Sec-Buzzer: cyber security emerging topic mining with open threat intelligence retrieval and timeline event annotation

Abstract

Recognition of cyber threats from open threat intelligence can give advantages to incident response in very early stage. Previous related studies mostly focus on finding general hot terms instead of specific continuously changing targets; as a result, usage of these methods may be limited when given specific theme as default. To our best knowledge so far, the proposed Sec-Buzzer is the first web-based service not only finding the various emerging topics of cyber threats and its corresponding annotations (i.e., nearly zero-day attacks) but also providing the possible remedy solutions. Unlike previous works, Sec-Buzzer leverages different kinds of open source, Twitter and domain-specific blogs, and benefits a lot from the community-oriented filtering strategy as well as novel topic-association graph. Therefore, a set of highly contributing Twitter users will be grouped and scored as an expert community, and information from that will be explored then efficiently exploited. Demonstrations show that, by combining several measurements to quantify significances of experts and terms, Sec-Buzzer indeed uncovers unseen valuable domain experts to be information providers, as well as identifies emerging (or suddenly appearing) topics which are highly related to real security events happened recently.