Discerning reliable cyber threat indicators for timely Cyber Threat Intelligence

Discerning reliable cyber threat indicators for timely Cyber Threat Intelligence

연구 분야: Safety

학회: Journal of Computer Virology and Hacking Techniques

In today’s dynamic cybersecurity landscape, timely and accurate threat intelligence is essential for proactive defense. This study explores the potential of social media platforms as a valuable resource for extracting actionable Indicators of Compromises (IoCs). Utilizing a Convolutional Neural Network (CNN), we achieved an F1-score of 98.80% and a detection rate of 99.65%, filtering vast social media data to identify key IoCs, including IP addresses, URLs, file hashes, domain addresses, and CVE IDs. These indicators are critical for detecting potential threats and vulnerabilities, and their relevance was evaluated using metrics such as correctness, timeliness, and overlap. Our analysis shows that URLs emerged as the most frequently shared IoC, with 48.67% representing valid threats. To further investigate the role of automated accounts in disseminating IoCs, we applied several machine learning models, with XGBoost delivering the highest performance achieving a macro F1-score of 0.814 and a weighted F1-score of 0.925. These findings highlight the growing significance of social media as a reliable source of actionable threat intelligence, offering valuable insights for cybersecurity professionals to stay ahead of emerging threats.