Security Osif: Toward Automatic Discovery And Analysis Of Event Based Cyber Threat Intelligence

To adapt to the rapidly evolving landscape of cyber threats, efficient collection and analysis of cyber threat intelligence (CTI) is crucial for safety staff to implement a proactive cyber defense, such as security hardening or incident responding. However, with the exponential increase in open source information, cyber threat intelligence becomes increasing hard to gather from wild open source by human efforts. Furthermore, automatically determining cyber intelligent information with respect to relevant threats reported or newsletter remains a challenge, largely due to the lack of corresponding principles or rules to analyze semantics and contextual information that present in textual representations. To overcome these limitation, this paper propose a security open source intelligence framework (OSIF) to automatically analyze unstructured text for generating event based cyber threat intelligent. It uses several technologies such as natural language process, machine learning and data mining to extract cybersecurity event related information (device, organization, location, etc.) and Common Vulnerabilities and Exposure (CVE) for threat actor profiling. Finally, we perform a comprehensive structural and conceptual evaluation of critical threats on dataset that collected from dozens of websites. And the experiments that conducted on the dataset demonstrate that our approach have a considerable performance.