Credibility-Driven Quality Assessment of Multi-source Cyber Threat Intelligence
摘要
As cyber threats grow in sophistication, single-source cyber threat intelligence proves inadequate for robust defense. Multi-source cyber threat intelligence offers broader coverage but introduces challenges such as redundancy, format inconsistency, and variable credibility. Open and commercial sources often contain low-value, duplicated, or short-lived data, complicating reliable insight extraction. To address this, we propose a credibility analysis framework for resolving conflicts in multi-source cyber threat intelligence by jointly evaluating intelligence content and source reliability. We design a Random Forest-based model to assess content quality and employ Retrieval-Augmented Generation to enrich source evaluation, leveraging a Large Language Model to generate contextual insights from expert knowledge. A feedback mechanism dynamically refines credibility scores by reinforcing agreement between content and source assessments. Experiments on a real-world cyber threat intelligence dataset show that the proposed method achieves high accuracy in classifying cyber threat intelligence as reliable, unreliable, or uncertain, effectively filtering noise and enhancing overall intelligence quality.