大语言模型在威胁情报生成方面的研究进展

摘要/Abstract

摘要： 在计算机语言处理的广阔领域中，一种被称为大语言模型的革命性实体崭露头角，以其理解复杂语言模式和产生一致且上下文相关回应的巨大能力而引起关注.大语言模型是一种人工智能模型，已经成为各种任务的强大工具，包括自然语言处理、机器翻译和问答.在威胁情报的实际应用中这些模型表现出色，特别是在实体识别、事件分析和关系抽取等关键任务上取得了显著的优势.其上下文理解的能力使其能够更好地处理复杂的威胁情境，而多层次表示学习使其能够捕捉文本的不同层次结构.此外，大语言模型通过迁移学习的方式，将在通用语言理解上获得的知识迁移到威胁情报任务中，提高了模型对不同领域和特定任务的适应性.这一研究趋势不仅推动了威胁情报领域的技术创新，也为更加智能、高效的威胁分析和应对提供了新的可能性.然而，随着研究的深入，仍需解决数据异构性、隐私保护等问题，以便更好地推动大语言模型在威胁情报领域的可持续发展.

关键词: 大语言模型, 威胁情报, 自然语言处理, Transformer, 应用挑战

Abstract: In the expansive realm of computational language processing, a revolutionary entity known as large language models has emerged, garnering attention for its profound ability to comprehend intricate language patterns and generate consistent, contextually relevant responses. Large language models, a type of artificial intelligence, have evolved into powerful tools for various tasks, including natural language processing, machine translation, and questionanswering. In the practical application of threat intelligence, these models exhibit exceptional performance, particularly showcasing significant advantages in critical tasks such as entity recognition, event analysis, and relation extraction. Their contextual understanding capabilities enable them to navigate complex threat scenarios effectively, while hierarchical representation learning allows them to capture diverse structural layers within the text. Furthermore, large language models enhance their adaptability to different domains and specific tasks by leveraging knowledge acquired through transfer learning from general language understanding tasks to threat intelligence tasks. This research trend not only propels technological innovation in the field of threat intelligence but also opens new possibilities for more intelligent and efficient threat analysis and response. However, as research advances, challenges such as data heterogeneity and privacy protection need to be addressed to better facilitate the sustainable development of large language models in the threat intelligence domain.

Key words: large language models, threat intelligence, natural language processing, Transformer, application challenges

中图分类号:

TP183

池亚平, 吴冰, 徐子涵, . 大语言模型在威胁情报生成方面的研究进展[J]. 信息安全研究, 2024, 10(11): 1028-.

参考文献

［1］Dwivedi Y K, Kshetri N, Hughes L, et al.“So what if ChatGPT wrote it?” Multidisciplinary perspectives on opportunities, challenges and implications of generative conversational AI for research, practice and policy［J］. International Journal of Information Management, 2023, 71: 102642［2］石波, 于然, 朱健. 基于知识图谱的网络空间安全威胁感知技术研究［J］. 信息安全研究, 2022, 8(8): 845853［3］Liu Ze, Ning Jia, Cao Yue, et al. Video swin transformer［C］ Proc of IEEE Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2022: 32023211［4］Zuo Junjia, Gao Yali, Li Xiaoyong, et al. An endtoend entity and relation joint extraction model for cyber threat intelligence［C］ Proc of the Int Conf on Big Data Analytics (ICBDA). Piscataway, NJ: IEEE, 2022: 204209［5］Wu Yiming, Liu Qianjun, Liao Xiaojing, et al. Price tag: Towards semiautomatically discovery tactics, techniques and procedures of Ecommerce cyber threat intelligence［JOL］. 2021 ［20240318］. https:ieeexplore.ieee.orgabstractdocument9576636［6］Yao Limin, Riedel S, McCallum A. Unsupervised relation discovery with sense disambiguation［C］ Proc of the 50th Annual Meeting of the Association for Computational Linguistics. Stroudsburg, PA: ACL, 2012: 712720［7］于忠坤, 王俊峰, 唐宾徽. 基于注意力机制和特征融合的网络威胁情报技战术分类研究［J］. 四川大学学报: 自然科学版, 2022, 59(5): 96103［8］Gao Peng, Shao Fei, Liu Xiaoyuan, et al. Enabling efficient cyber threat hunting with cyber threat intelligence［C］ Proc of the 37th IEEE Int Conf on Data Engineering (ICDE). Piscataway, NJ: IEEE, 2021: 193204［9］Shao Hao, Wang Lunwen, Zhu Rangang. Link prediction for heterogeneous information networks based on enhanced metapath aggregation and attention mechanism［J］. International Journal of Machine Learning and Cybernetics, 2023, 14(9): 30873103［10］Xun Shuang, Li Xiaoyong, Gao Yali. AITI: An automatic identification model of threat intelligence based on convolutional neural network［C］ Proc of the 4th Int Conf on Innovation in Artificial Intelligence. New York: ACM, 2020: 2024［11］Liu Jian, Yan Junjie, Jiang Jun, et al. TriCTI: An actionable cyber threat intelligence discovery system via triggerenhanced neural network［J］. Cybersecurity, 2022, 5(1): 823［12］Wang Xuren, Liu Runshi, Yang Jie, et al. Cyber threat intelligence entity extraction based on deep learning and field knowledge engineering［C］ Proc of the 25th IEEE Int Conf on Computer Supported Cooperative Work in Design (CSCWD). Piscataway, NJ: IEEE, 2022: 406413［13］Guo Yongyan, Liu Zhengyu, Huang Cheng, et al. A framework for threat intelligence extraction and fusion［J］. Computers & Security, 2023, 132: 103371［14］Liu Zhengyu, Su Haochen, Wang Nannan, et al. Coreference resolution for cybersecurity entity: Towards explicit, comprehensive cybersecurity knowledge graph with low redundancy［C］ Proc of Int Conf on Security and Privacy in Communication Systems. Berlin: Springer, 2022: 89108［15］Liu Shuang, Yang Hui, Li Jiayi, et al. Chinese named entity recognition method in history and culture field based on BERT［J］. International Journal of Computational Intelligence Systems, 2021, 14(1): 110［16］Jo H, Lee Y, Shin S. Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text［J］. Computers & Security, 2022, 120: 102763［17］Liu Peipei, Li Hong, Wang Zuoguang, et al. Multifeatures based semantic augmentation networks for named entity recognition in threat intelligence［C］ Proc of the 26th Int Conf on Pattern Recognition (ICPR). Piscataway, NJ: IEEE, 2022: 15571563［18］Orbinato V, Barbaraci M, Natella R, et al. Automatic mapping of unstructured cyber threat intelligence: An experimental study［C］ Proc of the 33rd IEEE Int Symp on Software Reliability Engineering (ISSRE). Piscataway, NJ: IEEE, 2022: 181192［19］Joshi M, Chen Danqi, Liu Yinhan, et al. Spanbert: Improving pretraining by representing and predicting spans［J］. Transactions of the Association for Computational Linguistics, 2020, 8: 6477［20］张弛, 翁方宸, 张玉清. ChatGPT在网络安全领域的应用、现状与趋势［J］. 信息安全研究, 2023, 9(6): 500509

