{"id":"https://openalex.org/W4413250014","doi":"https://doi.org/10.1007/978-3-032-00633-2_5","title":"Large Language Models for\u00a0Cyber Threat Intelligence: Extracting MITRE With LLMs","display_name":"Large Language Models for\u00a0Cyber Threat Intelligence: Extracting MITRE With LLMs","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4413250014","doi":"https://doi.org/10.1007/978-3-032-00633-2_5"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-032-00633-2_5","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-032-00633-2_5","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-00633-2_5.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-00633-2_5.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080995810","display_name":"Andra\u017e Kra\u0161ovec","orcid":"https://orcid.org/0009-0007-4077-0826"},"institutions":[{"id":"https://openalex.org/I4210118689","display_name":"Joint Research Centre","ror":"https://ror.org/02qezmz13","country_code":"IT","type":"government","lineage":["https://openalex.org/I1320481043","https://openalex.org/I2800387288","https://openalex.org/I4210118689","https://openalex.org/I4210161702"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Andra\u017e Kra\u0161ovec","raw_affiliation_strings":["Joint Research Centre, European Commission, Ispra, Italy"],"raw_orcid":"https://orcid.org/0009-0007-4077-0826","affiliations":[{"raw_affiliation_string":"Joint Research Centre, European Commission, Ispra, Italy","institution_ids":["https://openalex.org/I4210118689"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001320617","display_name":"Gary Steri","orcid":"https://orcid.org/0000-0001-7698-1771"},"institutions":[{"id":"https://openalex.org/I4210118689","display_name":"Joint Research Centre","ror":"https://ror.org/02qezmz13","country_code":"IT","type":"government","lineage":["https://openalex.org/I1320481043","https://openalex.org/I2800387288","https://openalex.org/I4210118689","https://openalex.org/I4210161702"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Gary Steri","raw_affiliation_strings":["Joint Research Centre, European Commission, Ispra, Italy"],"raw_orcid":"https://orcid.org/0000-0001-7698-1771","affiliations":[{"raw_affiliation_string":"Joint Research Centre, European Commission, Ispra, Italy","institution_ids":["https://openalex.org/I4210118689"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038882355","display_name":"\u0393\u03b5\u03ce\u03c1\u03b3\u03b9\u03bf\u03c2 \u039a\u03b1\u03c1\u03cc\u03c0\u03bf\u03c5\u03bb\u03bf\u03c2","orcid":"https://orcid.org/0000-0002-0142-7503"},"institutions":[{"id":"https://openalex.org/I4210118689","display_name":"Joint Research Centre","ror":"https://ror.org/02qezmz13","country_code":"IT","type":"government","lineage":["https://openalex.org/I1320481043","https://openalex.org/I2800387288","https://openalex.org/I4210118689","https://openalex.org/I4210161702"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Georgios Karopoulos","raw_affiliation_strings":["Joint Research Centre, European Commission, Ispra, Italy"],"raw_orcid":"https://orcid.org/0000-0002-0142-7503","affiliations":[{"raw_affiliation_string":"Joint Research Centre, European Commission, Ispra, Italy","institution_ids":["https://openalex.org/I4210118689"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5119320773","display_name":"Mirko Trapani","orcid":null},"institutions":[{"id":"https://openalex.org/I4210118689","display_name":"Joint Research Centre","ror":"https://ror.org/02qezmz13","country_code":"IT","type":"government","lineage":["https://openalex.org/I1320481043","https://openalex.org/I2800387288","https://openalex.org/I4210118689","https://openalex.org/I4210161702"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mirko Trapani","raw_affiliation_strings":["Joint Research Centre, European Commission, Ispra, Italy"],"raw_orcid":"https://orcid.org/0009-0000-7257-7851","affiliations":[{"raw_affiliation_string":"Joint Research Centre, European Commission, Ispra, Italy","institution_ids":["https://openalex.org/I4210118689"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5080995810"],"corresponding_institution_ids":["https://openalex.org/I4210118689"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.55375909,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"80","last_page":"89"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9973000288009644,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8224372863769531},{"id":"https://openalex.org/keywords/preprocessor","display_name":"Preprocessor","score":0.6585802435874939},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.6315599083900452},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4850975275039673},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.45319685339927673},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4423520565032959},{"id":"https://openalex.org/keywords/natural-language-processing","display_name":"Natural language