Human–AI Enhancement of Cyber Threat Intelligence

Human–AI Enhancement of Cyber Threat Intelligence

연구 분야: Safety

학회: International Journal of Information Security

This study proposes a human-AI collaboration to model the landscape of cyber threat intelligence (CTI) and use it to detect suspicious communication indicating impending cybersecurity incidents. We show how the collaboration between cybersecurity experts and AI-based text-classification methods develops an understanding of professional hackers and helps detect cybersecurity threats more accurately. The human-AI collaboration rests on a Reciprocal Human–Machine Learning (RHML) model, in which a human expert and a machine interact repeatedly over time and simultaneously continually learn to detect professional hackers. Two cybersecurity experts employed qualitative data analysis and worked with RHML software assistance to classify 6651 messages from an online hackers’ forum. We discovered an improvement, over time, of both the detection accuracy and the experts’ understanding of the threat landscape as represented by their concept maps. In particular, the concept map refers to the hacker’s capabilities, intent, and behaviour to define the threat landscape needed for professional detection, in contrast to amateur hackers. We believe this approach may ultimately lead to a more robust and proactive cybersecurity posture and translate into operational advantages in the field of CTI.