Monitoring Social Media for Vulnerability-Threat Prediction and Topic Analysis

Publicly available software vulnerabilities and exploit code are often abused by malicious actors to launch cyberattacks to vulnerable targets. Organizations not only have to update their software to the latest versions, but do effective patch management and prioritize security-related patching as well. In addition to intelligence sources such as Computer Emergency Response Team (CERT) alerts, cybersecurity news, national vulnerability database (NBD), and commercial cybersecurity vendors, social media is another valuable source that facilitates early stage intelligence gathering. To early detect future cyber threats based on publicly available resources on the Internet, we propose a dynamic vulnerability-threat assessment model to predict the tendency to be exploited for vulnerability entries listed in Common Vulnerability Exposures, and also to analyze social media contents such as Twitter to extract meaningful information. The model takes multiple aspects of vulnerabilities gathered from different sources into consideration. Features range from profile information to contextual information about these vulnerabilities. For the social media data, this study leverages machine learning techniques specially for Twitter which helps to filter out non-cybersecurity-related tweets and also label the topic categories of each tweet. When applied to predict the vulnerabilities exploitation and analyzed the real-world social media discussion data, it showed promising prediction accuracy with purified social media intelligence. Moreover, the AI-enabling modules have been deployed into a threat intelligence platform for further applications.