Identification of New Cyberthreats and Natural Language Processing-Based Profiling

In the field of cybersecurity, protecting systems and data requires the ability to recognize and comprehend cyberthreats. In order to improve threat categorization, this article proposes a comprehensive system that combines the MITRE ATT&CK knowledge base with an event source. There are three primary parts to the framework: (1) the classification and identification of cyberthreats, (2) utilizing a two-layered machine learning technique for tweet classification and filtering in order to profile the objectives or goals of threats that have been detected, and (3) raising alarms in response to the threat's assessed risk. This research made a substantial contribution with the methods it created to describe the objectives or goals of identified threats. This method not only provides deeper insights into the nature of the threat but also suggests effective strategies for mitigation. Experimental evaluations of our profiling methodology yielded promising results, with an F1 score of 77%, indicating its effectiveness in accurately characterizing detected threats. By leveraging both an event source and the rich threat intelligence of MITRE ATT&CK, our framework offers a robust approach to cybersecurity threat characterization. This holistic perspective enhances threat awareness and empowers organizations to proactively defend against evolving cyber threats.