Cybersecurity Text Data Classification and Optimization for CTI Systems

Abstract

Cyber threat intelligence systems provide a way to prioritize alerts and allow security teams to focus on critical threats and utilize their resources more efficiently. One challenge in these systems comes in accurately classifying the data that is input and processed within the system which is critical to producing meaningful output. To tackle this problem, in this paper we research text-based cybersecurity data classification methods using a multi-layer keyword filtering method and unsupervised learning methods using doc2vec. We also look at how we can optimize the accuracy and efficiency of cyber threat intelligence systems through the use of ensemble learning. This research will help with prioritization of cyber threat intelligence systems which allow security teams to use their resources more efficiently.