Project Description

This project focuses to identify and discover real time cyber threats in computing systems using machine learning approaches applied to the datasets gathered from different open source online networks such as online social networks, security blogs, technical forums, sources, etc. The purposes of this project are mentioned below

1. Detecting cyber threat events in real time
2. Help the community to deal with the new attack techniques and vulnerabilities
3. Try to use open source network as a potential source of cyber threat information effectively
4. Promote this project to make it an open source tool, so that the expert community can also contribute

Keywords

OSINT, Threat Intel, Event Detection, Topic Modeling, spatiotemporal pattern recognition

Methods

The first paper published in this effort presents a framework for the detection and classification of cyber threat indicators in the Twitter stream. Contrary to the bulk of similar proposals that rely on manually-designed heuristics and keyword-based filtering of tweets, our framework provides a data-driven approach for modeling and classification of tweets that are related to cybersecurity events. We present a cascaded Convolutional Neural Network (CNN) architecture, comprised of a binary classifier for the detection of cyber-related tweets, and a multi-class model for the classification of cyber-related tweets into multiple types of cyber threats. Furthermore, we present an open-source dataset of 21000 annotated cyber-related tweets to facilitate the validation and further research in this area.

Current Team Members

• Avishek Bose
• Yihong Theis
• BreAnn Anshutz (on hiatus)
• Cytisus Eurydice (University of New Haven)
• Shreya Gopal (University of New Haven)
• Marissa Shivers
• Ahat Orazgeldiyev
• Brynn Rittenhouse
• PI: William H. Hsu

Affiliate Research Groups

• Lab of Dr. Vahid Behzadan, University of New Haven
• Center for Information and Systems Assurance

Alumni

• Vahid Behzadan, Ph.D. 2019
• Carlos Aguirre, B.S. 2018
• Emily Davich, B.S. 2020

Data Sets

Our initial dataset of ~21000 manually annotated tweets for their relevance to cyber-threat intelligence and the type of threat is available in the project's Git Repository. For more information on the collection, annotation, and structure of the dataset, please refer to the relevant paper.

Source Code

References

Background and Related Work

KDD Lab Publications

1. Bose, A., Gopal Sundari, S., Behzadan, V., & Hsu, W. (2021). Tracing Relevant Twitter Accounts Active in Cyber Threat Intelligence Domain by Exploiting Content and Structure of Twitter Network. In *Proceedings of 19th IEEE International Conference on Intelligence and Security Informatics, ISI 2021*, San Antonio, TX, USA, November 2-3, 2021.
2. Bose, A., Behzadan, V., Aguirre, C., & Hsu, W. H. (2019). A Novel Approach for Detection and Ranking of Trendy and Emerging Cyber Threat Events in Twitter Streams. *Proceedings of the Foundations of Open Source Intelligence and Security Informatics (FOSINT-SI 2019)*, Vancouver, Canada, August 27, 2019, to appear.
3. Behzadan, V., Aguirre, C., Bose, A., & Hsu, W. (2018). Corpus and Deep Learning Classifier for Collection of Cyber Threat Indicators in Twitter Stream. Proceedings of the IEEE International Conference on Big Data 2018 (IEEE BigData 2018) Workshop on Big Data Analytics for Cyber Threat Hunting (CyberHunt 2018), Seattle, WA, USA, December 10-13, 2018.

Last updated by vinnysun1 on Nov 30, 2023