Salvato in:
Dettagli Bibliografici
Autori principali: Ahmadou, Faissal, Ghaffarzadegan, Sepehr, Nour, Boubakr, Pourzandi, Makan, Debbabi, Mourad, Assi, Chadi
Natura: Preprint
Pubblicazione: 2025
Soggetti:
Accesso online:https://arxiv.org/abs/2507.07244
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866912473592889344
author Ahmadou, Faissal
Ghaffarzadegan, Sepehr
Nour, Boubakr
Pourzandi, Makan
Debbabi, Mourad
Assi, Chadi
author_facet Ahmadou, Faissal
Ghaffarzadegan, Sepehr
Nour, Boubakr
Pourzandi, Makan
Debbabi, Mourad
Assi, Chadi
contents In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats (APTs) is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures (TTPs) employed by attackers. However, manually extracting attack testflows from these reports requires elusive knowledge and is time-consuming and prone to errors. This paper proposes FLOWGUARDIAN, a novel solution leveraging language models (i.e., BERT) and Natural Language Processing (NLP) techniques to automate the extraction of attack testflows from unstructured threat reports. FLOWGUARDIAN systematically analyzes and contextualizes security events, reconstructs attack sequences, and then generates comprehensive testflows. This automated approach not only saves time and reduces human error but also ensures comprehensive coverage and robustness in cybersecurity testing. Empirical validation using public threat reports demonstrates FLOWGUARDIAN's accuracy and efficiency, significantly enhancing the capabilities of security teams in proactive threat hunting and incident response.
format Preprint
id arxiv_https___arxiv_org_abs_2507_07244
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Automated Attack Testflow Extraction from Cyber Threat Report using BERT for Contextual Analysis
Ahmadou, Faissal
Ghaffarzadegan, Sepehr
Nour, Boubakr
Pourzandi, Makan
Debbabi, Mourad
Assi, Chadi
Cryptography and Security
In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats (APTs) is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures (TTPs) employed by attackers. However, manually extracting attack testflows from these reports requires elusive knowledge and is time-consuming and prone to errors. This paper proposes FLOWGUARDIAN, a novel solution leveraging language models (i.e., BERT) and Natural Language Processing (NLP) techniques to automate the extraction of attack testflows from unstructured threat reports. FLOWGUARDIAN systematically analyzes and contextualizes security events, reconstructs attack sequences, and then generates comprehensive testflows. This automated approach not only saves time and reduces human error but also ensures comprehensive coverage and robustness in cybersecurity testing. Empirical validation using public threat reports demonstrates FLOWGUARDIAN's accuracy and efficiency, significantly enhancing the capabilities of security teams in proactive threat hunting and incident response.
title Automated Attack Testflow Extraction from Cyber Threat Report using BERT for Contextual Analysis
topic Cryptography and Security
url https://arxiv.org/abs/2507.07244