Visible to the public Cyberthreat Detection from Twitter using Deep Neural Networks

TitleCyberthreat Detection from Twitter using Deep Neural Networks
Publication TypeConference Paper
Year of Publication2019
AuthorsDionísio, Nuno, Alves, Fernando, Ferreira, Pedro M., Bessani, Alysson
Conference Name2019 International Joint Conference on Neural Networks (IJCNN)
Date PublishedJuly 2019
PublisherIEEE
ISBN Number978-1-7281-1985-4
KeywordsArtificial neural networks, bidirectional long short-term memory network, classification task, Collaboration, computer security, convolutional neural nets, convolutional neural network, cyber physical systems, cybersecurity information, cybersecurity-related sources, cyberthreat detection, cyberthreat intelligence, Deep Learning, deep neural networks, event management systems, indicators of compromise, information streams, IT infrastructure, learning (artificial intelligence), Metrics, named entity recognition task, Neural Network Security, Neural networks, open source intelligence platforms, OSINT, pipeline processing, policy-based governance, pubcrawl, public domain software, recurrent neural nets, Resiliency, security alert, security information, security of data, security-related information, social media networks, social networking (online), Task Analysis, threat detection, Tools, Twitter
Abstract

To be prepared against cyberattacks, most organizations resort to security information and event management systems to monitor their infrastructures. These systems depend on the timeliness and relevance of the latest updates, patches and threats provided by cyberthreat intelligence feeds. Open source intelligence platforms, namely social media networks such as Twitter, are capable of aggregating a vast amount of cybersecurity-related sources. To process such information streams, we require scalable and efficient tools capable of identifying and summarizing relevant information for specified assets. This paper presents the processing pipeline of a novel tool that uses deep neural networks to process cybersecurity information received from Twitter. A convolutional neural network identifies tweets containing security-related information relevant to assets in an IT infrastructure. Then, a bidirectional long short-term memory network extracts named entities from these tweets to form a security alert or to fill an indicator of compromise. The proposed pipeline achieves an average 94% true positive rate and 91% true negative rate for the classification task and an average F1-score of 92% for the named entity recognition task, across three case study infrastructures.

URLhttps://ieeexplore.ieee.org/document/8852475/
DOI10.1109/IJCNN.2019.8852475
Citation Keydionisio_cyberthreat_2019