A Study on Automated TTP Analysis Technology at the Endpoint Based on Semantic Understanding 


Vol. 14,  No. 10, pp. 733-738, Oct.  2025
https://doi.org/10.3745/TKIPS.2025.14.10.733


PDF
  Abstract

EDR (Endpoint Detection and Response) logs, which include various abnormal activities observed across the network, provide critical information for cyber threat detection. However, their fragmented event structure and diverse representation hinder precise and consistent automated interpretation at the TTP (Tactics, Techniques, and Procedures) level. This study proposes an integrated analysis framework that semantically structures log-based abnormal behaviors and automates both TTP mapping and attack flow interpretation. To achieve this, raw logs are first normalized into natural language descriptions using a domain-specific rule set and then classified for anomalies via LogBERT. These descriptions are semantically enhanced using a large language model (LLM), and relevant TTP candidates are retrieved through FAISS-based similarity search. Finally, the most appropriate TTP is determined through Chain-of-Thought (CoT) reasoning, and a structured attack chain is automatically reconstructed based on temporal and relational analysis to support the strategic understanding of threat scenarios.

  Statistics
  Cite this article

[IEEE Style]

H. S. Kim, Y. S. Jeong, T. J. Lee, "A Study on Automated TTP Analysis Technology at the Endpoint Based on Semantic Understanding," The Transactions of the Korea Information Processing Society, vol. 14, no. 10, pp. 733-738, 2025. DOI: https://doi.org/10.3745/TKIPS.2025.14.10.733.

[ACM Style]

Hyun Seo Kim, Yeon Su Jeong, and Tae Jin Lee. 2025. A Study on Automated TTP Analysis Technology at the Endpoint Based on Semantic Understanding. The Transactions of the Korea Information Processing Society, 14, 10, (2025), 733-738. DOI: https://doi.org/10.3745/TKIPS.2025.14.10.733.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals