{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T17:58:36Z","timestamp":1765821516158,"version":"3.48.0"},"reference-count":149,"publisher":"Association for Computing Machinery (ACM)","issue":"4","funder":[{"name":"Hilti Foundation and the Research Foundation"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2025,12,31]]},"abstract":"<jats:p>Cyber Threat Intelligence (CTI) is a fundamental activity to ensure the protection of modern organizations against sophisticated cyberattackers. A large body of literature has addressed problems related to CTI. Despite the scientific validity of such results, the reality is that CTI practitioners rarely deploy advanced CTI methods proposed by the research community and mostly rely on manual processes. We seek to facilitate the manual analyses typical for CTI practice by proposing a novel topic modeling technique that enables analysts to identify specific topics in CTI data sources. We demonstrate how our method, released as an open source tool, can be used to investigate three case studies revolving around the research question whether attackers are deploying AI for malicious purposes \u201cin the wild,\u201d and, if so, what features of AI interest them the most. We analyzed 7 million discussions from 18 underground forums. Our findings reveal that attackers may favor easy-to-use AI toolkits over the sophisticated AI techniques envisioned in research papers. Our contributions are further validated by a user study (N\u00a0=\u00a024) with CTI experts, confirming the relevance of our research. Ultimately, we advocate future endeavors to account for the opinion of CTI practitioners\u2014who should, in turn, try to cooperate.<\/jats:p>","DOI":"10.1145\/3766908","type":"journal-article","created":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T16:38:43Z","timestamp":1758127123000},"page":"1-40","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Using a Stack to Find an AI Needle: Topic Modeling for Cyber Threat Intelligence"],"prefix":"10.1145","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2952-5228","authenticated-orcid":false,"given":"Saskia Laura","family":"Schr\u00f6er","sequence":"first","affiliation":[{"name":"Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4133-0535","authenticated-orcid":false,"given":"Jeremy D.","family":"Seideman","sequence":"additional","affiliation":[{"name":"Computer Science Department, CUNY Graduate Center, New York, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3488-4783","authenticated-orcid":false,"given":"Shoufu","family":"Luo","sequence":"additional","affiliation":[{"name":"Computer Science Department, CUNY Graduate Center, New York, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6890-9611","authenticated-orcid":false,"given":"Giovanni","family":"Apruzzese","sequence":"additional","affiliation":[{"name":"Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8326-9930","authenticated-orcid":false,"given":"Sven","family":"Dietrich","sequence":"additional","affiliation":[{"name":"Computer Science Department, Hunter College, New York, New York, USA and Computer Science Department, CUNY Graduate Center, New York, New York, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3212-7167","authenticated-orcid":false,"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[{"name":"Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,12,15]]},"reference":[{"key":"e_1_3_3_2_2","first-page":"2232","volume-title":"IEEE International Conference on Big Data","author":"Adewopo Victor","year":"2020","unstructured":"Victor Adewopo, Bilal Gonen, and Festus Adewopo. 2020. Exploring open source information for cyber threat intelligence. In IEEE International Conference on Big Data. IEEE, 2232\u20132241."},{"key":"e_1_3_3_3_2","first-page":"212","volume-title":"IEEE Symposium on Security and Privacy","author":"Afroz Sadia","year":"2014","unstructured":"Sadia Afroz, Aylin Caliskan Islam, Ariel Stolerman, Rachel Greenstadt, and Damon McCoy. 2014. Doppelg\u00e4nger finder: Taking stylometry to the underground. In IEEE Symposium on Security and Privacy. IEEE, 212\u2013226."},{"issue":"8","key":"e_1_3_3_4_2","doi-asserted-by":"crossref","first-page":"939","DOI":"10.1002\/asi.24311","article-title":"How integration of cyber security management and incident response enables organizational learning","volume":"71","author":"Ahmad Atif","year":"2020","unstructured":"Atif Ahmad, Kevin C. Desouza, Sean B. Maynard, Humza Naseer, and Richard L. Baskerville. 2020. How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology 71, 8 (2020), 939\u2013953.","journal-title":"Journal of the Association for Information Science and Technology"},{"issue":"1","key":"e_1_3_3_5_2","article-title":"Object detection through modified YOLO neural network","volume":"2020","author":"Ahmad Tanvir","year":"2020","unstructured":"Tanvir Ahmad, Yinglong Ma, Muhammad Yahya, Belal Ahmad, Shah Nazir, and Amin Ul Haq. 2020. Object detection through modified YOLO neural network. Scientific Programming 2020, 1 (2020), 10. Retrieved from https:\/\/onlinelibrary.wiley.com\/doi\/epdf\/10.1155\/2020\/8403262","journal-title":"Scientific Programming"},{"key":"e_1_3_3_6_2","article-title":"Cyber-threat intelligence for security decision-making: A review and research agenda for practice","volume":"132","author":"Ainslie Scott","year":"2023","unstructured":"Scott Ainslie, Dean Thompson, Sean Maynard, and Atif Ahmad. 2023. Cyber-threat intelligence for security decision-making: A review and research agenda for practice. Computers & Security 132 (2023), 103352.","journal-title":"Computers & Security"},{"key":"e_1_3_3_7_2","unstructured":"Bader Al-Sada Alireza Sadighian and Gabriele Oligeri. 2023. MITRE ATT&CK: State of the art and way forward. arXiv:2308.14016. Retrieved from https:\/\/arxiv.org\/abs\/2308.14016"},{"key":"e_1_3_3_8_2","first-page":"2783","volume-title":"31st USENIX Security Symposium","author":"Alahmadi Bushra A.","year":"2022","unstructured":"Bushra A. Alahmadi, Louise Axon, and Ivan Martinovic. 2022. 99% false positives: A qualitative study of SOC analysts\u2019 perspectives on security alarms. In 31st USENIX Security Symposium, 2783\u20132800."},{"key":"e_1_3_3_9_2","volume-title":"Americas Conference on Information Systems (AMCIS \u201922) TREOs","volume":"92","author":"Albizri Abdullah","year":"2022","unstructured":"Abdullah Albizri, Alaa Nehme, and Antoine Harfouche. 2022. A systematic review on using hacker forums on the dark web for cyber threat intelligence. In Americas Conference on Information Systems (AMCIS \u201922) TREOs, 92."},{"key":"e_1_3_3_10_2","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1145\/3630590.3630600","volume-title":"18th Asian Internet Engineering Conference","author":"Almashor Mahathir","year":"2023","unstructured":"Mahathir Almashor, Ejaz Ahmed, Benjamin Pick, Jason Xue, Sharif Abuadbba, Raj Gaire, Shuo Wang, Seyit Camtepe, and Surya Nepal. 2023. Unraveling threat intelligence through the lens of malicious URL campaigns. In 18th Asian Internet Engineering Conference, 78\u201386."},{"key":"e_1_3_3_11_2","first-page":"31","volume-title":"IEEE International Conference on Intelligence and Security Informatics","author":"Almukaynizi Mohammed","year":"2018","unstructured":"Mohammed Almukaynizi, Ericsson Marin, Eric Nunes, Paulo Shakarian, Gerardo I. Simari, Dipsy Kapoor, and Timothy Siedlecki. 2018. DARKMENTION: A deployed system to predict Enterprise-Targeted external cyberattacks. In IEEE International Conference on Intelligence and Security Informatics. IEEE, 31\u201336."},{"key":"e_1_3_3_12_2","first-page":"1","volume-title":"IEEE International Conference on Intelligence and Security Informatics","author":"Ampel Benjamin","year":"2020","unstructured":"Benjamin Ampel, Sagar Samtani, Hongyi Zhu, Steven Ullman, and Hsinchun Chen. 2020. Labeling hacker exploits for proactive cyber threat intelligence: A deep transfer learning approach. In IEEE International Conference on Intelligence and Security Informatics. IEEE, 1\u20136."