Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the current state of automated Tactics, Techniques, and Procedures (TTP) extraction from Cyber Threat Intelligence reports in this 16-minute conference presentation from USENIX Security '25. Examine how Natural Language Processing techniques are being applied to automatically extract and classify attack methodologies from CTI reports using the MITRE ATT&CK framework. Learn about the systematic evaluation of over 40 research papers in this field, comparing approaches ranging from named entity recognition to large language models in a unified testing environment. Discover key findings including performance limitations of current methods, the surprising effectiveness of traditional NLP approaches over modern embedder-based and generative models in realistic scenarios, and the critical need for better understanding of TTP ontology ambiguities. Gain insights into the challenges of creating comparable evaluation frameworks when existing solutions use different ontologies and inaccessible datasets, and understand the research directions needed to advance automated threat intelligence processing capabilities.
