Defending from cyberattacks requires practitioners to operate on high-level adversary behavior. Cyberthreat intelligence (CTI) reports past cyberattack incidents describe the chain of malicious actions with respect time. To avoid repeating incidents, must proactively identify and defend against recurring - which we refer as temporal attack patterns. Automatically mining patterns among provides structured actionable information behavior cyberattacks. The goal this paper is aid security in prioritizing proactive defense by cyberthreat reports. end, propose ChronoCTI, an automated pipeline for construct build ground truth dataset apply state-of-the-art large language models, natural processing, machine learning techniques. We ChronoCTI a set 713 CTI reports, where 124 categorize into nine pattern categories. that most prevalent category trick victim users executing code initiate attack, followed bypassing anti-malware system network. Based observed patterns, advocate organizations train about cybersecurity best practices, introduce immutable operating systems limited functionalities, enforce multi-user authentications. Moreover, leverage capability design countermeasures

Load

Load