Time-relevant and accurate threat information from public domains are essential for cyber security. In a constantly evolving threat landscape, such information assists security researchers in thwarting attack strategies. In this work, we collect and analyze threat-related information from Twitter to extract intelligence for proactive security. We first use a convolutional neural network to classify the tweets as containing or not valuable threat indicators. In particular, to gather threat intelligence from social media, the proposed approach collects pertinent Indicators of Compromise (IoCs) from tweets, such as IP addresses, URLs, File hashes, domain addresses, and CVE IDs. Then, we analyze the IoCs to confirm whether they are reliable and valuable for threat intelligence using performance indicators, such as correctness, timeliness, and overlap. We also evaluate how fast Twitter shares IoCs compared to existing threat intelligence services. Furthermore, through machine learning models, we classify Twitter accounts as either automated or human-operated and delve into the role of bot accounts in disseminating cyber threat information on social media. Our results demonstrate that Twitter is growing into a powerful platform for gathering precise and pertinent malware IoCs and a reliable source for mining threat intelligence.

翻译：来自公共领域的时效性及准确威胁信息对于网络安全至关重要。在持续演变的威胁环境中，此类信息可协助安全研究人员挫败攻击策略。本研究通过收集并分析推特中的威胁相关信息，提取用于主动防御的情报。首先，采用卷积神经网络对推文进行分类，判断其是否包含有价值的威胁指标。具体而言，为从社交媒体收集威胁情报，该方法从推文中提取相关攻陷指标（IoC），包括IP地址、URL、文件哈希值、域名地址及CVE编号。随后，基于正确性、时效性与重叠率等性能指标，分析IoC是否可靠且具有威胁情报价值。同时评估推特相较于现有威胁情报服务分享IoC的速度。此外，通过机器学习模型将推特账户分类为自动化机器人或人类操作，深入探究机器人账户在社交媒体上传播网络威胁信息的作用。研究结果表明，推特正发展成为收集精准且相关恶意软件IoC的强大平台，也是挖掘威胁情报的可靠来源。