ExpSeeker: extract public exploit code information from social media

Malicious actors often utilize publicly available software vulnerabilities and exploit codes to attack vulnerable targets. Exploit codes are shared across several platforms, including exploit databases, hacker communities, and social media platforms. Public exploit code information is a type of cyber threat intelligence. It can help security experts to analyze which vulnerabilities are available for malicious actors and need to be prioritized for patching. In this paper, We propose a intelligent framework to automatically extract public exploit code information from social media. Social media sites are capable of aggregating numerous cybersecurity-related information due to their timeliness and volume. Firstly, we present a convolutional neural network classifier to identity disclose exploit codes in their content or corresponding web pages linked in tweets, which achieved 0.989 AUC and 0.939 F1-score. The model shows better prediction accuracy than the baseline approaches. Secondly, we present a Bert-BiLSTM-CRF entity recognition method to figure out the target entity which may be influenced by the exploit code. As a result, the Bert-BiLSTM-CRF model reached an F1-score of 0.959, which performed better than the 0.927 and 0.922 obtained by the same neural network using Word2vec and GloVe word embeddings respectively. Finally, the experiment results show the proposed method provide enriched supplementary information and earlier intelligence for the appearances of open exploit codes on the Internet by contrasting to the exploit database.