{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T02:19:31Z","timestamp":1771467571254,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,9,30]],"date-time":"2024-09-30T00:00:00Z","timestamp":1727654400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"TIM S.p.A.","award":["0"],"award-info":[{"award-number":["0"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,9,30]]},"DOI":"10.1145\/3678890.3678930","type":"proceedings-article","created":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T22:23:36Z","timestamp":1727648616000},"page":"368-383","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["You Might Have Known It Earlier: Analyzing the Role of Underground Forums in Threat Intelligence"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2570-1957","authenticated-orcid":false,"given":"Tommaso","family":"Paladini","sequence":"first","affiliation":[{"name":"Politecnico di Milano, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-7170-7595","authenticated-orcid":false,"given":"Lara","family":"Ferro","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0925-2306","authenticated-orcid":false,"given":"Mario","family":"Polino","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4710-5283","authenticated-orcid":false,"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8284-6074","authenticated-orcid":false,"given":"Michele","family":"Carminati","sequence":"additional","affiliation":[{"name":"Politecnico di Milano, Italy"}]}],"member":"320","published-online":{"date-parts":[[2024,9,30]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Industrial-strength natural language processing. https:\/\/spacy.io\/"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. Threat Intelligence Market Size Share Growth & Trends [2030] \u2014 fortunebusinessinsights.com. https:\/\/www.fortunebusinessinsights.com\/threat-intelligence-market-102984. [Accessed 18-03-2024]."},{"key":"e_1_3_2_1_3_1","unstructured":"abuse.ch. [n. d.]. URLhaus | Malware URL exchange. https:\/\/urlhaus.abuse.ch\/"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/BIGDATA50022.2020.9378220"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI49825.2020.9280548"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1155\/2021"},{"key":"e_1_3_2_1_7_1","unstructured":"Bitdefender. [n. d.]. Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966. https:\/\/www.bitdefender.com\/blog\/businessinsights\/tech-advisory-manageengine-cve-2022-47966\/"},{"key":"e_1_3_2_1_8_1","unstructured":"Blackberry. [n. d.]. Agent Tesla Malware. https:\/\/www.blackberry.com\/us\/en\/solutions\/endpoint-security\/ransomware-protection\/agent-tesla"},{"key":"e_1_3_2_1_9_1","volume-title":"Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020","author":"Brown B.","year":"2020","unstructured":"Tom\u00a0B. Brown, Benjamin Mann, Nick Ryder, Melanie Subbiah, Jared Kaplan, Prafulla Dhariwal, Arvind Neelakantan, Pranav Shyam, Girish Sastry, Amanda Askell, Sandhini Agarwal, Ariel Herbert-Voss, Gretchen Krueger, Tom Henighan, Rewon Child, Aditya Ramesh, Daniel\u00a0M. Ziegler, Jeffrey Wu, Clemens Winter, Christopher Hesse, Mark Chen, Eric Sigler, Mateusz Litwin, Scott Gray, Benjamin Chess, Jack Clark, Christopher Berner, Sam McCandlish, Alec Radford, Ilya Sutskever, and Dario Amodei. 2020. Language Models are Few-Shot Learners. In Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6-12, 2020, virtual, Hugo Larochelle, Marc\u2019Aurelio Ranzato, Raia Hadsell, Maria-Florina Balcan, and Hsuan-Tien Lin (Eds.). https:\/\/proceedings.neurips.cc\/paper\/2020\/hash\/1457c0d6bfcb4967418bfb8ac142f64a-Abstract.html"},{"key":"e_1_3_2_1_10_1","first-page":"1126","article-title":"Retrieving potential cybersecurity information from hacker forums","volume":"23","author":"Chen Chia-Mei","year":"2021","unstructured":"Chia-Mei Chen, Dan-Wei Wen, Ya-Hui Ou, Wei-Chih Chao, and Zheng-Xun Cai. 2021. Retrieving potential cybersecurity information from hacker forums. Int. J. Netw. Secur 23, 6 (2021), 1126\u20131138.","journal-title":"Int. J. Netw. Secur"},{"key":"e_1_3_2_1_11_1","unstructured":"CISA. 2018. Quasar Open-Source Remote Administration Tool. https:\/\/www.cisa.gov\/news-events\/analysis-reports\/ar18-352a"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2011.5984062"},{"key":"e_1_3_2_1_13_1","unstructured":"Cyble. [n. d.]. EvilCoder Project Selling Multiple Dangerous Tools Online. https:\/\/cyble.com\/blog\/evilcoder-project-selling-multiple-dangerous-tools-online\/"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/BIGDATA55660.2022.10020397"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258359"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.18653\/V1"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2019.8852475"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-57878-7_14"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2017.8004867"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2020.wnut-1.15"},{"key":"e_1_3_2_1_21_1","unstructured":"HYPR. [n. d.]. EternalBlue. https:\/\/www.hypr.com\/security-encyclopedia\/eternalblue"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASONAM49781.2020.9381356"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.acl-long.415"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.COSE.2022.102763"},{"key":"e_1_3_2_1_25_1","volume-title":"Factuality Enhanced Language Models for Open-Ended Text Generation. In Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022","author":"Lee Nayeon","year":"2022","unstructured":"Nayeon Lee, Wei Ping, Peng Xu, Mostofa Patwary, Pascale Fung, Mohammad Shoeybi, and Bryan Catanzaro. 2022. Factuality Enhanced Language Models for Open-Ended Text Generation. In Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, NeurIPS 2022, New Orleans, LA, USA, November 28 - December 9, 2022, Sanmi Koyejo, S.\u00a0Mohamed, A.\u00a0Agarwal, Danielle Belgrave, K.\u00a0Cho, and A.