TTPrint: Evidence-Grounded TTP Extraction via Diverge-then-Converge Verification 事件

TTPrint: Evidence-Grounded TTP Extraction via Diverge-then-Converge Verification arXiv:2605.25836v1 Announce Type: cross Abstract: Extracting MITRE ATT&CK techniques from cyber threat intelligence (CTI) reports is an open-set, multi-label problem requiring both high recall (not missing techniques) and high precision (not hallucinating unsupported ones). Existing methods--rule-based, supervised, and LLM-based--struggle to achieve both: rule-based and supervised approaches lack generalizability a