EXTRACTING EXPLOITS AND ATTACK VECTORS FROM CYBERSECURITY NEWS USING NLP

Cybersecurity has an immense impact on society as it enables the digital protection of individuals and enterprises against an increasing number of online threats. Moreover, the rate at which attackers discover and exploit critical vulnerabilities outperforms the vendors' capabilities to respond accordingly and provide security patches. As such, open-source intelligence data (OSINT) has become a valuable resource, from which details on zero-day vulnerabilities can be retrieved and timely actions can be taken before the patches become available. In this paper we propose a method to automatically label articles on vulnerabilities and cyberattacks from trusted sources. Using Named Entity Recognition, we extract essential information about new vulnerabilities, such as the exploit's public release and the environment in which the attack's exploitation is possible. Our balanced dataset contains 1095 samples out of which 250 entries are from cybersecurity articles; the rest of the articles were crawled and annotated from the U.S. Government's Vulnerability Database, whereas automated text augmentation techniques were also considered. Our model built on top of spaCy obtained an overall performance of 75% recall on the Exploit Available task. When considering the Attack Vector metric, the model achieved the following recalls: Network 72%, Local 78%, and Physical 92%.