A Framework for Unsupervised Classificiation and Data Mining of Tweets about Cyber Vulnerabilities
This addresses the need for timely cyber threat intelligence by augmenting NVD-based tools with social media data, though it is incremental as it applies existing methods to a new domain.
The paper tackles the problem of the National Vulnerability Database (NVD) being outdated by developing an unsupervised framework to classify tweets about cyber vulnerabilities, achieving 83.52% accuracy and an F1 score of 83.88 with a BART model for zero-shot classification.
Many cyber network defense tools rely on the National Vulnerability Database (NVD) to provide timely information on known vulnerabilities that exist within systems on a given network. However, recent studies have indicated that the NVD is not always up to date, with known vulnerabilities being discussed publicly on social media platforms, like Twitter and Reddit, months before they are published to the NVD. To that end, we present a framework for unsupervised classification to filter tweets for relevance to cyber security. We consider and evaluate two unsupervised machine learning techniques for inclusion in our framework, and show that zero-shot classification using a Bidirectional and Auto-Regressive Transformers (BART) model outperforms the other technique with 83.52% accuracy and a F1 score of 83.88, allowing for accurate filtering of tweets without human intervention or labelled data for training. Additionally, we discuss different insights that can be derived from these cyber-relevant tweets, such as trending topics of tweets and the counts of Twitter mentions for Common Vulnerabilities and Exposures (CVEs), that can be used in an alert or report to augment current NVD-based risk assessment tools.