[1]	潘琪亮, 李明, 皮振中, 黄利文, 方中奎, . 基于DeepSpeed框架构建信息安全领域通用人工智能模型的探索[J]. 信息安全研究, 2024, 10(E1): 155-.
[2]	刘楠, 陶源, 陈广勇, . 大语言模型在网络安全领域的应用[J]. 信息安全研究, 2024, 10(E1): 236-.
[3]	吴佩泽, 李光辉, 吴津宇, . 基于大语言模型的自动化漏洞验证代码生成方法研究[J]. 信息安全研究, 2024, 10(E1): 246-.
[4]	吴佩泽, 李光辉, 吴津宇, . 基于大语言模型的电力监控系统资产脆弱性管理技术研究[J]. 信息安全研究, 2024, 10(E1): 241-.
[5]	薛俊民, 巫建刚, 王宁, 冯冰君, 王志伟, . 人工智能技术在威胁情报体系中的应用探讨[J]. 信息安全研究, 2024, 10(E1): 280-.
[6]	黄振, 单文政, 郭芙蓉, 郑剑波, 陈晏鹏, . 可信大模型政务问答系统设计与实现[J]. 信息安全研究, 2024, 10(E1): 191-.
[7]	聂万泉, . 大语言模型插件安全性研究[J]. 信息安全研究, 2024, 10(E1): 196-.
[8]	姬旭, 张健毅, 赵张驰, 周子寅, 李毅龙, . 一种面向特殊领域隐语的大语言模型检测系统[J]. 信息安全研究, 2024, 10(9): 795-.
[9]	文津, 蒋凯元, 韩禹洋, 王志强, 罗乐琦, 田文亮, . 基于Transformer与图卷积网络的行为冲突检测模型[J]. 信息安全研究, 2024, 10(8): 729-.
[10]	陆佳丽, . 基于BertTextCNN的开源威胁情报文本的多标签分类方法[J]. 信息安全研究, 2024, 10(8): 760-.
[11]	白荣华, . 基于海量资产精细管理的漏洞跟踪处置平台设计[J]. 信息安全研究, 2024, 10(6): 568-.
[12]	罗乐琦, 张艳硕, 王志强, 文津, 薛培阳, . 基于BERT模型的源代码漏洞检测技术研究[J]. 信息安全研究, 2024, 10(4): 294-.
[13]	赵玉媛, 王斌, 张泽丹, 李青山, 胡建斌, . 融入结构先验知识的隐私信息抽取算法[J]. 信息安全研究, 2024, 10(2): 139-.
[14]	黄灵, 何希平, 贺丹, 杨楚天, 旷奇弦, . 融合卷积神经网络和Transformer的人脸欺骗检测模型[J]. 信息安全研究, 2024, 10(1): 25-.
[15]	肖萌, 路超, 田珊珊, 李昂, 王子亮, . 蜜罐及威胁情报技术在市场监督管理网络安全防御中的应用[J]. 信息安全研究, 2023, 9(E1): 117-.