| Abstract
|
Receiving timely and relevant security inf … Receiving timely and relevant security information is crucial for maintaining a high-security level on an IT infrastructure. This information can be extracted from Open Source Intelligence published daily by users, security organisations, and researchers. In particular, Twitter has become an information hub for obtaining cutting-edge information about many subjects, including cybersecurity. This work proposes SYNAPSE, a Twitter-based streaming threat monitor that generates a continuously updated summary of the threat landscape related to a monitored infrastructure. SYNAPSE is designed to accurately select any kind of cybersecurity events and summarise them for the convenience of security analysts. Its tweet-processing pipeline is composed of filtering, feature extraction, binary classification, an innovative clustering strategy, and generation of Indicators of Compromise (IoCs). A quantitative evaluation considering over 195.000 tweets from 80 accounts over more than 8 months, shows that our approach successfully finds the majority of security-related tweets concerning an example IT infrastructure (true positive rate above 90%), incorrectly selects a small number of tweets as relevant (false positive rate under 10%), and summarises the results in few IoCs per day. A qualitative evaluation of the IoCs generated by SYNAPSE demonstrates their relevance, and timeliness. Finally, we provide some highlights of a real-world integration of SYNAPSE with the Security Operation Center of a nation-wide electric utility. Center of a nation-wide electric utility.
|
