This repository contains the code of the DIMVA paper Inferring Recovery Steps from Cyber Threat Intelligence Reports [1]. To read the paper, click on the following link.

.
├── app: contains the code for running the tool
├── data: contains the labeled dataset used for the experiments
└── results: contains the results of the experiments

1. Clone this repository

git clone https://github.com/utwente-scs/recovery-inference.git

For running the experiments, first change to the app directory.

$ cd app

Then follow these steps:

1. Make sure you have virtualenv installed

$ pip install virtualenv

2. Create a virtual environment

$ virtualenv venv 

3. Activate the virtual environment

$ source venv/bin/activate

3. Install the requirements.txt

$ pip install -r requirements.txt

4. Run the experiments

$ python experiments.py -i INPUT_PATH -o OUTPUT_PATH -m {semantic,llama,gpt-3.5-turbo-1106,gpt-4,gpt-4-turbo-preview}

1. Make sure docker is installed and running. (For more details, please check the official documentation.)

2. Build and run the container.

$ docker compose up --build

3. Access the GUI in a web browser: http://127.0.0.1:5000.

[1] Kucsván, Z. L., Caselli, M., Peter, A., & Continella, A. (2024, July). Inferring Recovery Steps from Cyber Threat Intelligence Reports. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), 2024.

@inproceedings{kucsvan2024inferring,
 title = {Inferring Recovery Steps from Cyber Threat Intelligence Reports},
 author={Kucsván, Zsolt Levente and Caselli, Marco and Peter, Andreas and Continella, Andrea},
 booktitle = {In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)},
 year = {2024}
}