Open-source cyber threat intelligence (OSCTI) provides a form of evidence-based knowledge about cyber threats, enabling businesses to gain visibility into the fast-evolving threat landscape. Despite the pressing need for high-fidelity threat knowledge, existing cyber threat knowledge acquisition systems have primarily focused on providing low-level, isolated indicators. These systems have ignored the rich higher-level threat knowledge entities and their relationships presented in OSCTI reports, and do not provide a flexible and intuitive way for threat analysts to acquire the desired knowledge. To bridge the gap, we propose THREATQA, a system that facilitates cyber threat knowledge acquisition via knowledge base question answering. Particularly, THREATQA uses a combination of AI-based techniques to (1) automatically harvest comprehensive knowledge about trending threats from massive OSCTI reports from various sources and construct a large threat knowledge base, and (2) intelligently respond to an input natural language threat knowledge acquisition question by fetching the answer from the threat knowledge base via question answering.
Part of proceedings: ISBN 978-1-6654-0883-7
QC 20221104