MITRE ATT&CK Labeling of Cyber Threat Intelligence via LLM
This paper explores the effectiveness of various online and locally hosted LLMs in classifying an arbitrary statement as containing an MITRE ATT&CK Framework (MAF) technique or not and then producing the technique number if it does.
SANS_MITRE_ATTCK_Labeling_Cyber_Threat_Intelligence_via_LLM (PDF, 0.51MB)
7 Jan 2025Related Content
AI-Driven SecOps: Unifying Controls, Automating Response, and Advancing the Modern SOC Using Cortex XSIAM
Research PaperNew research from IDC reveals the tangible business value of rigorous, practitioner-led training from SANS: faster threat detection and response, reduced operational risk, stronger team cohesion, and millions in annual cost savings.
- 29 Jul 2025
- Dave Shackleford
Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds
Research PaperThis paper examines whether Large Language Models (LLMs) can be reliably applied to the normalization of Indicators of Compromise (IOCs) into Structured Threat Information Expression (STIX) format.
- 16 Jul 2025
Do AI Coding Assistants Make Bad Coders Worse? A Security Evaluation of GitHub Copilot
Research PaperThis paper examines whether the overall security posture of a project affects the quality of the code produced by Copilot.
- 11 Jul 2025
Dropzone AI Can Make Internal SOC Teams More Effective
Research PaperIn this paper, SANS Certified Instructor Mark Jeanmougin examines how Dropzone AI can integrate into existing security stacks and help SOC teams stay focused on high-impact decisions.
- 17 Jun 2025
- Mark Jeanmougin
Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
Research PaperIn February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed.
- 13 May 2025
- SANS Institute
AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance
Research PaperThe increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.
- 13 May 2025
Leveraging Large Language Models for Security-Focused Code Reviews
Research PaperThis study investigates the potential application of Large Language Models (LLMs) in enhancing software security through automated vulnerability detection during the code review process.
- 26 Mar 2025
AI Hunting with the Cybereason Platform: A SANS Review
Research PaperSANS reviewed Cybereason's AI hunting platform, which offers a lightweight, behavior-focused model...
- 23 Jul 2018
- Dave Shackleford
Applying Machine Learning Techniques to Measure Critical Security Controls
Research PaperImplementing and measuring Critical Security Controls (CSC) requires analyzing all data types...
- 6 Sep 2016