Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds

This paper examines whether Large Language Models (LLMs) can be reliably applied to the normalization of Indicators of Compromise (IOCs) into Structured Threat Information Expression (STIX) format.

By

Nicholas Peterson

July 16, 2025

All papers are copyrighted. No re-posting of papers is permitted

Related Content

Cyber Defense Essentials

October 6, 2021

Can We Move Past Blocklists to Automated Takedowns?

Penetration Testing and Ethical Hacking

October 6, 2021

Striking from the Shadows: Applying and Analyzing Mitigation Techniques to Bypass Antivirus Payload Detection

September 16, 2021

Cloud Multi-Account Policy Enforcement