DiSIEM competitions on Machine Learning for Cybersecurity Threat Awareness
The main goal of cybersecurity threat awareness tools is to provide security analysts with timely information about security threats to the IT infrastructures under their responsibility. This translates into two important objectives:
- Maximize the amount of relevant information presented
to the analyst;
- Minimize the amount of irrelevant information presented
to the analyst.
The DiSIEM project explores the possibility of using Open Source INTelligence (OSINT) information to fulfil these objectives. For that purpose, we are continuously collecting tweets concerning the security of three case-study IT infrastructures specified by three industrial partners of the project. Although there are many sources of OSINT, including security-related ones, Twitter was used for two main reasons. First, Twitter is well-recognized as an important information hub for short notices (almost in real-time) about cutting edge information on events regarding many subjects. These include cybersecurity-related events as demonstrated by the highly-active accounts of most security feeds and researchers, where they tweet security-related news. Second, since a tweet is limited to 280 characters (mostly 40–60 words), these messages are simple to process automatically.
In this context two competitions have been organized: