• artificial intelligence
• cyber defense
• cyber threat intelligence
• cybersecurity
• incident response
• information security
• large language models
• network security
• security enhancement
• security operations centers
• threat detection
• threat intelligence platform

The thesis focuses on advancing cyber threat intelligence (CTI) by integrating generative AI technologies into Security Operations Centers (SOCs). The research addresses the challenges posed by the increasing complexity and volume of cyber threats that undermine traditional security measures. It presents a novel engine designed to improve the precision and speed of threat detection and analysis by utilizing large language models (LLMs) for processing CTI data.
The study begins with a comprehensive survey of existing CTI practices and the role of AI in cybersecurity, setting the groundwork for the proposed innovations. It introduces an engine architecture that leverages AI to enhance data analysis capabilities within SOCs. The methodology section details the design and implementation of this engine, emphasizing the integration of generative AI for dynamic CTI analysis. Key components such as the CVE (Common Vulnerabilities and Exposures) Extractor are discussed, which automate the extraction and correlation of threat data to specific vulnerabilities.
Evaluation of the engine demonstrates its effectiveness in enhancing the operational efficiency of SOCs through faster and more accurate threat detection. The thesis concludes with reflections on the research findings and suggestions for future enhancements, including scaling the application of AI in cybersecurity operations.