May 2025 Get Together : Talk - Using LLMs to Detect Cybersecurity Attacks

Hello Everyone,

Time passes by quickly and I apologise for this late announcement. Last event we had our Show and Tell and we had Christian and Slava who spoke to us. This May we have a paper to be presented.
Talk Title: Identification of attack techniques from cybersecurity reports using LLMs
Speaker: Martin Hoang Nguyen
Abstract: Cyber threat intelligence (CTI) reports have been one of the most important sources for analysts and researchers to prepare against potential threats and defend critical infrastructure, yet there have been multiple problems in analysing these data due to the text complexity and verbosity.

In this paper we will discuss the use of open-source Large Language Models, and developed a novel two-step pipeline to extract attack techniques from CTI reports. This approach has significantly improved the extraction performance of LLMs, and with several attack techniques surpassing an F1-score of 0.90. Furthermore, it also shows potential for reliable automated CTI systems to support cybersecurity operations.
Bio: Martin is currently working as an AI Developer in [Chamomile.ai](http://chamomile.ai/), focusing on topic modelling. I have a Honours degree in Computer Science from Swinburne University, and had research experience with CSIRO's Data61 in applying large language models and natural language processing (NLP) methods for analysing cybersecurity data. My current interest lies on applying AI to solve real-world challenges, especially in cybersecurity.
Fellowship: TAP 831 PUB, more on this later.