University of Twente Student Theses
RAG-ATT&CK : Exploring RAG-Assisted Mapping of Cyber Threat Intelligence to MITRE ATT&CK Techniques
Schuurman, S.J. (2025) RAG-ATT&CK : Exploring RAG-Assisted Mapping of Cyber Threat Intelligence to MITRE ATT&CK Techniques.
|
PDF
2MB |
| Abstract: | Mapping unstructured Cyber Threat Intelligence (CTI) to MITRE ATT&CK techniques is essential for understanding and mitigating future cybersecurity threats. Existing automated methods require extensive fine-tuning of large language models (LLMs) or require static rules, limiting their adaptiveness to an evolving threat landscape. This work introduces RAG- ATT&CK , an automated mapping system utilizing Retrieval- Augmented-Generation (RAG). RAG-ATT&CK dynamically retrieves relevant MITRE ATT&CK techniques, providing the underlying LLM with factual context for classification, without the need for fine-tuning. While RAG-ATT&CK shows improvements over the baseline LLM system, it does not surpass the state-of-the-art methods. This study highlights the potential of RAG-based systems and offers a comparison to fine-tuning-based systems. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/106511 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page