Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CANAL -- Cyber Activity News Alerting Language Model: Empirical Approach vs. Expensive LLM

Urjitkumar Patel, Fang-Chun Yeh, Chinmay Gondhalekar

TL;DR

This work addresses the need for timely, cost-effective cyber threat alerting from online news. It introduces CANAL, a fine-tuned BERT model, coupled with a silver-labeling scheme via Random Forest and an Emerging Cyber Signal Discovery module, to classify news into five cyber-relevant categories with high accuracy at low cost. The study benchmarks CANAL against GPT-4, Llama 2, and Zephyr, showing that CANAL consistently outperforms these large models on key categories while dramatically reducing inference costs. The integrated Cyber Signal Discovery and entity-relevance components further enhance the system's ability to detect emerging threats and construct entity-centric cyber risk profiles, offering a practical solution for businesses seeking agile cyber intelligence.

Abstract

In today's digital landscape, where cyber attacks have become the norm, the detection of cyber attacks and threats is critically imperative across diverse domains. Our research presents a new empirical framework for cyber threat modeling, adept at parsing and categorizing cyber-related information from news articles, enhancing real-time vigilance for market stakeholders. At the core of this framework is a fine-tuned BERT model, which we call CANAL - Cyber Activity News Alerting Language Model, tailored for cyber categorization using a novel silver labeling approach powered by Random Forest. We benchmark CANAL against larger, costlier LLMs, including GPT-4, LLaMA, and Zephyr, highlighting their zero to few-shot learning in cyber news classification. CANAL demonstrates superior performance by outperforming all other LLM counterparts in both accuracy and cost-effectiveness. Furthermore, we introduce the Cyber Signal Discovery module, a strategic component designed to efficiently detect emerging cyber signals from news articles. Collectively, CANAL and Cyber Signal Discovery module equip our framework to provide a robust and cost-effective solution for businesses that require agile responses to cyber intelligence.

CANAL -- Cyber Activity News Alerting Language Model: Empirical Approach vs. Expensive LLM

TL;DR

This work addresses the need for timely, cost-effective cyber threat alerting from online news. It introduces CANAL, a fine-tuned BERT model, coupled with a silver-labeling scheme via Random Forest and an Emerging Cyber Signal Discovery module, to classify news into five cyber-relevant categories with high accuracy at low cost. The study benchmarks CANAL against GPT-4, Llama 2, and Zephyr, showing that CANAL consistently outperforms these large models on key categories while dramatically reducing inference costs. The integrated Cyber Signal Discovery and entity-relevance components further enhance the system's ability to detect emerging threats and construct entity-centric cyber risk profiles, offering a practical solution for businesses seeking agile cyber intelligence.

Abstract

In today's digital landscape, where cyber attacks have become the norm, the detection of cyber attacks and threats is critically imperative across diverse domains. Our research presents a new empirical framework for cyber threat modeling, adept at parsing and categorizing cyber-related information from news articles, enhancing real-time vigilance for market stakeholders. At the core of this framework is a fine-tuned BERT model, which we call CANAL - Cyber Activity News Alerting Language Model, tailored for cyber categorization using a novel silver labeling approach powered by Random Forest. We benchmark CANAL against larger, costlier LLMs, including GPT-4, LLaMA, and Zephyr, highlighting their zero to few-shot learning in cyber news classification. CANAL demonstrates superior performance by outperforming all other LLM counterparts in both accuracy and cost-effectiveness. Furthermore, we introduce the Cyber Signal Discovery module, a strategic component designed to efficiently detect emerging cyber signals from news articles. Collectively, CANAL and Cyber Signal Discovery module equip our framework to provide a robust and cost-effective solution for businesses that require agile responses to cyber intelligence.
Paper Structure (37 sections, 17 equations, 11 figures, 7 tables)

This paper contains 37 sections, 17 equations, 11 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Literature Review
  3. Background And Theory
  4. Problem Statement
  5. Data
  6. Theoretical Framework
  7. Methodology
  8. Emerging Cyber Signal Discovery Module
  9. Random Forest Silver Labeling
  10. CANAL
  11. Parameter-Efficient Fine-Tuning (PEFT)
  12. PEFT with LoRA
  13. Generative Models
  14. GPT-4
  15. Llama 2 Chat (Unquantized)
  16. ...and 22 more sections

Figures (11)

  • Figure 1: An illustration of Emerging Cyber Signal Discovery Module
  • Figure 2: An illustration with Ransomware Feed Term
  • Figure 3: Illustration of CANAL with BERT Fine Tuning on cyber classification task.
  • Figure 4: An illustration of LoRA from an original paper hu2021lora
  • Figure 5: Illustration of training and validation Cross-Entropy loss over 10 epochs
  • ...and 6 more figures