CTI View: APT Threat Intelligence Analysis System

With the development of advanced persistent threat (APT) and increasingly severe situation network security, strategic defense idea with concept “active defense, traceability, countermeasures” arises at historic moment, thus cyberspace intelligence (CTI) has become valuable in enhancing ability to resist cyber threats. Based on actual demand defending against APT threat, we apply natural language processing process design a new automation system CTI View, which is oriented text extraction analysis for massive unstructured released by various security vendors. The main work View as follows: (1) deal heterogeneous CTI, framework designed based automated test framework, recognition technology, denoising technology. It effectively solves problem poor adaptability when crawlers are used crawl CTI; (2) using regular expressions combined blacklist whitelist mechanism extract IOC TTP information described effectively; (3) according requirements, model bidirectional encoder representations from transformers (BERT) complete entity algorithm intelligence. In this paper, GRU layer added existing BERT-BiLSTM-CRF model, evaluate proposed marked dataset get better performance than current mainstream mode.