},{"key":"e_1_3_3_13_2","first-page":"1","volume-title":"10th International Conference on Ubiquitous Information Management and Communication","author":"Anand Priya","year":"2016","unstructured":"Priya Anand, Jungwoo Ryoo, Hyoungshick Kim, and Eunhyun Kim. 2016. Threat assessment in the cloud environment: A quantitative approach for security pattern selection. In 10th International Conference on Ubiquitous Information Management and Communication, 1\u20138."},{"key":"e_1_3_3_14_2","first-page":"13","volume-title":"ACM Workshop on Artificial Intelligence and Security","author":"Anderson Hyrum S.","year":"2016","unstructured":"Hyrum S. Anderson, Jonathan Woodbridge, and Bobby Filar. 2016. DeepDGA: Adversarially-tuned domain generation and detection. In ACM Workshop on Artificial Intelligence and Security, 13\u201321."},{"key":"e_1_3_3_15_2","first-page":"339","volume-title":"IEEE Conference on Secure and Trustworthy Machine Learning","author":"Apruzzese Giovanni","year":"2023","unstructured":"Giovanni Apruzzese, Hyrum S. Anderson, Savino Dambra, David Freeman, Fabio Pierazzi, and Kevin Roundy. 2023. \u201cReal attackers don\u2019t compute gradients\u201d: Bridging the gap between adversarial ML research and practice. In IEEE Conference on Secure and Trustworthy Machine Learning. IEEE, 339\u2013364."},{"issue":"1","key":"e_1_3_3_16_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3545574","article-title":"The role of machine learning in cybersecurity","volume":"4","author":"Apruzzese Giovanni","year":"2023","unstructured":"Giovanni Apruzzese, Pavel Laskov, Edgardo Montes de Oca, Wissam Mallouli, Luis Brdalo Rapa, Athanasios Vasileios Grammatopoulos, and Fabio Di Franco. 2023. The role of machine learning in cybersecurity. Digital Threats: Research and Practice 4, 1 (2023), 1\u201338.","journal-title":"Digital Threats: Research and Practice"},{"key":"e_1_3_3_17_2","first-page":"592","volume-title":"8th European Symposium on Security and Privacy","author":"Apruzzese Giovanni","year":"2023","unstructured":"Giovanni Apruzzese, Pavel Laskov, and Johannes Schneider. 2023. SoK: Pragmatic assessment of machine learning for network intrusion detection. In 8th European Symposium on Security and Privacy. IEEE, 592\u2013614."},{"key":"e_1_3_3_18_2","unstructured":"Marco Arazzi Dincy R. Arikkat Serena Nicolazzo Antonino Nocera Rafidha Rehiman K. A. Vinod P. and Mauro Conti. 2023. NLP-based techniques for cyber threat intelligence. arXiv:2311.08807. Retrieved from https:\/\/arxiv.org\/abs\/2311.08807"},{"key":"e_1_3_3_19_2","first-page":"92","volume-title":"IEEE International Conference on Intelligence and Security Informatics","author":"Arnold Nolan","year":"2019","unstructured":"Nolan Arnold, Mohammadreza Ebrahimi, Ning Zhang, Ben Lazarine, Mark Patton, Hsinchun Chen, and Sagar Samtani. 2019. Dark-net ecosystem cyber-threat intelligence (CTI) tool. In IEEE International Conference on Intelligence and Security Informatics. IEEE, 92\u201397."},{"key":"e_1_3_3_20_2","first-page":"3971","volume-title":"31st USENIX Security Symposium","author":"Arp Daniel","year":"2022","unstructured":"Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and don\u2019ts of machine learning in computer security. In 31st USENIX Security Symposium, 3971\u20133988."},{"key":"e_1_3_3_21_2","first-page":"319","volume-title":"International Conference on Information Security","author":"Lin Aung Yan","year":"2022","unstructured":"Yan Lin Aung, Mart\u00edn Ochoa, and Jianying Zhou. 2022. ATLAS: A practical attack detection and live malware analysis system for IoT threat intelligence. In International Conference on Information Security. Springer, 319\u2013338."},{"issue":"3","key":"e_1_3_3_22_2","first-page":"1378","article-title":"DBank: Predictive behavioral analysis of recent android banking trojans","volume":"18","author":"Bai Chongyang","year":"2019","unstructured":"Chongyang Bai, Qian Han, Ghita Mezzour, Fabio Pierazzi, and V. S. Subrahmanian. 2019. DBank: Predictive behavioral analysis of recent android banking trojans. IEEE Transactions on Dependable and Secure Computing 18, 3 (2019), 1378\u20131393.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"2","key":"e_1_3_3_23_2","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1109\/MSP.2012.52","volume":"10","author":"Bailey Michael","year":"2012","unstructured":"Michael Bailey, David Dittrich, Erin Kenneally, and Doug Maughan. 2012. The Menlo Report. IEEE Security & Privacy 10, 2 (2012), 71\u201375.","journal-title":"IEEE Security & Privacy"},{"key":"e_1_3_3_24_2","unstructured":"Sean Barnum. 2012. Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corporation. Retrieved from https:\/\/www.mitre.org\/sites\/default\/files\/publications\/stix.pdf"},{"key":"e_1_3_3_25_2","doi-asserted-by":"crossref","first-page":"103430","DOI":"10.1016\/j.cose.2023.103430","article-title":"Multi-level fine-tuning, data augmentation, and few-shot learning for specialized cyber threat intelligence","volume":"134","author":"Bayer Markus","year":"2023","unstructured":"Markus Bayer, Tobias Frey, and Christian Reuter. 2023. Multi-level fine-tuning, data augmentation, and few-shot learning for specialized cyber threat intelligence. Computers & Security 134 (2023), 103430.","journal-title":"Computers & Security"},{"key":"e_1_3_3_26_2","unstructured":"Federico Bianchi Silvia Terragni and Dirk Hovy. 2020. Mono and Multi-Lingual Embeddings. Retrieved June 2 2023 from https:\/\/contextualized-topic-models.readthedocs.io\/en\/latest\/language.html#mono-and-multi-lingual-embeddings"},{"key":"e_1_3_3_27_2","volume-title":"59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing","author":"Bianchi Federico","year":"2021","unstructured":"Federico Bianchi, Silvia Terragni, and Dirk Hovy. 2021. Pre-training is a hot topic: Contextualized document embeddings improve topic coherence. In 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing. Association for Computational Linguistics."},{"key":"e_1_3_3_28_2","volume-title":"16th Conference of the European Chapter of the Association for Computational Linguistics","author":"Bianchi Federico","year":"2021","unstructured":"Federico Bianchi, Silvia Terragni, Dirk Hovy, Debora Nozza, and Elisabetta Fersini. 2021. Cross-lingual contextualized topic models with zero-shot learning. In 16th Conference of the European Chapter of the Association for Computational Linguistics. Association for Computational Linguistics."},{"key":"e_1_3_3_29_2","article-title":"Latent dirichlet allocation","volume":"14","author":"Blei David","year":"2001","unstructured":"David Blei, Andrew Ng, and Michael Jordan. 2001. Latent dirichlet allocation. In Advances in Neural Information Processing Systems, Vol. 14.","journal-title":"Advances in Neural Information Processing Systems"},{"issue":"4","key":"e_1_3_3_30_2","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1145\/2133806.2133826","article-title":"Probabilistic topic models","volume":"55","author":"Blei David M.","year":"2012","unstructured":"David M. Blei. 2012. Probabilistic topic models. Communications of ACM 55, 4 (2012), 77\u201384.","journal-title":"Communications of ACM"},{"key":"e_1_3_3_31_2","first-page":"31","volume-title":"International Conference of the German Society for Computational Linguistics and Language Technology","volume":"30","author":"Bouma Gerlof","year":"2009","unstructured":"Gerlof Bouma. 2009. Normalized (pointwise) mutual information in collocation extraction. In International Conference of the German Society for Computational Linguistics and Language Technology, Vol. 30, 31\u201340."},{"key":"e_1_3_3_32_2","first-page":"433","volume-title":"29th USENIX Security Symposium (USENIX Security \u201920)","author":"Bouwman Xander","year":"2020","unstructured":"Xander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, and Michel Van Eeten. 