processing","score":0.43460893630981445},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2592974007129669},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.18441453576087952}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8224372863769531},{"id":"https://openalex.org/C34736171","wikidata":"https://www.wikidata.org/wiki/Q918333","display_name":"Preprocessor","level":2,"score":0.6585802435874939},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.6315599083900452},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4850975275039673},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.45319685339927673},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4423520565032959},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.43460893630981445},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2592974007129669},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.18441453576087952},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/978-3-032-00633-2_5","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-032-00633-2_5","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-00633-2_5.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"}],"best_oa_location":{"id":"doi:10.1007/978-3-032-00633-2_5","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-032-00633-2_5","pdf_url":"https://link.springer.com/content/pdf/10.1007/978-3-032-00633-2_5.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"score":0.4300000071525574,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4413250014.pdf","grobid_xml":"https://content.openalex.org/works/W4413250014.grobid-xml"},"referenced_works_count":11,"referenced_works":["https://openalex.org/W2807659734","https://openalex.org/W4226171676","https://openalex.org/W4311412320","https://openalex.org/W4312995921","https://openalex.org/W4385452929","https://openalex.org/W4391093150","https://openalex.org/W4391093223","https://openalex.org/W4392353733","https://openalex.org/W4399039481","https://openalex.org/W4408566170","https://openalex.org/W6604662147"],"related_works":["https://openalex.org/W2397288865","https://openalex.org/W2368524271","https://openalex.org/W2140798747","https://openalex.org/W2576709312","https://openalex.org/W2948169060","https://openalex.org/W2079402751","https://openalex.org/W2392797073","https://openalex.org/W2989490741","https://openalex.org/W2023657818","https://openalex.org/W1975570126"],"abstract_inverted_index":{"Abstract":[0],"Cyber":[1],"Threat":[2],"Intelligence":[3],"(CTI)":[4],"reports":[5,57,113,129,153],"provide":[6],"information":[7],"about":[8],"emerging":[9],"and":[10,14,39,47,82,87,114,147,154,180,187],"current":[11],"cyber":[12],"threats,":[13],"their":[15],"analysis":[16],"is":[17],"key":[18],"for":[19],"adopting":[20],"appropriate":[21],"countermeasures.":[22],"Reports":[23],"are":[24,58,130],"typically":[25],"in":[26,55,132,135,210],"the":[27,49,56,71,92,111,166,169,189,215],"form":[28],"of":[29,51,70,89,152,168,184,191,214],"long":[30],"texts":[31],"from":[32],"which":[33],"cybersecurity":[34],"analysts":[35],"extract":[36],"essential":[37],"elements":[38],"translate":[40],"them":[41],"into":[42],"actionable":[43],"steps.":[44],"To":[45],"summarise":[46],"share":[48],"findings":[50],"this":[52,76,101,136],"analysis,":[53],"sentences":[54,186],"often":[59],"labelled":[60],"with":[61],"MITRE":[62],"ATT&amp;CK":[63],"techniques":[64,194],"that":[65,128,142],"yield":[66],"a":[67,176],"better":[68],"description":[69],"identified":[72],"attack":[73],"patterns.":[74],"However,":[75],"task":[77,167],"can":[78],"be":[79],"very":[80],"time-consuming":[81],"prone":[83],"to":[84,99,149,160,164,197,212],"both":[85],"errors":[86],"biases":[88],"analysts.":[90,170],"In":[91],"literature,":[93],"there":[94],"have":[95],"been":[96],"some":[97],"attempts":[98],"automate":[100],"process.":[102],"Most":[103],"commonly,":[104],"researchers":[105],"apply":[106,116],"different":[107],"pre-processing":[108],"steps":[109],"on":[110,122,145,175],"initial":[112],"then":[115],"classification":[117],"techniques,":[118],"including":[119],"approaches":[120],"based":[121],"large":[123],"language":[124],"models":[125],"(LLMs).":[126],"Considering":[127],"written":[131],"natural":[133],"language,":[134],"paper,":[137],"we":[138],"present":[139],"an":[140,181],"approach":[141,174],"relies":[143],"entirely":[144],"LLMs":[146],"seeks":[148],"minimise":[150],"preprocessing":[151],"other":[155],"human":[156],"intervention,":[157],"if":[158],"not":[159],"replace,":[161],"at":[162],"least":[163],"ease":[165],"We":[171],"evaluate":[172],"our":[173],"real-world":[177],"CTI":[178],"report":[179],"extensive":[182],"dataset":[183],"MITRE-labelled":[185],"reduce":[188],"number":[190],"potentially":[192],"suitable":[193],"by":[195],"up":[196,211],"33":[198],"$$\\times":[199],"$$":[200],"<mml:math":[201],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\">":[202],"<mml:mo>\u00d7</mml:mo>":[203],"</mml:math>":[204],"while":[205],"retaining":[206],"ground":[207],"truth":[208],"labels":[209],"94.29%":[213],"sentences.":[216]},"counts_by_year":[],"updated_date":"2026-03-11T06:11:40.159057","created_date":"2025-10-10T00:00:00"}