In the past few months, there has been a surge in interest regarding the use of Artificial Intelligence (AI) within the domain of security intelligence. This renewed enthusiasm is mainly propelled by the significant advancements made by generative AI, such as Chat GPT. But how can AI and generative AI be applied to threat intelligence? In this blog post, we will explore how Machine Learning, Natural Language Processing and generative AI can help risk intelligence analysts to be more effective and efficient in Open Source Intelligence (OSINT) monitoring.
What is security threat intelligence?
Security threat intelligence is the process of collecting, analyzing and disseminating information about current and emerging threats to the physical security and business continuity of an organisation. It helps security teams to identify, prioritize and respond to potentially disruptive events, as well as to prevent, or mitigate, future ones. However, security threat intelligence is not without its challenges. Analysts have to deal with a huge amount of data from various sources, such as the open web, dark web, social media, foreign languages and so on. They also have to filter out the noise and false positives and provide actionable insights and recommendations. All this is under intense time pressure.
The evolution of threat intelligence
Before the advent of AI, intelligence analysts had to rely on manual methods or very basic crawlers to monitor Open Source Intelligence (OSINT) sources such as news, blogs, forums, social media, etc. They had to filter the information by keywords or manually scan through large volumes of data to identify relevant information. This was a time-consuming and labour-intensive process that often resulted in missed or outdated information.
As the threat landscape evolved and became more complex and dynamic, security threat intelligence also had to adapt and leverage more advanced technologies and techniques to provide timely, accurate and actionable insights.
The rise of AI
Artificial Intelligence (AI) is the field of computer science that aims to create machines and systems that can perform tasks that normally require human intelligence and abilities. AI can involve various aspects such as learning, reasoning, perception, decision-making, natural language processing, and more. AI applications can range from simple tasks like speech recognition and face detection to complex ones like autonomous driving and autonomous weapons. But how can Machine Learning (ML) and Natural Language Processing (NLP) help a security threat intelligence analyst?
First of all, ML and NLP technologies can help automate the work of a security threat intelligence analyst by filtering relevant information and extracting useful insights from the vast amount of data available online. Machine learning is a branch of artificial intelligence that enables computers to learn from data and make predictions or decisions without being explicitly programmed. Natural Language Processing is a subfield of machine learning that deals with the analysis and generation of natural language texts.
One of the applications of machine learning and natural language processing in security threat intelligence is to create a smart crawler that can scan open sources and filter relevant information based on what the analyst is looking for. For example, if the analyst is interested in maritime piracy threats in the Gulf of Aden, the smart crawler can use machine learning and natural language processing to identify information about this topic, such as news articles, reports, tweets, etc.
Machine learning is a much better technology than filtering by keyword because it takes into account the context of the word. For instance, the keyword “pirates” could return relevant results about maritime piracy or sports news about the Orlando Pirates Football Club. Machine learning is capable of filtering out the false positive result by taking into account the context of the word “pirates” while a simple keyword-based crawler would generate a lot of noise.
Another application of machine learning and natural language processing in security threat intelligence is to create a smart analyzer that can extract key information from the filtered sources, such as actors, locations, dates, methods, impacts, etc., and present them in a structured and concise way to the analyst. For example, if the smart analyzer detects a news article about a pirate attack in the Indian Ocean, it can extract the following information:
– Actor: Somali pirates
– Location: Gulf of Aden
– Date: April 17th 2023
– Method: Boarding with AK-47s and RPGs
– Impact: Hijacking of a cargo ship with 20 crew members
The smart analyzer can also use machine learning and natural language processing to generate a summary of the article or a report that highlights the main points and provides additional insights or recommendations to the analyst.
Example of AI-generated alert from Hozint’s risk intelligence platform on 18 April 2023.
The new frontier of generative AI
One of the emerging technologies that can help security threat intelligence is generative AI, such as Chat GPT. GPT is a deep learning model that can generate natural language texts based on a given input. It can learn from large amounts of data and produce coherent and relevant texts on various topics. GPT can be used to enhance security threat intelligence in several ways:
– It can generate concise and fact-based reports based on threat intelligence data, such as descriptions, threat actor profiles, attack techniques and mitigation strategies. This can save time and resources for analysts, who can focus on more complex tasks that require human judgment and expertise.
– It can provide additional context and analysis for threat intelligence data, such as explaining the impact, severity and likelihood of a threat, or comparing different threats and their trends. This can help analysts to prioritize and triage threats, and make better decisions on how to respond.
– It can answer specific questions related to threat intelligence data, such as what are the best practices to mitigate a certain threat. This can help analysts to gain more insights and knowledge from the data and to improve their skills and expertise.
Although generative AI is still in its early stages, it is expected that more use cases will emerge in the coming years, especially when AI modules can be trained with an organization’s internal data such as threat alerts, methodologies, and business continuity plans.