2020. A different cup of \\(\\{\\) TI \\(\\}\\) ? The added value of commercial threat intelligence. In 29th USENIX Security Symposium (USENIX Security \u201920), 433\u2013450."},{"key":"e_1_3_3_33_2","first-page":"1149","volume-title":"31st USENIX Security Symposium","author":"Bouwman Xander","year":"2022","unstructured":"Xander Bouwman, Victor Le Pochat, Pawel Foremski, Tom Van Goethem, Carlos H. Ga\u00f1\u00e1n, Giovane C. M. Moura, Samaneh Tajalizadehkhoob, Wouter Joosen, and Michel Van Eeten. 2022. Helping hands: Measuring the impact of a large threat intelligence sharing community. In 31st USENIX Security Symposium, 1149\u20131165."},{"key":"e_1_3_3_34_2","first-page":"1596","volume-title":"ACM Symposium on Applied Computing","author":"Braun Tobias","year":"2024","unstructured":"Tobias Braun, Irdin Pekaric, and Giovanni Apruzzese. 2024. Understanding the process of data labeling in cybersecurity. In ACM Symposium on Applied Computing, 1596\u20131605."},{"key":"e_1_3_3_35_2","volume-title":"Cyber Threat Intelligence Survey","author":"Brown Rebekah","year":"2022","unstructured":"Rebekah Brown and Pasquale Stirparo. 2022. Cyber Threat Intelligence Survey. Technical Report. SANS."},{"key":"e_1_3_3_36_2","unstructured":"Miles Brundage Shahar Avin Jack Clark Helen Toner Peter Eckersley Ben Garfinkel Allan Dafoe Paul Scharre Thomas Zeitzoff Bobby Filar et al. 2018. The malicious use of artificial intelligence: Forecasting prevention and mitigation. arXiv:1802.07228. Retrieved from https:\/\/arxiv.org\/abs\/1802.07228"},{"issue":"1","key":"e_1_3_3_37_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3617897","article-title":"Machine learning (in) security: A stream of problems","volume":"5","author":"Ceschin Fabr\u00edcio","year":"2020","unstructured":"Fabr\u00edcio Ceschin, Marcus Botacin, Albert Bifet, Bernhard Pfahringer, Luiz S. Oliveira, Heitor Murilo Gomes, and Andr\u00e9 Gr\u00e9gio. 2020. Machine learning (in) security: A stream of problems. Digital Threats: Research and Practice 5, 1 (2020), 1\u201332.","journal-title":"Digital Threats: Research and Practice"},{"key":"e_1_3_3_38_2","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1016\/j.cose.2018.03.013","article-title":"DomainChroma: Building actionable threat intelligence from malicious domain names","volume":"77","author":"Chiba Daiki","year":"2018","unstructured":"Daiki Chiba, Mitsuaki Akiyama, Takeshi Yagi, Kunio Hato, Tatsuya Mori, and Shigeki Goto. 2018. DomainChroma: Building actionable threat intelligence from malicious domain names. Computers & Security 77 (2018), 138\u2013161.","journal-title":"Computers & Security"},{"key":"e_1_3_3_39_2","first-page":"491","volume-title":"46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)","author":"Chiba Daiki","year":"2016","unstructured":"Daiki Chiba, Takeshi Yagi, Mitsuaki Akiyama, Toshiki Shibahara, Takeshi Yada, Tatsuya Mori, and Shigeki Goto. 2016. DomainProfiler: Discovering domain names abused in future. In 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 491\u2013502."},{"key":"e_1_3_3_40_2","volume-title":"Advances in Cyber Security","author":"Chimeleze Collins Uchenna","year":"2021","unstructured":"Collins Uchenna Chimeleze, Norziana Jamil, Roslan Ismail, and Kwok-Yan Lam. 2021. A Review on malware variants detection techniques for threat intelligence in resource constrained devices: existing approaches, limitations and future direction. In Advances in Cyber Security. Springer."},{"key":"e_1_3_3_41_2","first-page":"197","volume-title":"Information Security Applications","author":"Cho Geumhwan","year":"2019","unstructured":"Geumhwan Cho, Jusop Choi, Hyoungshick Kim, Sangwon Hyun, and Jungwoo Ryoo. 2019. Threat modeling and analysis of voice assistant applications. In Information Security Applications. Springer, 197\u2013209."},{"issue":"8","key":"e_1_3_3_42_2","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1016\/j.cose.2011.08.004","article-title":"The cyber threat landscape: Challenges and future research directions","volume":"30","author":"Choo Kim-Kwang Raymond","year":"2011","unstructured":"Kim-Kwang Raymond Choo. 2011. The cyber threat landscape: Challenges and future research directions. Computers & Security 30, 8 (2011), 719\u2013731.","journal-title":"Computers & Security"},{"key":"e_1_3_3_43_2","unstructured":"cti-offensiveai. 2025. cti-offensiveai: Github Repository. Retrieved from https:\/\/github.com\/jseideman\/cti_offensiveai"},{"key":"e_1_3_3_44_2","first-page":"3","volume-title":"7th IEEE International Working Conference on Source Code Analysis and Manipulation","author":"De Moor Oege","year":"2007","unstructured":"Oege De Moor, Mathieu Verbaere, Elnar Hajiyev, Pavel Avgustinov, Torbjorn Ekman, Neil Ongkingco, Damien Sereni, and Julian Tibble. 2007. Keynote address: QL for source code analysis. In 7th IEEE International Working Conference on Source Code Analysis and Manipulation. IEEE, 3\u201316."},{"key":"e_1_3_3_45_2","article-title":"Predicting cyber-events by leveraging hacker sentiment","author":"Deb Ashok","year":"2018","unstructured":"Ashok Deb, Kristina Lerman, and Emilio Ferrara. 2018. Predicting cyber-events by leveraging hacker sentiment. Information 9 (2018). Retrieved from https:\/\/www.mdpi.com\/2078-2489\/9\/11\/280","journal-title":"Information"},{"key":"e_1_3_3_46_2","unstructured":"DeepGenerator. 2017. DeepGenerator. Retrieved November 22 2023 from https:\/\/github.com\/13o-bbr-bbq\/machine_learning_security\/tree\/master\/Generator"},{"key":"e_1_3_3_47_2","doi-asserted-by":"crossref","first-page":"3648","DOI":"10.1109\/BigData.2017.8258359","volume-title":"2017 IEEE International Conference on Big Data","author":"Deliu Isuf","year":"2017","unstructured":"Isuf Deliu, Carl Leichter, and Katrin Franke. 2017. Extracting cyber threat intelligence from hacker forums: Support vector machines versus convolutional neural networks. In 2017 IEEE International Conference on Big Data. IEEE, 3648\u20133656."},{"key":"e_1_3_3_48_2","doi-asserted-by":"crossref","first-page":"5008","DOI":"10.1109\/BigData.2018.8622469","volume-title":"2018 IEEE International Conference on Big Data","author":"Deliu Isuf","year":"2018","unstructured":"Isuf Deliu, Carl Leichter, and Katrin Franke. 2018. Collecting cyber threat intelligence from hacker forums via a two-stage, hybrid process using support vector machines and latent dirichlet allocation. In 2018 IEEE International Conference on Big Data. IEEE, 5008\u20135013."},{"key":"e_1_3_3_49_2","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1162\/tacl_a_00325","article-title":"Topic modeling in embedding spaces","volume":"8","author":"Dieng Adji B.","year":"2020","unstructured":"Adji B. Dieng, Francisco J. R. Ruiz, and David Blei. 2020. Topic modeling in embedding spaces. Transactions of the Association for Computational Linguistics 8 (2020), 439\u2013453.","journal-title":"Transactions of the Association for Computational Linguistics"},{"key":"e_1_3_3_50_2","doi-asserted-by":"crossref","first-page":"102642","DOI":"10.1016\/j.ijinfomgt.2023.102642","article-title":"\u201cSo what if ChatGPT wrote it?\u201d multidisciplinary perspectives on opportunities, challenges and implications of generative conversational AI for research, practice and policy","volume":"71","author":"Dwivedi Yogesh K.","year":"2023","unstructured":"Yogesh K. Dwivedi, Nir Kshetri, Laurie Hughes, Emma Louise Slade, Anand Jeyaraj, Arpan Kumar Kar, Abdullah M. Baabdullah, Alex Koohang, Vishnupriya Raghavan, Manju Ahuja, et al. 2023. \u201cSo what if ChatGPT wrote it?