\u00a0Oh (Eds.). http:\/\/papers.nips.cc\/paper_files\/paper\/2022\/hash\/df438caa36714f69277daa92d608dd63-Abstract-Conference.html"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2020.2981314"},{"key":"e_1_3_2_1_27_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Li Vector\u00a0Guo","year":"2019","unstructured":"Vector\u00a0Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey\u00a0M. Voelker, and Stefan Savage. 2019. Reading the Tea leaves: A Comparative Analysis of Threat Intelligence. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 851\u2013867. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17140-6_29"},{"key":"e_1_3_2_1_29_1","volume-title":"SecBERT: Analyzing reports using BERT-like models. Master\u2019s thesis","author":"Liberato Matteo","unstructured":"Matteo Liberato. 2022. SecBERT: Analyzing reports using BERT-like models. Master\u2019s thesis. University of Twente."},{"key":"e_1_3_2_1_30_1","volume-title":"RoBERTa: A Robustly Optimized BERT Pretraining Approach. CoRR abs\/1907.11692","author":"Liu Yinhan","year":"2019","unstructured":"Yinhan Liu, Myle Ott, Naman Goyal, Jingfei Du, Mandar Joshi, Danqi Chen, Omer Levy, Mike Lewis, Luke Zettlemoyer, and Veselin Stoyanov. 2019. RoBERTa: A Robustly Optimized BERT Pretraining Approach. CoRR abs\/1907.11692 (2019). arXiv:1907.11692http:\/\/arxiv.org\/abs\/1907.11692"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSR51186.2021.9527975"},{"key":"e_1_3_2_1_32_1","volume-title":"Definition: threat intelligence. Gartner. com 5","author":"McMillan Rob","year":"2013","unstructured":"Rob McMillan. 2013. Definition: threat intelligence. Gartner. com 5 (2013)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.3115\/977035.977037"},{"key":"e_1_3_2_1_34_1","unstructured":"OpenAI. 2024. GPT-4 is OpenAI\u2019s most advanced system producing safer and more useful responses. https:\/\/openai.com\/index\/gpt-4\/"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_10"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186178"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00071"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the Botconf","author":"Plohmann Daniel","year":"2017","unstructured":"Daniel Plohmann, Martin Clauss, Steffen Enders, and Elmar Padilla. 2017. Malpedia: a collaborative effort to inventorize the malware landscape. Proceedings of the Botconf (2017)."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3571726"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2016.7745437"},{"key":"e_1_3_2_1_41_1","volume-title":"Comparing Proactive vs. Reactive Cybersecurity","author":"Technologies Sangfor","year":"2023","unstructured":"Sangfor Technologies. 2023. Comparing Proactive vs. Reactive Cybersecurity in 2023. https:\/\/www.sangfor.com\/blog\/cybersecurity\/proactive-vs-reactive-cybersecurity-2023"},{"key":"e_1_3_2_1_42_1","volume-title":"Early Warnings of Cyber Threats in Online Discussions. CoRR abs\/1801.09781","author":"Sapienza Anna","year":"2018","unstructured":"Anna Sapienza, Alessandro Bessi, Saranya Damodaran, Paulo Shakarian, Kristina Lerman, and Emilio Ferrara. 2018. Early Warnings of Cyber Threats in Online Discussions. CoRR abs\/1801.09781 (2018). arXiv:1801.09781http:\/\/arxiv.org\/abs\/1801.09781"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3184558.3191528"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00046"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3342112"},{"key":"e_1_3_2_1_46_1","unstructured":"SecurityWeek. [n. d.]. Developers of Android RAT DroidJack Traced to India. https:\/\/www.securityweek.com\/developers-android-rat-droidjack-traced-india\/"},{"key":"e_1_3_2_1_47_1","unstructured":"Sophos News. [n. d.]. Is the Angler exploit kit dead?https:\/\/news.sophos.com\/en-us\/2016\/06\/16\/is-angler-exploit-kit-dead\/"},{"key":"e_1_3_2_1_48_1","unstructured":"Talos Intelligence. [n. d.]. Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities. https:\/\/blog.talosintelligence.com\/typhon-reborn-v2-features-enhanced-anti-analysis\/"},{"key":"e_1_3_2_1_49_1","unstructured":"The Hacker News. [n. d.]. Researchers Warn of \"Eternity Project\" Malware Service Being Sold via Telegram. https:\/\/thehackernews.com\/2022\/05\/researchers-warn-of-eternity-project.html"},{"key":"e_1_3_2_1_50_1","volume-title":"Proceedings, Part II 20","author":"Tundis Andrea","year":"2020","unstructured":"Andrea Tundis, Samuel Ruppert, and Max M\u00fchlh\u00e4user. 2020. On the automated assessment of open-source cyber threat intelligence sources. In Computational Science\u2013ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3\u20135, 2020, Proceedings, Part II 20. Springer, 453\u2013467."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423636"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSCWD54268.2022.9776031"},{"key":"e_1_3_2_1_53_1","unstructured":"Wired. [n. d.]. How the Boy Next Door Accidentally Built a Syrian Spy Tool. https:\/\/www.wired.com\/2012\/07\/dark-comet-syrian-spy-tool\/"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1017\/S1351324910000306"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1162\/COLI_R_00024"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00039"}],"event":{"name":"RAID '24: The 27th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Padua Italy","acronym":"RAID '24"},"container-title":["The 27th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678930","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678890.3678930","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:00Z","timestamp":1750295880000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678890.3678930"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,30]]},"references-count":56,"alternative-id":["10.1145\/3678890.3678930","10.1145\/3678890"],"URL":"https:\/\/doi.org\/10.1145\/3678890.3678930","relation":{},"subject":[],"published":{"date-parts":[[2024,9,30]]},"assertion":[{"value":"2024-09-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}