網路威脅情報 (CTI) 透過提供來自不同資料來源的可行見解,顯著增強組織網路安全防禦。本研究研究了 CTI 分析與 MITRE ATT&CK 框架之間的相關性,重點關注它們的結合以增強威脅偵測和回應能力。這項研究的一個關鍵方面涉及開發一個分類器,使用基於 BERT 的模型將 CTI 報告映射到特定的ATT&CK 技術。我們的模型比基線 SecBERT 有了顯著的改進,F1-score 提高了 2.6%,Top-3 Accuracy 提高了 4.2%。透過 CTI 與 MITRE ATT&CK 框架的整合,研究人員可以從被動式網路安全策略轉向主動式網路安全策略。這種整合可以快速偵測新出現的威脅,提高事件回應效率,並強化針對不斷變化的網路威脅的防禦措施。最終,CTI 和 ATT&CK 之間的協同效應在當今動態的威脅環境中形成了一種全面的網路安全管理方法。;Cyber Threat Intelligence (CTI) significantly enhances organizational cybersecurity defenses by providing actionable insights from diverse data sources. This research studies the correlation between CTI analysis and the MITRE ATT&CK framework, focusing on their alignment to strengthen threat detection and response capabilities. A pivotal aspect of this study involves developing a classifier using a fine-tuned BERT-based model to map CTI reports to specific ATT&CK techniques. Our model demonstrated substantial improvements over the baseline SecBERT, achieving a 2.6% higher F1-score and a 4.2% improvement in Top-3 Accuracy. By integrating CTI with the MITRE ATT&CK framework, researchers can shift from reactive to proactive cybersecurity strategies. This integration enables swift detection of emerging threats, enhances incident response effectiveness, and fortifies defensive measures against evolving cyber threats. Ultimately, the synergy between CTI and ATT&CK fosters a comprehensive approach to cybersecurity management in today′s dynamic threat landscape.