\u201d multidisciplinary perspectives on opportunities, challenges and implications of generative conversational AI for research, practice and policy. International Journal of Information Management 71 (2023), 102642.","journal-title":"International Journal of Information Management"},{"key":"e_1_3_3_51_2","unstructured":"Eagle Eye. 2018. Eagle Eye. Retrieved June 10 2024 from https:\/\/github.com\/ThoughtfulDev\/EagleEye"},{"key":"e_1_3_3_52_2","first-page":"20","volume-title":"IEEE Security and Privacy Workshops","author":"Ebrahimi Mohammadreza","year":"2020","unstructured":"Mohammadreza Ebrahimi, Sagar Samtani, Yidong Chai, and Hsinchun Chen. 2020. Detecting cyber threats in non-English hacker forums: an adversarial cross-lingual knowledge transfer approach. In IEEE Security and Privacy Workshops. IEEE, 20\u201326."},{"key":"e_1_3_3_53_2","first-page":"85","volume-title":"IEEE International Conference on Intelligence and Security Informatics","author":"Ebrahimi Mohammadreza","year":"2018","unstructured":"Mohammadreza Ebrahimi, Mihai Surdeanu, Sagar Samtani, and Hsinchun Chen. 2018. Detecting cyber threats in non-English dark net markets: A cross-lingual transfer learning approach. In IEEE International Conference on Intelligence and Security Informatics. IEEE, 85\u201390."},{"key":"e_1_3_3_54_2","volume-title":"Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States","author":"Ettinger Jared","year":"2019","unstructured":"Jared Ettinger. 2019. Cyber Intelligence Tradecraft Report: The State of Cyber Intelligence Practices in the United States. Technical Report. Carnegie Mellon University: Software Engineering Institute."},{"key":"e_1_3_3_55_2","doi-asserted-by":"crossref","first-page":"48770","DOI":"10.1109\/ACCESS.2019.2910229","article-title":"Analyzing and identifying data breaches in underground forums","author":"Fang Yong","year":"2019","unstructured":"Yong Fang, Yusong Guo, Cheng Huang, and Liang Liu. 2019. Analyzing and identifying data breaches in underground forums. IEEE Access 7 (2019), 48770\u201348777.","journal-title":"IEEE Access"},{"key":"e_1_3_3_56_2","volume-title":"Non-Probability Sampling","author":"Galloway Alison","year":"2005","unstructured":"Alison Galloway. 2005. Non-Probability Sampling. Elsevier."},{"key":"e_1_3_3_57_2","volume-title":"International Conference on Management of Data","author":"Gao Peng","year":"2021","unstructured":"Peng Gao, Xiaoyuan Liu, Edward Choi, Bhavna Soman, Chinmaya Mishra, Kate Farris, and Dawn Xiaodong Song. 2021. A system for automated open-source threat intelligence gathering and management. In International Conference on Management of Data."},{"key":"e_1_3_3_58_2","volume-title":"Symposium on Electronic Crime Research","author":"Georgoulias Dimitrios","year":"2023","unstructured":"Dimitrios Georgoulias, Jens Myrup Pedersen, Alice Hutchings, Morten Falch, and Emmanouil Vasilomanolakis. 2023. In the market for a botnet? An in-depth analysis of botnet-related listings on darkweb marketplaces. In Symposium on Electronic Crime Research."},{"key":"e_1_3_3_59_2","first-page":"27","volume-title":"World Wide Web Conference","author":"Gharibshah Joobin","year":"2019","unstructured":"Joobin Gharibshah and Michalis Faloutsos. 2019. Extracting actionable information from security forums. In World Wide Web Conference, 27\u201332."},{"key":"e_1_3_3_60_2","first-page":"477","volume-title":"27th ACM Conference on Innovation and Technology in Computer Science Education","author":"Goupil Francois","year":"2022","unstructured":"Francois Goupil, Pavel Laskov, Irdin Pekaric, Michael Felderer, Alexander D\u00fcrr, and Frederic Thiesse. 2022. Towards understanding the skill gap in cybersecurity. In 27th ACM Conference on Innovation and Technology in Computer Science Education, 477\u2013483."},{"key":"e_1_3_3_61_2","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1007\/978-3-030-57878-7_14","volume-title":"Applied Cryptography and Network Security","author":"Griffioen Harm","year":"2020","unstructured":"Harm Griffioen, Tim Booij, and Christian Doerr. 2020. Quality evaluation of cyber threat intelligence feeds. In Applied Cryptography and Network Security. Springer, 277\u2013296."},{"issue":"1","key":"e_1_3_3_62_2","article-title":"The emerging threat of ai-driven cyber attacks: A review","volume":"36","author":"Guembe Blessing","year":"2022","unstructured":"Blessing Guembe, Ambrose Azeta, Sanjay Misra, Victor Chukwudi Osamor, Luis Fernandez-Sanz, and Vera Pospelova. 2022. The emerging threat of ai-driven cyber attacks: A review. Applied Artificial Intelligence 36, 1 (2022), e2037254. Retrieved from https:\/\/www.tandfonline.com\/doi\/epdf\/10.1080\/08839514.2022.2037254?needAccess=true","journal-title":"Applied Artificial Intelligence"},{"key":"e_1_3_3_63_2","volume-title":"International Conference on Learning Representations","author":"Hendrycks Dan","year":"2017","unstructured":"Dan Hendrycks and Kevin Gimpel. 2017. A baseline for detecting misclassified and out-of-distribution examples in neural networks. In International Conference on Learning Representations."},{"key":"e_1_3_3_64_2","article-title":"Replicated softmax: An undirected topic model","volume":"22","author":"Hinton Geoffrey E.","year":"2009","unstructured":"Geoffrey E. Hinton and Russ R. Salakhutdinov. 2009. Replicated softmax: An undirected topic model. In Advances in Neural Information Processing Systems (NIPS), Vol. 22.","journal-title":"In Advances in Neural Information Processing Systems (NIPS)"},{"key":"e_1_3_3_65_2","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1007\/978-3-030-21568-2_11","volume-title":"Applied Cryptography and Network Security","author":"Hitaj Briland","year":"2019","unstructured":"Briland Hitaj, Paolo Gasti, Giuseppe Ateniese, and Fernando Perez-Cruz. 2019. PassGAN: A deep learning approach for password guessing. In Applied Cryptography and Network Security. Springer, 217\u2013237."},{"key":"e_1_3_3_66_2","unstructured":"Intel 471. 2024. How Discord Is Abused for Cybercrime. Retrieved May 20 2025 from https:\/\/intel471.com\/blog\/how-discord-is-abused-for-cybercrime"},{"key":"e_1_3_3_67_2","first-page":"409","volume-title":"International Conference on Data Mining and Big Data","author":"Hu Weiwei","year":"2022","unstructured":"Weiwei Hu and Ying Tan. 2022. Generating adversarial malware examples for black-box attacks based on GAN. In International Conference on Data Mining and Big Data. Springer, 409\u2013423."},{"issue":"5","key":"e_1_3_3_68_2","article-title":"HackerRank: Identifying key hackers in underground forums","volume":"17","author":"Huang Cheng","year":"2021","unstructured":"Cheng Huang, Yongyan Guo, Wenbo Guo, and Ying Li. 2021. HackerRank: Identifying key hackers in underground forums. International Journal of Distributed Sensor Networks 17, 5 (2021), 12. Retrieved from https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/15501477211015145","journal-title":"International Journal of Distributed Sensor Networks"},{"key":"e_1_3_3_69_2","doi-asserted-by":"crossref","first-page":"3099","DOI":"10.1007\/s11280-020-00823-w","article-title":"Improving biterm topic model with word embeddings","author":"Huang Jiajia","year":"2020","unstructured":"Jiajia Huang, Min Peng, Pengwei Li, Zhiwei Hu, and Chao Xu. 2020. Improving biterm topic model with word embeddings. World Wide Web 23, 6 (2020), 3099\u20133124.","journal-title":"World Wide Web"},{"key":"e_1_3_3_70_2","article-title":"Systematically understanding the cyber attack business: A survey","author":"Huang Keman","year":"2018","unstructured":"Keman Huang, Michael Siegel, and Stuart Madnick. 2018. Systematically understanding the cyber attack business: A survey. ACM Computing Surveys (2018).","journal-title":"ACM Computing Surveys"},{"key":"e_1_3_3_71_2","volume-title":"International Conference on Availability, Reliability and Security","author":"Hus\u00e1k Martin","year":"2020","unstructured":"Martin Hus\u00e1k, Tom\u00e1\u0161 Jirs\u00edk, and Shanchieh Jay Yang. 2020. SoK: Contemporary issues and challenges to enable cyber situational awareness for network security. In International Conference on Availability, Reliability and Security."