TTPDrill focuses on developing automated and context-aware analytics of cyber threat intelligence to accurately learn attack patterns (TTPs) from commonly available CTI sources in order to timely implement cyber defense actions. It implements data and text mining approach that combines enhanced techniques of Natural Language Processing (NLP) and Information Retrieval (IR) to extract threat actions based on semantic rather than syntactic relationships.
- Python 3
- stanford-corenlp
- Clone this repository GitHub
- download stanford-corenlp parser from
- https://downloads.cs.stanford.edu/nlp/software/stanford-corenlp-full-2015-12-09.zip
- insert the report text into input.txt
- run main.py
Copyright 2020 CyberDNA Center, UNC Charlotte
Please cite paper: https://dl.acm.org/doi/pdf/10.1145/3134600.3134646