2 research outputs found
NLP-Based Techniques for Cyber Threat Intelligence
In the digital era, threat actors employ sophisticated techniques for which,
often, digital traces in the form of textual data are available. Cyber Threat
Intelligence~(CTI) is related to all the solutions inherent to data collection,
processing, and analysis useful to understand a threat actor's targets and
attack behavior. Currently, CTI is assuming an always more crucial role in
identifying and mitigating threats and enabling proactive defense strategies.
In this context, NLP, an artificial intelligence branch, has emerged as a
powerful tool for enhancing threat intelligence capabilities. This survey paper
provides a comprehensive overview of NLP-based techniques applied in the
context of threat intelligence. It begins by describing the foundational
definitions and principles of CTI as a major tool for safeguarding digital
assets. It then undertakes a thorough examination of NLP-based techniques for
CTI data crawling from Web sources, CTI data analysis, Relation Extraction from
cybersecurity data, CTI sharing and collaboration, and security threats of CTI.
Finally, the challenges and limitations of NLP in threat intelligence are
exhaustively examined, including data quality issues and ethical
considerations. This survey draws a complete framework and serves as a valuable
resource for security professionals and researchers seeking to understand the
state-of-the-art NLP-based threat intelligence techniques and their potential
impact on cybersecurity
Can Twitter be used to Acquire Reliable Alerts against Novel Cyber Attacks?
Time-relevant and accurate threat information from public domains are
essential for cyber security. In a constantly evolving threat landscape, such
information assists security researchers in thwarting attack strategies. In
this work, we collect and analyze threat-related information from Twitter to
extract intelligence for proactive security. We first use a convolutional
neural network to classify the tweets as containing or not valuable threat
indicators. In particular, to gather threat intelligence from social media, the
proposed approach collects pertinent Indicators of Compromise (IoCs) from
tweets, such as IP addresses, URLs, File hashes, domain addresses, and CVE IDs.
Then, we analyze the IoCs to confirm whether they are reliable and valuable for
threat intelligence using performance indicators, such as correctness,
timeliness, and overlap. We also evaluate how fast Twitter shares IoCs compared
to existing threat intelligence services. Furthermore, through machine learning
models, we classify Twitter accounts as either automated or human-operated and
delve into the role of bot accounts in disseminating cyber threat information
on social media. Our results demonstrate that Twitter is growing into a
powerful platform for gathering precise and pertinent malware IoCs and a
reliable source for mining threat intelligence