},{"key":"e_1_3_3_72_2","volume-title":"IEEE International Conference on Data Engineering","author":"Ji Zhengjie","year":"2022","unstructured":"Zhengjie Ji, Edward Choi, and Peng Gao. 2022. A knowledge base question answering system for cyber threat knowledge acquisition. In IEEE International Conference on Data Engineering. IEEE."},{"key":"e_1_3_3_73_2","article-title":"Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text","author":"Jo Hyeonseong","year":"2022","unstructured":"Hyeonseong Jo, Yongjae Lee, and Seungwon Shin. 2022. Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text. Computers & Security 10 (2022), 102763.","journal-title":"Computers & Security"},{"issue":"1","key":"e_1_3_3_74_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3372823","article-title":"The AI-based cyber threat landscape: A survey","volume":"53","author":"Kaloudi Nektaria","year":"2020","unstructured":"Nektaria Kaloudi and Jingyue Li. 2020. The AI-based cyber threat landscape: A survey. ACM Computing Surveys 53, 1 (2020), 1\u201334.","journal-title":"ACM Computing Surveys"},{"key":"e_1_3_3_75_2","first-page":"1","volume-title":"13th International Conference on Future Internet Technologies","author":"Kim Eunsoo","year":"2018","unstructured":"Eunsoo Kim, Kuyju Kim, Dongsoon Shin, Beomjin Jin, and Hyoungshick Kim. 2018. CyTIME: Cyber threat intelligence ManagEment framework for automatically generating security rules. In 13th International Conference on Future Internet Technologies, 1\u20135."},{"key":"e_1_3_3_76_2","doi-asserted-by":"crossref","first-page":"7389","DOI":"10.1109\/TIP.2020.3002345","article-title":"FoveaBox: Beyound anchor-based object detection","volume":"29","author":"Kong Tao","year":"2020","unstructured":"Tao Kong, Fuchun Sun, Huaping Liu, Yuning Jiang, Lei Li, and Jianbo Shi. 2020. FoveaBox: Beyound anchor-based object detection. IEEE Transactions on Image Processing 29 (2020), 7389\u20137398.","journal-title":"IEEE Transactions on Image Processing"},{"issue":"1","key":"e_1_3_3_77_2","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1080\/0960085X.2022.2088414","article-title":"Adopting and integrating cyber-threat intelligence in a commercial organisation","volume":"32","author":"Kotsias James","year":"2023","unstructured":"James Kotsias, Atif Ahmad, and Rens Scheepers. 2023. Adopting and integrating cyber-threat intelligence in a commercial organisation. European Journal of Information Systems 32, 1 (2023), 35\u201351.","journal-title":"European Journal of Information Systems"},{"key":"e_1_3_3_78_2","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1038\/nature14539","article-title":"Deep learning","author":"LeCun Yann","year":"2015","unstructured":"Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. Nature 521, 7553 (2015), 436\u2013444.","journal-title":"Nature"},{"key":"e_1_3_3_79_2","volume-title":"Cyber Threat Intelligence","author":"Lee Martin","year":"2023","unstructured":"Martin Lee. 2023. Cyber Threat Intelligence. John Wiley & Sons."},{"key":"e_1_3_3_80_2","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1016\/j.ijhcs.2017.03.007","article-title":"The human touch: How non-expert users perceive, interpret, and fix topic models","volume":"105","author":"Lee Tak Yeon","year":"2017","unstructured":"Tak Yeon Lee, Alison Smith, Kevin Seppi, Niklas Elmqvist, Jordan Boyd-Graber, and Leah Findlater. 2017. The human touch: How non-expert users perceive, interpret, and fix topic models. International Journal of Human-Computer Studies 105 (2017), 28\u201342.","journal-title":"International Journal of Human-Computer Studies"},{"key":"e_1_3_3_81_2","unstructured":"Valentine Legoy Marco Caselli Christin Seifert and Andreas Peter. 2020. Automated retrieval of ATT&CK tactics and techniques for cyber threat reports. arXiv:2004.14322. Retrieved from https:\/\/arxiv.org\/abs\/2004.14322"},{"issue":"2","key":"e_1_3_3_82_2","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1145\/1964897.1964917","article-title":"Topic-based social network analysis for virtual communities of interests in the dark web","volume":"12","author":"L\u2019Huillier Gaston","year":"2011","unstructured":"Gaston L\u2019Huillier, Hector Alvarez, Sebasti\u00e1n A. R\u00edos, and Felipe Aguilera. 2011. Topic-based social network analysis for virtual communities of interests in the dark web. ACM SIGKDD Explorations Newsletter 12, 2 (2011), 66\u201373.","journal-title":"ACM SIGKDD Explorations Newsletter"},{"key":"e_1_3_3_83_2","doi-asserted-by":"publisher","unstructured":"Dai Li Bolun Zhang and Yimang Zhou. 2023. Can large language models (LLM) label topics from a topic model? SocArXiv. DOI: 10.31235\/osf.io\/23x4m","DOI":"10.31235\/osf.io\/23x4m"},{"key":"e_1_3_3_84_2","first-page":"755","volume-title":"ACM Conference on Computer and Communications Security","author":"Liao Xiaojing","year":"2016","unstructured":"Xiaojing Liao, Kan Yuan, XiaoFeng Wang, Zhou Li, Luyi Xing, and Raheem Beyah. 2016. Acing the IOC game: Toward automatic discovery and analysis of open-source cyber threat intelligence. In ACM Conference on Computer and Communications Security, 755\u2013766."},{"key":"e_1_3_3_85_2","first-page":"79","volume-title":"Pacific-Asia Conference on Knowledge Discovery and Data Mining","author":"Lin Zilong","year":"2022","unstructured":"Zilong Lin, Yong Shi, and Zhi Xue. 2022. Idsgan: Generative adversarial networks for attack generation against intrusion detection. In Pacific-Asia Conference on Knowledge Discovery and Data Mining. Springer, 79\u201391."},{"key":"e_1_3_3_86_2","unstructured":"Lyrebird. 2024. Lyrebird - Descript. Retrieved June 1 2024 from https:\/\/www.descript.com\/lyrebird"},{"key":"e_1_3_3_87_2","first-page":"262","volume-title":"10th Annual Computing and Communication Workshop and Conference","author":"Marin Ericsson","year":"2020","unstructured":"Ericsson Marin, Mohammed Almukaynizi, and Paulo Shakarian. 2020. Inductive and deductive reasoning to assist in cyber-attack prediction. In 10th Annual Computing and Communication Workshop and Conference. IEEE, 262\u2013268."},{"key":"e_1_3_3_88_2","article-title":"On design and enhancement of smart grid honeypot system for practical collection of threat intelligence","author":"Mashima Daisuke","year":"2020","unstructured":"Daisuke Mashima, Derek Kok, Wei Lin, Muhammad Hazwan, and Alvin Cheng. 2020. On design and enhancement of smart grid honeypot system for practical collection of threat intelligence. In 13th USENIX Workshop on Cyber Security Experimentation and Test.","journal-title":"13th USENIX Workshop on Cyber Security Experimentation and Test"},{"key":"e_1_3_3_89_2","unstructured":"Masafumi Masuya Toshitsugu Yoneyama and Isao Takaesu. 2019. GyoiThon: Next generation penetration test tool. Retrieved May 20 2024 from https:\/\/github.com\/gyoisamurai\/GyoiThon"},{"key":"e_1_3_3_90_2","article-title":"Cybersecurity in the smart grid: Practitioners\u2019 perspective","author":"Meyer Jacqueline","year":"2022","unstructured":"Jacqueline Meyer and Giovanni Apruzzese. 2022. Cybersecurity in the smart grid: Practitioners\u2019 perspective. In Annual Industrial Control Systems Security Workshop.","journal-title":"Annual Industrial Control Systems Security Workshop"},{"key":"e_1_3_3_91_2","unstructured":"Microsoft Defender Research Team. 2021. CyberBattleSim. Retrieved April 15 2024 from https:\/\/github.com\/microsoft\/cyberbattlesim"},{"key":"e_1_3_3_92_2","article-title":"Distributed representations of words and phrases and their compositionality","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg S. Corrado, and Jeff Dean. 2013. Distributed representations of words and phrases and their compositionality. In Advances in Neural Information Processing Systems.