Cyber Threat Intelligence (CTI) has emerged as a vital complementary approach that operates in the early phases of the cyber threat lifecycle. CTI involves collecting, processing, and analyzing threat data to provide a more accurate and rapid understanding of cyber threats. Due to the large volume of data, automation through Machine Learning (ML) and Natural Language Processing (NLP) models is essential for effective CTI extraction. These automated systems leverage Open Source Intelligence (OSINT) from sources like social networks, forums, and blogs to identify Indicators of Compromise (IoCs). Although prior research has focused on adversarial attacks on specific ML models, this study expands the scope by investigating vulnerabilities within various components of the entire CTI pipeline and their susceptibility to adversarial attacks. These vulnerabilities arise because they ingest textual inputs from various open sources, including real and potentially fake content. We analyse three types of attacks against CTI pipelines, including evasion, flooding, and poisoning, and assess their impact on the system's information selection capabilities. Specifically, on fake text generation, the work demonstrates how adversarial text generation techniques can create fake cybersecurity and cybersecurity-like text that misleads classifiers, degrades performance, and disrupts system functionality. The focus is primarily on the evasion attack, as it precedes and enables flooding and poisoning attacks within the CTI pipeline.

翻译：网络威胁情报（CTI）已成为在网络威胁生命周期早期阶段运行的关键补充方法。CTI涉及收集、处理和分析威胁数据，以提供更准确、更快速的网络威胁理解。由于数据量庞大，通过机器学习（ML）和自然语言处理（NLP）模型实现自动化对于有效的CTI提取至关重要。这些自动化系统利用来自社交网络、论坛和博客等来源的开源情报（OSINT）来识别入侵指标（IoCs）。尽管先前的研究主要关注针对特定ML模型的对抗攻击，但本研究通过调查整个CTI流程中各个组件的漏洞及其对对抗攻击的敏感性，扩展了研究范围。这些漏洞的产生是因为它们接收来自各种开放源的文本输入，包括真实和潜在的虚假内容。我们分析了针对CTI流程的三种攻击类型，包括规避攻击、淹没攻击和投毒攻击，并评估了它们对系统信息选择能力的影响。具体而言，在虚假文本生成方面，本研究展示了对抗性文本生成技术如何创建虚假的网络安全及类网络安全文本，从而误导分类器、降低性能并破坏系统功能。研究主要关注规避攻击，因为它在CTI流程中先于并促成了淹没攻击和投毒攻击。