Cyberthreat Detection from Twitter using Deep Neural Networks
Title | Cyberthreat Detection from Twitter using Deep Neural Networks |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Dionísio, Nuno, Alves, Fernando, Ferreira, Pedro M., Bessani, Alysson |
Conference Name | 2019 International Joint Conference on Neural Networks (IJCNN) |
Date Published | July 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-1985-4 |
Keywords | Artificial neural networks, bidirectional long short-term memory network, classification task, Collaboration, computer security, convolutional neural nets, convolutional neural network, cyber physical systems, cybersecurity information, cybersecurity-related sources, cyberthreat detection, cyberthreat intelligence, Deep Learning, deep neural networks, event management systems, indicators of compromise, information streams, IT infrastructure, learning (artificial intelligence), Metrics, named entity recognition task, Neural Network Security, Neural networks, open source intelligence platforms, OSINT, pipeline processing, policy-based governance, pubcrawl, public domain software, recurrent neural nets, Resiliency, security alert, security information, security of data, security-related information, social media networks, social networking (online), Task Analysis, threat detection, Tools, Twitter |
Abstract | To be prepared against cyberattacks, most organizations resort to security information and event management systems to monitor their infrastructures. These systems depend on the timeliness and relevance of the latest updates, patches and threats provided by cyberthreat intelligence feeds. Open source intelligence platforms, namely social media networks such as Twitter, are capable of aggregating a vast amount of cybersecurity-related sources. To process such information streams, we require scalable and efficient tools capable of identifying and summarizing relevant information for specified assets. This paper presents the processing pipeline of a novel tool that uses deep neural networks to process cybersecurity information received from Twitter. A convolutional neural network identifies tweets containing security-related information relevant to assets in an IT infrastructure. Then, a bidirectional long short-term memory network extracts named entities from these tweets to form a security alert or to fill an indicator of compromise. The proposed pipeline achieves an average 94% true positive rate and 91% true negative rate for the classification task and an average F1-score of 92% for the named entity recognition task, across three case study infrastructures. |
URL | https://ieeexplore.ieee.org/document/8852475/ |
DOI | 10.1109/IJCNN.2019.8852475 |
Citation Key | dionisio_cyberthreat_2019 |
- security alert
- Neural Network Security
- Neural networks
- open source intelligence platforms
- OSINT
- pipeline processing
- policy-based governance
- pubcrawl
- public domain software
- recurrent neural nets
- Resiliency
- named entity recognition task
- security information
- security of data
- security-related information
- social media networks
- social networking (online)
- Task Analysis
- threat detection
- tools
- cyberthreat detection
- bidirectional long short-term memory network
- classification task
- collaboration
- computer security
- convolutional neural nets
- convolutional neural network
- cyber physical systems
- cybersecurity information
- cybersecurity-related sources
- Artificial Neural Networks
- cyberthreat intelligence
- deep learning
- deep neural networks
- event management systems
- indicators of compromise
- information streams
- IT infrastructure
- learning (artificial intelligence)
- Metrics