Cyber Threat Intelligence (CTI) reports are widely used for sharing cyber threat incident and information. However, CTI reports are unfortunately shared as unstructured text using advanced technical terms, which makes analyzing and actuating threats information highly challenging. Considering the semantic complexity and large number of CTI reports generated every day, the current practice of manual analysis of CTI reports for threat mitigation yields not only slow and expensive but also inaccurate threat analysis and mitigation.

In this talk, the speaker will present research for developing sense-making and decision-making techniques to automate the analysis of unstructured CTI reports, and create course-of-action for predictive threat analytics and proactive mitigation. In sensing-making analysis, the speakers developed a text mining framework for understanding the semantic of CTI and CVEs reports in order to (1) automatically extract the "actionable" cyber threat information, (2) characterize the attack techniques, and (3) identify the attack pattern based on the killchain and the attack Tactics, Techniques, and Procedures.