This repository contains the code of the DIMVA paper Inferring Recovery Steps from Cyber Threat Intelligence Reports [1]. To read the paper, click on the following link.
.
├── app: contains the code for running the tool
├── data: contains the labeled dataset used for the experiments
└── results: contains the results of the experiments
- Clone this repository
git clone https://github.com/utwente-scs/recovery-inference.gitFor running the experiments, first change to the app directory.
$ cd appThen follow these steps:
- Make sure you have
virtualenvinstalled
$ pip install virtualenv- Create a virtual environment
$ virtualenv venv - Activate the virtual environment
$ source venv/bin/activate- Install the requirements.txt
$ pip install -r requirements.txt- Run the experiments
$ python experiments.py -i INPUT_PATH -o OUTPUT_PATH -m {semantic,llama,gpt-3.5-turbo-1106,gpt-4,gpt-4-turbo-preview}-
Make sure docker is installed and running. (For more details, please check the official documentation.)
-
Build and run the container.
$ docker compose up --build- Access the GUI in a web browser:
http://127.0.0.1:5000.
We would like to extend our gratitude to Yikun Li for his invaluable input, feedback and assistance in setting up the LLM experiments.
[1] Kucsván, Z. L., Caselli, M., Peter, A., & Continella, A. (2024, July). Inferring Recovery Steps from Cyber Threat Intelligence Reports. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2024.
@inproceedings{kucsvan2024inferring,
title = {Inferring Recovery Steps from Cyber Threat Intelligence Reports},
author={Kucsván, Zsolt Levente and Caselli, Marco and Peter, Andreas and Continella, Andrea},
booktitle = {In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)},
year = {2024}
}