Abstract
With the progressive deterioration of cyber threats, collecting cyber threat intelligence (CTI) from open-source threat intelligence publishing platforms (OSTIPs) can help information security personnel grasp public opinions with specific pertinence, handle emergency events, and even confront the advanced persistent threats. However, due to the explosive growth of information shared on multi-type OSTIPs, manually collecting the CTI has had low efficiency. Articles published on the OSTIPs are unstructured, leading to an imperative challenge to automatically gather CTI records only through natural language processing (NLP) methods. To remedy these limitations, this paper proposes an automatic approach to generate the CTI records based on multi-type OSTIPs (GCO), combing the NLP method, machine learning method, and cybersecurity threat intelligence knowledge. The experiment results demonstrate that the proposed GCO outperformed some state-of-the-art approaches on article classification and cybersecurity intelligence details (CSIs) extraction, with accuracy, precision, and recall all over 93%; finally, the generated records in the Neo4j-based CTI database can help reveal malicious threat groups.
Highlights
With the progressive deterioration of cyber threats, more and more researchers pay attention to the solution of network security problems
To address the above problems, this paper proposed GCO, an automatic generation approach of the cyber threat intelligence (CTI) records based on multi-type open-source threat intelligence publishing platforms (OSTIPs), by combing the natural language processing (NLP) method, machine learning method, and CTI knowledge
Conclusions records obtained through GCO can effectively help security staff perform more efficient In this paper, an automatic generation approach of the CTI records based on multiwork, including CTI sorting and further analysis
Summary
With the progressive deterioration of cyber threats, more and more researchers pay attention to the solution of network security problems. With the wide application of CTI, security staff is sharing their findings on their blogs or open-source forums. These new findings have important reference significance, which can help security personnel to establish a broader and comprehensive understanding of advanced persistent threat (APT) groups. Discovering and responding in time can resist cyber-attacks better These blogs or forums are established to publish CTI about the current cybersecurity events, as we call open-source threat intelligence publishing platforms (OSTIPs). The company OSTIPs are established by companies, aiming to publish cybersecurity-related events, as well as the news and the product relevant advertisements. Though the articles published by individual OSTIPs are at a low volume, its CTI information is important for cybersecurity defense deployment. OTX [14] is a famous cybersecurity forum, where more than 19 million details are shared each day
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
