Creating Proactive Cyber Threat Intelligence with Hacker Exploit Labels: A Deep Transfer Learning Approach

In stock

Publication History

Received: December 22, 2020
Revised: November 4, 2021; July 13, 2022; January 25, 2023; April 4, 2023; May 20, 2023
Accepted: May 23, 2023
Published Online in Issue: March 1, 2024

Downloadable File

The rapid proliferation of complex information systems has been met by an ever-increasing quantity of exploits that can cause irreparable cyber breaches. To mitigate these cyber threats, academia and industry have placed a significant focus on proactively identifying and labeling exploits developed by the international hacker community. However, prevailing approaches for labeling exploits in hacker forums do not leverage metadata from exploit darknet markets or public exploit repositories to enhance labeling performance. In this study, we adopted the computational design science paradigm to develop a novel information technology artifact, the deep transfer learning exploit labeler (DTL-EL). DTL-EL incorporates a pre-initialization design, multi-layer deep transfer learning (DTL), and a self-attention mechanism to automatically label exploits in hacker forums. We rigorously evaluated the proposed DTL-EL against state-of-the-art non-DTL benchmark methods based in classical machine learning and deep learning. Results suggest that the proposed DTL-EL significantly outperforms benchmark methods based on accuracy, precision, recall, and F1-score. Our proposed DTL-EL framework provides important practical implications for key stakeholders such as cybersecurity managers, analysts, and educators.

Additional Details
Author Benjamin M. Ampel, Sagar Samtani, Hongyi Zhu, and Hsinchun Chen
Year 2024
Volume 48
Issue 1
Keywords Hacker forums, cyber threat intelligence, cybersecurity analytics, deep transfer learning, deep learning, exploit labeling, computational design science
Page Numbers 137-166
Copyright © 2023 MISQ. All rights reserved.