EventHunter: Dynamic Clustering and Ranking of Security Events from Hacker Forum Discussions
This work addresses fundamental challenges in automated threat detection and analysis for cybersecurity analysts, though it is incremental as it builds on existing Transformer and clustering methods.
The paper tackles the problem of extracting actionable intelligence from noisy hacker forum discussions by presenting an unsupervised framework that automatically detects, clusters, and prioritizes security events, effectively reducing noise and surfacing high-priority threats for proactive responses.
Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and prioritizes security events discussed across hacker forum posts. Our approach leverages Transformer-based embeddings fine-tuned with contrastive learning to group related discussions into distinct security event clusters, identifying incidents like zero-day disclosures or malware releases without relying on predefined keywords. The framework incorporates a daily ranking mechanism that prioritizes identified events using quantifiable metrics reflecting timeliness, source credibility, information completeness, and relevance. Experimental evaluation on real-world hacker forum data demonstrates that our method effectively reduces noise and surfaces high-priority threats, enabling security analysts to mount proactive responses. By transforming disparate hacker forum discussions into structured, actionable intelligence, our work addresses fundamental challenges in automated threat detection and analysis.