Automated Emerging Cyber Threat Identification and Profiling Based on Natural Language Processing

Abstract

In recent years, there has been a noticeable
decrease in the time it takes for hackers to exploit
newly discovered vulnerabilities. This is well shown
by recent incidents, such the Log4j vulnerability.
Hackers began searching the web for sites that
would be susceptible to the vulnerability in the
hours after its publication, with the intention of
deploying malware such as bitcoin miners and
ransomware on such hosts. Therefore, in order to
maximise the efficacy of preventative operations, it
is crucial for the cybersecurity defence strategy to
recognise threats and their capabilities as early as
feasible. The enormous amount of data and
information sources that need to be analysed for
indications that a danger is growing makes finding
new threats a tough undertaking for security
analysts, despite how vital it is. To that end, we
provide a system that can automatically detect and
profile new threats based on their characteristics,
with MITRE ATT&CK serving as a database of
threat information and Twitter posts as an event
source. The three primary components of the
framework are as follows: first, the naming and
classification of cyber threats; second, the use of
two machine learning layers to filter and categorise
tweets in order to profile the detected danger
according to its aims or goals; and third, the
creation of alarms depending on the risk posed by
the threat. Our study primarily offers a method to
categorise and profile the detected threats according
to their objectives, which gives more background
information about the danger and potential ways to
lessen its impact. Our tests showed that the profiling
stage was 77% accurate in its threat profiling.