CANAL -- Cyber Activity News Alerting Language Model: Empirical Approach vs. Expensive LLM
This provides a cost-effective solution for businesses needing real-time cyber intelligence, though it is incremental as it builds on existing BERT and Random Forest methods.
The researchers tackled cyber threat detection by developing CANAL, a fine-tuned BERT model for categorizing cyber-related news articles, which outperformed larger LLMs like GPT-4 in accuracy and cost-effectiveness.
In today's digital landscape, where cyber attacks have become the norm, the detection of cyber attacks and threats is critically imperative across diverse domains. Our research presents a new empirical framework for cyber threat modeling, adept at parsing and categorizing cyber-related information from news articles, enhancing real-time vigilance for market stakeholders. At the core of this framework is a fine-tuned BERT model, which we call CANAL - Cyber Activity News Alerting Language Model, tailored for cyber categorization using a novel silver labeling approach powered by Random Forest. We benchmark CANAL against larger, costlier LLMs, including GPT-4, LLaMA, and Zephyr, highlighting their zero to few-shot learning in cyber news classification. CANAL demonstrates superior performance by outperforming all other LLM counterparts in both accuracy and cost-effectiveness. Furthermore, we introduce the Cyber Signal Discovery module, a strategic component designed to efficiently detect emerging cyber signals from news articles. Collectively, CANAL and Cyber Signal Discovery module equip our framework to provide a robust and cost-effective solution for businesses that require agile responses to cyber intelligence.