IOCMonitor: Automatic extraction of cyber threat intelligence from open source data using NLP and Machine Learning

In cyber security, having reliable, updated information, in the form of indicators of compomise, is critical for enhancing security and resilience. This information can be found on publicly available sources such as social media and blog publications. However, those publications are meant for other people to read, thus they are written in natural language and cannot be easily parsed by a piece of software. Indicators of compromise usually have a specific format that allows using regular expressions to find them, at the cost of a large amount of false positives. This work presents IoCMonitor, a software system for IoC extraction that takes in account the text in which the IoC is presented and uses the context to validate it, in order to minimize the false positives. Experimental results show IoCMonitor performs well, with a high precision above 95%.