Generating Cyber Threat Intelligence to Discover Potential Security Threats Using Classification and Topic Modeling

Abstract

<p>Recently, Cyber Threat Intelligence (CTI) gained the attention of the cybersecurity community to build a robust and proactive mechanism for automatic security threat prediction. CTI collects and analyzes threat data from various sources, e.g., online security forums and social media where cyber enthusiasts and analysts discuss security-related topics and discover potential threats. Manually collecting and analyzing these posts is time-consuming, inefficient, and prone to errors. In this chapter, we identify and explore relevant CTIs from hacker forums utilizing different classification and topic modeling techniques. We collected data from a real hacker forum and constructed two datasets: a binary dataset and a multi-class dataset. Our model incorporates several classifiers along with deep neural networks evaluated on the datasets to predict potential cyber threats. A satisfactory performance is achieved that outperforms the efficiency of several existing frameworks. Furthermore, we leverage two topic modeling algorithms, namely, Latent Dirichlet Allocation (LDA) and Non-negative Matrix Factorization (NMF) to extract CTI.</p>