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_3_93_2","article-title":"The threat of offensive ai to organizations","author":"Mirsky Yisroel","year":"2023","unstructured":"Yisroel Mirsky, Ambra Demontis, Jaidip Kotak, Ram Shankar, Deng Gelei, Liu Yang, Xiangyu Zhang, Maura Pintor, Wenke Lee, Yuval Elovici, et al. 2023. The threat of offensive ai to organizations. Computers & Security 124 (2023), 103006.","journal-title":"Computers & Security"},{"key":"e_1_3_3_94_2","volume-title":"International Conference on Communications in Computing","author":"Modi Ajay","year":"2016","unstructured":"Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Adam Doup\u00e9, Gail-Joon Ahn, and Paul Black. 2016. Towards automated threat intelligence fusion. In International Conference on Communications in Computing. IEEE."},{"key":"e_1_3_3_95_2","first-page":"66","volume-title":"International Conference on Cyber Security and Resilience","author":"Moreno-Vera Felipe","year":"2023","unstructured":"Felipe Moreno-Vera, Mateus Nogueira, Cain\u00e3 Figueiredo, Daniel S. Menasch\u00e9, Miguel Bicudo, Ashton Woiwood, Enrico Lovat, Anton Kocheturov, and Leandro Pfleger de Aguiar. 2023. Cream skimming the underground: Identifying relevant information points from online forums. In International Conference on Cyber Security and Resilience. IEEE, 66\u201371."},{"key":"e_1_3_3_96_2","doi-asserted-by":"crossref","first-page":"2168","DOI":"10.1145\/3520304.3533999","article-title":"CyberEvo: Evolutionary search of knowledge-based behaviors in a cyber attack campaign","author":"Moskal Stephen","year":"2022","unstructured":"Stephen Moskal, Erik Hemberg, and Una-May O\u2019. Reilly. 2022. CyberEvo: Evolutionary search of knowledge-based behaviors in a cyber attack campaign. Genetic and Evolutionary Computation Conference Companion (2022), 2168\u20132176. Retrieved from https:\/\/dl.acm.org\/doi\/10.1145\/3520304.3533999","journal-title":"Genetic and Evolutionary Computation Conference Companion"},{"key":"e_1_3_3_97_2","first-page":"71","volume-title":"ACM SIGCOMM Conference on Internet Measurement","author":"Motoyama Marti","year":"2011","unstructured":"Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, and Geoffrey M. Voelker. 2011. An analysis of underground forums. In ACM SIGCOMM Conference on Internet Measurement, 71\u201380."},{"key":"e_1_3_3_98_2","volume-title":"Symposium on Electronic Crime Research","author":"Nunes Eric","year":"2018","unstructured":"Eric Nunes, Paulo Shakarian, and Gerardo I. Simari. 2018. At-risk system identification via analysis of discussions on the darkweb. In Symposium on Electronic Crime Research. IEEE."},{"key":"e_1_3_3_99_2","unstructured":"British Society of Criminology. 2015. Statement of Ethics. Retrieved March 2 2025 from http:\/\/www.britsoccrim.org\/ethics\/"},{"key":"e_1_3_3_100_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3235409"},{"key":"e_1_3_3_101_2","unstructured":"Rebekah Overdorf Carmela Troncoso Rachel Greenstadt and Damon McCoy. 2018. Under the underground: Predicting private pnteractions in underground forums. arXiv:1805.04494. Retrieved from https:\/\/arxiv.org\/abs\/1805.04494"},{"key":"e_1_3_3_102_2","first-page":"251","volume-title":"IEEE International Conference on Dependable Systems and Networks","author":"Pagnotta Giulio","year":"2022","unstructured":"Giulio Pagnotta, Dorjan Hitaj, Fabio De Gaspari, and Luigi V. Mancini. 2022. Passflow: Guessing passwords with generative flows. In IEEE International Conference on Dependable Systems and Networks. IEEE, 251\u2013262."},{"key":"e_1_3_3_103_2","first-page":"1","volume-title":"IEEE International Conference on Software Testing, Verification and Validation Workshops","author":"Palka Sean","year":"2015","unstructured":"Sean Palka and Damon McCoy. 2015. Dynamic phishing content using generative grammars. In IEEE International Conference on Software Testing, Verification and Validation Workshops. IEEE, 1\u20138."},{"key":"e_1_3_3_104_2","first-page":"159","volume-title":"ACM Symposium on Principles of Database Systems","author":"Papadimitriou Christos H.","year":"1998","unstructured":"Christos H. Papadimitriou, Hisao Tamaki, Prabhakar Raghavan, and Santosh Vempala. 1998. Latent semantic indexing: A probabilistic analysis. In ACM Symposium on Principles of Database Systems, 159\u2013168."},{"key":"e_1_3_3_105_2","unstructured":"Paraphrase Data. 2022. Paraphrase Data. Retrieved June 2 2023 from https:\/\/www.sbert.net\/examples\/training\/paraphrases\/README.html"},{"key":"e_1_3_3_106_2","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1007\/978-3-030-00470-5_10","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Pastrana Sergio","year":"2018","unstructured":"Sergio Pastrana, Alice Hutchings, Andrew Caines, and Paula Buttery. 2018. Characterizing eve: Analysing cybercrime actors in a large underground forum. In Research in Attacks, Intrusions, and Defenses. Springer, 207\u2013227."},{"key":"e_1_3_3_107_2","volume-title":"World Wide Web Conference","author":"Pastrana Sergio","year":"2018","unstructured":"Sergio Pastrana, Daniel R. Thomas, Alice Hutchings, and Richard Clayton. 2018. CrimeBB: Enabling cybercrime research on underground forums at scale. In World Wide Web Conference."},{"key":"e_1_3_3_108_2","volume-title":"Intelligent Computing","author":"Pearce Will","year":"2020","unstructured":"Will Pearce, Nick Landers, and Nancy Fulda. 2020. Machine learning for offensive security: sandbox classification using decision trees and artificial neural networks. In Intelligent Computing. Springer."},{"key":"e_1_3_3_109_2","first-page":"93","volume-title":"IEEE European Symposium on Security and Privacy Workshops","author":"Pete Ildiko","year":"2022","unstructured":"Ildiko Pete, Jack Hughes, Andrew Caines, Anh V. Vu, Harshad Gupta, Alice Hutchings, Ross Anderson, and Paula Buttery. 2022. PostCog: A tool for interdisciplinary research into underground forums at scale. In IEEE European Symposium on Security and Privacy Workshops. IEEE, 93\u2013104."},{"key":"e_1_3_3_110_2","article-title":"Weaponizing machine learning: Humanity was overrated anyway","author":"Petro Dan","year":"2007","unstructured":"Dan Petro and Ben Morris. 2007. Weaponizing machine learning: Humanity was overrated anyway. In DEF CON.","journal-title":"DEF CON"},{"key":"e_1_3_3_111_2","unstructured":"Presidential Speeches: Downloadable Data. 2022. Presidential speeches: miller center of public affairs. Retrieved November 2 2022 from data.millercenter.org"},{"key":"e_1_3_3_112_2","volume-title":"Empirical Methods in Natural Language Processing and the International Joint Conference on Natural Language Processing","author":"Reimers Nils","year":"2019","unstructured":"Nils Reimers and Iryna Gurevych. 2019. Sentence-BERT: Sentence embeddings using siamese BERT-networks. In Empirical Methods in Natural Language Processing and the International Joint Conference on Natural Language Processing. Association for Computational Linguistics."},{"key":"e_1_3_3_113_2","article-title":"Towards interpreting topic models with ChatGPT","author":"Rijcken Emil","year":"2023","unstructured":"Emil Rijcken, Floortje Scheepers, Kalliopi Zervanou, Marco Spruit, Pablo Mosteiro, and Uzay Kaymak. 2023. Towards interpreting topic models with ChatGPT. In 20th World Congress of the International Fuzzy Systems Association (IFSA).","journal-title":"20th World Congress of the International Fuzzy Systems Association (IFSA)"},{"key":"e_1_3_3_114_2","doi-asserted-by":"publisher","unstructured":"Megan Risdal and Timo Bozsolik. 