Abstract:In today's digital landscape, where cyber attacks have become the norm, the detection of cyber attacks and threats is critically imperative across diverse domains. Our research presents a new empirical framework for cyber threat modeling, adept at parsing and categorizing cyber-related information from news articles, enhancing real-time vigilance for market stakeholders. At the core of this framework is a fine-tuned BERT model, which we call CANAL - Cyber Activity News Alerting Language Model, tailored for cyber categorization using a novel silver labeling approach powered by Random Forest. We benchmark CANAL against larger, costlier LLMs, including GPT-4, LLaMA, and Zephyr, highlighting their zero to few-shot learning in cyber news classification. CANAL demonstrates superior performance by outperforming all other LLM counterparts in both accuracy and cost-effectiveness. Furthermore, we introduce the Cyber Signal Discovery module, a strategic component designed to efficiently detect emerging cyber signals from news articles. Collectively, CANAL and Cyber Signal Discovery module equip our framework to provide a robust and cost-effective solution for businesses that require agile responses to cyber intelligence.

What problem does this paper attempt to address?

The problem that this paper attempts to solve is how to efficiently and accurately parse and classify information related to cyber - attacks and threats from news articles in today's digital environment where cyber - attacks are becoming more frequent and complex. Specifically, the paper proposes a new framework aiming to meet this challenge in the following two aspects: 1. **Effectively Classifying Cyber - related News**: Classify news articles into five different categories, including recent cyber - attacks, legal proceedings, future threats, preventive measures, and others. This helps to systematically organize and analyze a large amount of incoming cyber - related information, thereby improving the efficiency of processing cyber - threat intelligence. 2. **Discovering Emerging Cyber - threat Signals**: Identify and highlight emerging cyber - threats and signals from news articles. This is crucial for timely detection of new cyber - attack trends and potential risks. To achieve these goals, the paper introduces CANAL (Cyber Activity News Alerting Language Model), a language model fine - tuned based on the BERT model and specifically used for cyber - news classification. In addition, a module named "Emerging Cyber Signal Discovery Module" has been developed to detect and record new cyber - attack terms in order to adapt to the ever - changing cyber - threat environment. Overall, this research provides a cost - effective solution that has a higher cost - performance ratio compared to large language models (LLMs) and performs well in terms of accuracy and cost - effectiveness. ### Problem Summary The core problems of the paper are: - How to efficiently and accurately parse and classify information related to cyber - attacks and threats from news articles. - How to develop a system capable of real - time monitoring and early warning of cyber - threats using limited training data and computing resources. ### Solution Overview The main solutions proposed in the paper include: 1. **CANAL Model**: A fine - tuned model based on BERT, specifically used for cyber - news classification. 2. **Five - category Cyber - news Classification**: Classify news into "recent cyber - attacks", "legal proceedings", "future threats", "preventive measures", and others. 3. **Emerging Cyber - signal Discovery Module**: Automatically identify and record new cyber - attack terms. 4. **Random Forest Silver - label Method**: Used to expand the training data set and improve the generalization ability of the model. Through these methods, the paper shows how to reduce costs while ensuring high precision, providing new ideas and technical means for real - time monitoring and early warning in the field of network security.

CANAL -- Cyber Activity News Alerting Language Model: Empirical Approach vs. Expensive LLM

SecureBERT and LLAMA 2 Empowered Control Area Network Intrusion Detection and Classification

PLLM-CS: Pre-trained Large Language Model (LLM) for cyber threat detection in satellite networks

Large Language Models for Cyber Security: A Systematic Literature Review

CyberSecEval 2: A Wide-Ranging Cybersecurity Evaluation Suite for Large Language Models

CS-Eval: A Comprehensive Large Language Model Benchmark for CyberSecurity

On the Uses of Large Language Models to Interpret Ambiguous Cyberattack Descriptions

Cyber Knowledge Completion Using Large Language Models

Large Language Models in Cybersecurity: State-of-the-Art

LLMs Killed the Script Kiddie: How Agents Supported by Large Language Models Change the Landscape of Network Threat Testing

CyberPal.AI: Empowering LLMs with Expert-Driven Cybersecurity Instructions

FANAL -- Financial Activity News Alerting Language Modeling Framework

Towards Characterizing Cyber Networks with Large Language Models

The Use of Large Language Models (LLM) for Cyber Threat Intelligence (CTI) in Cybercrime Forums

Cyber Situation Awareness with Active Learning for Intrusion Detection

Using Large Language Models for Cybersecurity Capture-The-Flag Challenges and Certification Questions

SecureNet: A Comparative Study of DeBERTa and Large Language Models for Phishing Detection

Evaluating the Efficacy of Large Language Models in Identifying Phishing Attempts

Next-Generation Phishing: How LLM Agents Empower Cyber Attackers