A Knowledge Base Question Answering System for Cyber Threat Knowledge Acquisition

Open-source cyber threat intelligence (OSCTI) provides a form of evidence-based knowledge about cyber threats, enabling businesses to gain visibility into the fast-evolving threat landscape. Despite the pressing need for high-fidelity threat knowledge, existing cyber threat knowledge acquisition systems have primarily focused on providing low-level, isolated indicators. These systems have ignored the rich higher-level threat knowledge entities and their relationships presented in OSCTI reports, and do not provide a flexible and intuitive way for threat analysts to acquire the desired knowledge. To bridge the gap, we propose ThreatQA, a system that facilitates cyber threat knowledge acquisition via knowledge base question answering. Particularly, ThreatQA uses a combination of AI-based techniques to (1) automatically harvest comprehensive knowledge about trending threats from massive OSCTI reports from various sources and construct a large threat knowledge base, and (2) intelligently respond to an input natural language threat knowledge acquisition question by fetching the answer from the threat knowledge base via question answering.