processing from King’s College London & Cardiff University in the UK.
Mr. Kyle Campbell
Kyle Campbell is an Intelligence Engineer at Anomali, where he has been employed for the past year. Kyle is responsible for feed creation and ingestion of OSINT and premium data, ensuring quality across the entire intelligence lifecycle in addition to utilizing analytics to understand and improve upon trends and gaps in intelligence coverage. Kyle holds a bachelor’s degree in Digital Security and Forensics and is Mitre Att&ck Defender (MAD) certified.