Using Event Extraction for Cyber Threat Intelligence

Companies looking to discover threats in today’s ever-evolving cyber threatscape rely on cyber professionals — human analysts who go through time-consuming manual reviews of enormous amounts of threat intelligence data. This review process creates a bottleneck in which attackers are always ten steps ahead of potential victims.

Cyber professionals need access to a technology that quickly and accurately recognizes critical information about cyber threats such as the nature of an attack, when it occurred, where, why, and by whom. Most of this information is available in records written in free text. Simply searching for expressions such as “cyber attack” will result in many innocent texts, which we would want to ignore. 

This talk will cover how event extraction technologies are being used today to rapidly find only information referring to a real cyber attack event, and ignore innocent texts. We will discuss the challenges that an NLP system for cybersecurity has to overcome, such as noisy channels of information and searching through social media posts and chat messages in the darknet for those contain relevant code words and specific vocabulary.