Due to the variety of cyber-attacks or threats, the cybersecurity community enhances the traditional security control mechanisms to an advanced level so that automated tools can encounter potential security threats. Very recently, Cyber Threat Intelligence (CTI) has been presented as one of the proactive and robust mechanisms because of its automated cybersecurity threat prediction. Generally, CTI collects and analyses data from various sources e.g., online security forums, social media where cyber enthusiasts, analysts, even cybercriminals discuss cyber or computer security-related topics and discovers potential threats based on the analysis. As the manual analysis of every such discussion (posts on online platforms) is time-consuming, inefficient, and susceptible to errors, CTI as an automated tool can perform uniquely to detect cyber threats. In this paper, we identify and explore relevant CTI from hacker forums utilizing different supervised (classification) and unsupervised learning (topic modeling) techniques. To this end, we collect data from a real hacker forum and constructed two datasets: a binary dataset and a multi-class dataset. We then apply several classifiers along with deep neural network-based classifiers and use them on the datasets to compare their performances. We also employ the classifiers on a labeled leaked dataset as our ground truth. We further explore the datasets using unsupervised techniques. For this purpose, we leverage two topic modeling algorithms namely Latent Dirichlet Allocation (LDA) and Non-negative Matrix Factorization (NMF).
翻译:由于网络攻击或威胁的多样性,网络安全界将传统安全控制机制提升到高级水平,使自动化工具能够应对潜在的安全威胁。最近,网络威胁情报(CTI)因其网络安全威胁的自动预测而成为积极主动和有力的机制之一。一般来说,网络威胁情报(CTI)收集和分析来自各种来源的数据,例如网上安全论坛、网络爱好者、分析人员、甚至网络罪犯讨论网络或计算机安全相关议题的社交媒体,并根据分析结果发现潜在威胁。由于对每次此类讨论(在线平台上的张贴)的手工分析耗时、低效和容易出错,网络威胁情报(CTI)作为自动工具可以发挥独特的侦查网络威胁的作用。在本文中,我们利用不同监管(分类)和不受监督的学习(专题模型)技术,从黑客论坛收集数据,并构建两个数据集:一个二进制数据集和多级数据集。我们随后将若干分类器与深层网络的内值数据定值一起用于深层次的网络定值和易出错误。我们还将其业绩数据用于地面数据分类。我们还将数据分组用于不透明的数据库。
相关内容
微信扫码咨询专知VIP会员