As the sophistication and frequency of targeted cyberattacks continue to rise, so does the demand for accurate and actionable Cyber Threat Intelligence (CTI). While previous research works attempt to extract and analyze CTI, none have been applied to leverage Chinese data. As China is both the largest source and victim of cyberattacks, lacking visibility of Chinese sources creates amajor blind spot for CTI. Additionally, highly-active Chinese security forums provide fertile sources for intelligence.
In this research, I have constructed a CTI system called CTI ANT. It is the FIRST automatic Chinese CTI Analysis framework for extracting and analyzing threat intelligence from unstructured Chinese data sources via Natural Language Processing (NLP) algorithms. CTI ANT consists 3
subsystems: a classifier (CSAC) for recognizing the theme of cyber threat data; a recommendation system (CTRS) that identifies trending keywords for analysts to recognize key threat actors; and a MITRE ATT&CK Detector (MD) to label cyberattack techniques in threat reports.
Evaluation confirmed that CSAC and CTRS have achieved excellent results with accuracies of 93% and 80%, respectively. Moreover, MD presents precise cyberattack detection and ID labeling. I also included security expert reviews for verification. By precise analysis and intelligence retrieval within massive Chinese CTI sources, CTI ANT has been verified to provide instant, accurate
intelligence to security experts.