SMARTER DETECTION OF NEW INTRODUCTORY CYBERTHREATS USING NATURAL LANGUAGE PROCESSING

Abstract

More and more, the amount of time that elapses between the discovery of a new cyber vulnerability and its exploitation by cybercriminals is shrinking. This is well shown by recent incidents, such the Log4j vulnerability. Attackers began searching the web for sites that could be susceptible to the exploit in order to install malware such as bitcoin miners and ransomware on those servers within hours of the vulnerability's announcement. For this reason, early threat and capability detection is crucial for cyber security defence strategies in order to maximise the efficacy of preventative measures. The enormous amount of data and information sources that need to be analysed for indications that a danger is growing makes finding new threats a tough undertaking for security analysts, despite how vital it is. To that end, we provide a system that can automatically detect and profile new threats based on their characteristics, with MITRE ATT&CK serving as a database of threat information and Twitter posts as an event source. The three key components of the framework are as follows: first, the ability to recognise and identify cyber threats; second, the use of two machine learning layers to filter and categorise tweets in order to create a profile of the detected danger; and third, the creation of alarms depending on the risk posed by the threat. In order to better understand the dangers and find ways to counter them, our study primarily focusses on a new way to profile them based on their intents or aims. Our tests showed that the profiling stage was 77% accurate in its threat profiling.