2022. Meta Kaggle. DOI: 10.34740\/KAGGLE\/DS\/9","DOI":"10.34740\/KAGGLE\/DS\/9"},{"key":"e_1_3_3_115_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-78440-3_8","article-title":"Cybersecurity as an industry: A cyber threat intelligence perspective","author":"Samtani Sagar","year":"2020","unstructured":"Sagar Samtani, Maggie Abate, Victor Benjamin, and Weifeng Li. 2020. Cybersecurity as an industry: A cyber threat intelligence perspective. In The Palgrave Handbook of International Cybercrime and Cyberdeviance.","journal-title":"The Palgrave Handbook of International Cybercrime and Cyberdeviance"},{"key":"e_1_3_3_116_2","volume-title":"IEEE Intelligence and Security Informatics","author":"Samtani Sagar","year":"2015","unstructured":"Sagar Samtani, Ryan Chinn, and Hsinchun Chen. 2015. Exploring hacker assets in underground forums. In IEEE Intelligence and Security Informatics. IEEE."},{"issue":"4","key":"e_1_3_3_117_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3450972","article-title":"Informing cyber threat intelligence through dark web situational awareness: The AZSecure hacker assets portal","volume":"2","author":"Samtani Sagar","year":"2021","unstructured":"Sagar Samtani, Weifeng Li, Victor Benjamin, and Hsinchun Chen. 2021. Informing cyber threat intelligence through dark web situational awareness: The AZSecure hacker assets portal. Digital Threats: Research and Practice 2, 4 (2021), 1\u201310.","journal-title":"Digital Threats: Research and Practice"},{"issue":"4","key":"e_1_3_3_118_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3409289","article-title":"Proactively identifying emerging hacker threats from the dark web: A diachronic graph embedding framework (d-gef)","volume":"23","author":"Samtani Sagar","year":"2020","unstructured":"Sagar Samtani, Hongyi Zhu, and Hsinchun Chen. 2020. Proactively identifying emerging hacker threats from the dark web: A diachronic graph embedding framework (d-gef). ACM Transactions on Privacy and Security 23, 4 (2020), 1\u201333.","journal-title":"ACM Transactions on Privacy and Security"},{"issue":"1","key":"e_1_3_3_119_2","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1007\/s13278-019-0603-9","article-title":"Mining user interaction patterns in the darkweb to predict enterprise cyber incidents","volume":"9","author":"Sarkar Soumajyoti","year":"2019","unstructured":"Soumajyoti Sarkar, Mohammad Almukaynizi, Jana Shakarian, and Paulo Shakarian. 2019. Mining user interaction patterns in the darkweb to predict enterprise cyber incidents. Social Network Analysis and Mining 9, 1 (2019), 57.","journal-title":"Social Network Analysis and Mining"},{"key":"e_1_3_3_120_2","article-title":"ChatGPT for digital forensic investigation: The good, the bad, and the unknown","volume":"46","author":"Scanlon Mark","year":"2023","unstructured":"Mark Scanlon, Frank Breitinger, Christopher Hargreaves, Jan-Niclas Hilgert, and John Sheppard. 2023. ChatGPT for digital forensic investigation: The good, the bad, and the unknown. Forensic Science International: Digital Investigation 46 (2023).","journal-title":"Forensic Science International: Digital Investigation"},{"key":"e_1_3_3_121_2","first-page":"1","volume-title":"11th International Conference on Cyber Conflict (CyCon)","volume":"900","author":"Sch\u00e4fer Matthias","year":"2019","unstructured":"Matthias Sch\u00e4fer, Markus Fuchs, Martin Strohmeier, Markus Engel, Marc Liechti, and Vincent Lenders. 2019. BlackWidow: Monitoring the dark web for cyber security information. In 11th International Conference on Cyber Conflict (CyCon), Vol. 900. IEEE, 1\u201321."},{"key":"e_1_3_3_122_2","first-page":"665","volume-title":"ACM Asia Conference on Computer and Communications Security (AsiaCCS)","author":"Shin Hyejin","year":"2020","unstructured":"Hyejin Shin, WooChul Shim, Jiin Moon, Jae Woo Seo, Sol Lee, and Yong Ho Hwang. 2020. Cybersecurity event detection with new and Re-emerging words. In ACM Asia Conference on Computer and Communications Security (AsiaCCS), 665\u2013678."},{"key":"e_1_3_3_123_2","unstructured":"Jeff Sims. 2023. BlackMamba: AI-synthesized polymorphic keylogger with on-the-fly program modification. Hyas Research. Retrieved from https:\/\/www.hyas.com\/hubfs\/Downloadable%20Content\/HYAS-AI-Augmented-Cyber-Attack-WP-1.1.pdf"},{"key":"e_1_3_3_124_2","unstructured":"Jeff Sims. 2023. EyeSpy proof-of-concept. Hyas Research. Retrieved from https:\/\/www.hyas.com\/blog\/eyespy-proof-of-concept"},{"key":"e_1_3_3_125_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1162\/tacl_a_00042","article-title":"Evaluating visual representations for topic understanding and their effects on manually generated topic labels","volume":"5","author":"Smith Alison","year":"2017","unstructured":"Alison Smith, Tak Yeon Lee, Forough Poursabzi-Sangdeh, Jordan Boyd-Graber, Niklas Elmqvist, and Leah Findlater. 2017. Evaluating visual representations for topic understanding and their effects on manually generated topic labels. Transactions of the Association for Computational Linguistics 5 (2017) 1\u201316.","journal-title":"Transactions of the Association for Computational Linguistics"},{"key":"e_1_3_3_126_2","volume-title":"International Conference on Learning Representations","author":"Srivastava Akash","year":"2017","unstructured":"Akash Srivastava and Charles Sutton. 2017. Autoencoding variational inference for topic models. In International Conference on Learning Representations."},{"key":"e_1_3_3_127_2","unstructured":"Stack Exchange Data. 2022. Stack Exchange Data Dump. Retrieved November 22 2022 from https:\/\/archive.org\/details\/stackexchange"},{"key":"e_1_3_3_128_2","article-title":"DeepLocker: How AI can power a stealthy new breed of malware","author":"Stoecklin Marc P.","year":"2018","unstructured":"Marc P. Stoecklin, Jiyong Jang, and Dhilung Kirat. 2018. DeepLocker: How AI can power a stealthy new breed of malware. Security Intelligence 8 (2018).","journal-title":"Security Intelligence"},{"issue":"3","key":"e_1_3_3_129_2","doi-asserted-by":"crossref","first-page":"1748","DOI":"10.1109\/COMST.2023.3273282","article-title":"Cyber threat intelligence mining for proactive cybersecurity defense: A survey and new perspectives","volume":"25","author":"Sun Nan","year":"2023","unstructured":"Nan Sun, Ming Ding, Jiaojiao Jiang, Weikang Xu, Xiaoxing Mo, Yonghang Tai Yonghang Tai, and Jun Zhang, Jun Zhang. 2023. Cyber threat intelligence mining for proactive cybersecurity defense: A survey and new perspectives. Communications Surveys & Tutorials 25, 3 (2023), 1748\u20131774.","journal-title":"Communications Surveys & Tutorials"},{"key":"e_1_3_3_130_2","first-page":"303","volume-title":"Ninth ACM Conference on Data and Application Security and Privacy (CODASPY \u201919)","author":"Sun Zhibo","year":"2019","unstructured":"Zhibo Sun, Carlos E. Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doup\u00e9, and Gail-Joon Ahn. 2019. Understanding and predicting private interactions in underground forums. In Ninth ACM Conference on Data and Application Security and Privacy (CODASPY \u201919). ACM, 303\u2013314. DOI: 10.1145\/3292006.3300036"},{"key":"e_1_3_3_131_2","volume-title":"AAAI Conference on Artificial Intelligence","volume":"32","author":"Tavabi Nazgol","year":"2018","unstructured":"Nazgol Tavabi, Palash Goyal, Mohammed Almukaynizi, Paulo Shakarian, and Kristina Lerman. 2018. Darkembed: Exploit prediction with neural language models. In AAAI Conference on Artificial Intelligence, Vol. 32."},{"key":"e_1_3_3_132_2","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1016\/j.cose.2017.09.001","article-title":"A survey on technical threat intelligence in the age of sophisticated cyber attacks","volume":"72","author":"Tounsi Wiem","year":"2018","unstructured":"Wiem Tounsi and Helmi Rais. 2018. A survey on technical threat intelligence in the age of sophisticated cyber attacks. Computers & Security 72 (2018), 212\u2013233.","journal-title":"Computers & Security"},{"key":"e_1_3_3_133_2","unstructured":"UriDeep. 2019. UriDeep. Retrieved April 20 2024 from https:\/\/github.com\/mindcrypt\/uriDeep"},{"key":"e_1_3_3_134_2","volume-title":"IEEE Intelligence and Security Informatics","author":"Vahedi Tala","year":"2021","unstructured":"Tala Vahedi, Benjamin Ampel, Sagar Samtani, and Hsinchun Chen. 2021. Identifying and categorizing malicious content on paste sites: a neural topic modeling approach. In IEEE Intelligence and Security Informatics. IEEE."},{"key":"e_1_3_3_135_2","first-page":"279","article-title":"Technical note: Q-Learning","author":"Watkins Christopher J. C. H.","year":"1992","unstructured":"Christopher J. C. H. Watkins and Peter Dayan. 1992. Technical note: Q-Learning. Machine Learning 8 (1992), 279\u2013292.","journal-title":"Machine Learning"},{"key":"e_1_3_3_136_2","volume-title":"IEEE Intelligence and Security Informatics","author":"Williams Ryan","year":"2018","unstructured":"Ryan Williams, Sagar Samtani, Mark Patton, and Hsinchun Chen. 2018. Incremental hacker forum exploit collection and classification for proactive cyber threat intelligence: An exploratory study. In IEEE Intelligence and Security Informatics. IEEE."},{"key":"e_1_3_3_137_2","first-page":"1","volume-title":"18th International Conference on Evaluation and Assessment in Software Engineering","author":"Wohlin Claes","year":"2014","unstructured":"Claes Wohlin. 2014. Guidelines for snowballing in systematic literature studies and a replication in software engineering. In 18th International Conference on Evaluation and Assessment in Software Engineering, 1\u201310."},{"key":"e_1_3_3_138_2","first-page":"100","volume-title":"Legal Knowledge and Information Systems","author":"Wu Tien-Hsuan","year":"2021","unstructured":"Tien-Hsuan Wu, Ben Kao, Felix Chan, Anne S. Y. Cheung, Michael M. K. Cheung, Guowen Yuan, and Yongxi Chen. 2021. Semantic search and summarization of judgments using topic modeling. In Legal Knowledge and Information Systems. IOS Press, 100\u2013106."},{"key":"e_1_3_3_139_2","article-title":"Weaponized AI for cyber attacks","author":"Yamin Muhammad Mudassar","year":"2021","unstructured":"Muhammad Mudassar Yamin, Mohib Ullah, Habib Ullah, and Basel Katt. 2021. Weaponized AI for cyber attacks. Journal of Information Security and Applications 57 (2021), 102722.","journal-title":"Journal of Information Security and Applications"},{"issue":"1","key":"e_1_3_3_140_2","article-title":"Lead federated neuromorphic learning for wireless edge artificial intelligence","volume":"13","author":"Yang Helin","year":"2022","unstructured":"Helin Yang, Kwok-Yan Lam, Liang Xiao, Zehui Xiong, Hao Hu, Dusit Niyato, and H. Vincent Poor. 2022. Lead federated neuromorphic learning for wireless edge artificial intelligence. Nature Communications 13, 1 (2022), 4269.","journal-title":"Nature Communications"},{"issue":"6","key":"e_1_3_3_141_2","doi-asserted-by":"crossref","first-page":"1163","DOI":"10.1109\/TDSC.2018.2858786","article-title":"A risk management approach to defending against the advanced persistent threat","volume":"17","author":"Yang Lu-Xing","year":"2018","unstructured":"Lu-Xing Yang, Pengdeng Li, Xiaofan Yang, and Yuan Yan Tang. 2018. A risk management approach to defending against the advanced persistent threat. IEEE Transactions on Dependable and Secure Computing 17, 6 (2018), 1163\u20131172.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_3_142_2","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1007\/978-3-030-41579-2_9","volume-title":"Information and Communications Security","author":"Yang Wenzhuo","year":"2020","unstructured":"Wenzhuo Yang and Kwok-Yan Lam. 2020. Automated cyber threat intelligence reports classification for early warning of cyber attacks in next generation SOC. In Information and Communications Security. Springer, 145\u2013164."},{"key":"e_1_3_3_143_2","first-page":"174","volume-title":"International Conference on Software Engineering and Data Engineering","author":"Zenebe Azene","year":"2019","unstructured":"Azene Zenebe, Mufaro Shumba, Andrei Carillo, and Sofia Cuenca. 2019. Cyber threat discovery from dark web. In International Conference on Software Engineering and Data Engineering, 174\u2013183."},{"key":"e_1_3_3_144_2","article-title":"Ex-action: Automatically extracting threat actions from cyber threat intelligence report based on multimodal learning","author":"Zhang Huixia","year":"2021","unstructured":"Huixia Zhang, Guowei Shen, Chun Guo, Yunhe Cui, and Chaohui Jiang. 2021. Ex-action: Automatically extracting threat actions from cyber threat intelligence report based on multimodal learning. Security and Communication Networks 2021, 1 (2021), 5586335.","journal-title":"Security and Communication Networks"},{"key":"e_1_3_3_145_2","first-page":"549","volume-title":"28th ACM International Conference on Information and Knowledge Management","author":"Zhang Yiming","year":"2019","unstructured":"Yiming Zhang, Yujie Fan, Yanfang Ye, Liang Zhao, and Chuan Shi. 2019. Key player identification in underground forums over attributed heterogeneous information network embedding framework. In 28th ACM International Conference on Information and Knowledge Management, 549\u2013558."},{"key":"e_1_3_3_146_2","article-title":"TIMiner: Automatically extracting and analyzing categorized cyber threat intelligence from social data","author":"Zhao Jun","year":"2020","unstructured":"Jun Zhao, Qiben Yan, Jianxin Li, Minglai Shao, Zuti He, and Bo Li. 2020. TIMiner: Automatically extracting and analyzing categorized cyber threat intelligence from social data. Computers & Security 95 (2020), 101867.","journal-title":"Computers & Security"},{"key":"e_1_3_3_147_2","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1016\/j.procs.2021.04.118","article-title":"attackGAN: Adversarial attack against black-box IDS using generative adversarial networks","volume":"187","author":"Zhao Shuang","year":"2021","unstructured":"Shuang Zhao, Jing Li, Jianmin Wang, Zhao Zhang, Lin Zhu, and Yong Zhang. 2021. attackGAN: Adversarial attack against black-box IDS using generative adversarial networks. Procedia Computer Science 187 (2021), 128\u2013133.","journal-title":"Procedia Computer Science"},{"key":"e_1_3_3_148_2","first-page":"1","article-title":"A heuristic approach to determine an appropriate number of topics in topic modeling","volume":"16","author":"Zhao Weizhong","year":"2015","unstructured":"Weizhong Zhao, James J. Chen, Roger Perkins, Zhichao Liu, Weigong Ge, Yijun Ding, and Wen Zou. 2015. A heuristic approach to determine an appropriate number of topics in topic modeling. BMC Bioinformatics 16, 1\u201310.","journal-title":"BMC Bioinformatics"},{"key":"e_1_3_3_149_2","volume-title":"European Symposium on Research in Computer Security","author":"Zhao Ziming","year":"2012","unstructured":"Ziming Zhao, Gail-Joon Ahn, Hongxin Hu, and Deepinder Mahi. 2012. SocialImpact: Systematic analysis of underground social dynamics. In European Symposium on Research in Computer Security. Springer."},{"issue":"4","key":"e_1_3_3_150_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3484202","article-title":"Threat intelligence quality dimensions for research and practice","volume":"3","author":"Zibak Adam","year":"2022","unstructured":"Adam Zibak, Clemens Sauerwein, and Andrew C. Simpson. 2022. Threat intelligence quality dimensions for research and practice. Digital Threats: Research and Practice 3, 4 (2022), 1\u201322.","journal-title":"Digital Threats: Research and Practice"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3766908","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T17:57:12Z","timestamp":1765821432000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3766908"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,15]]},"references-count":149,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,12,31]]}},"alternative-id":["10.1145\/3766908"],"URL":"https:\/\/doi.org\/10.1145\/3766908","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2025,12,15]]},"assertion":[{"value":"2025-03-17","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-07-22","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-12-15","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}