TOOLS FOR IDENTIFYING INFORMATION SECURITY VULNERABILITIES BASED ON DATA FROM INTERNET RESOURCES

As cyber threats become more complex, traditional vulnerability detection methods lose their effectiveness. The purpose of this work is to develop and test an approach to identifying vulnerabilities based on the analysis of data from thematic Internet resources: forums, blogs and social networks. These sources contain a large amount of unstructured information, which requires the use of data mining methods. The work uses the integration of modern technologies: the pre-trained SecBERT language model (Security Bidirectional Encoder Representations from Transformers), designed for cybersecurity tasks, and the adaptive neuro-fuzzy inference system DENFIS (Dynamic Evolving Neural-Fuzzy Inference System). The proposed system allows you to filter irrelevant messages, highlight indicators of compromise and potential threats. The use of fuzzy logic makes it possible to efficiently process vague and incomplete information. Experiments confirmed high classification accuracy and stable fuzzy clustering performance (FPC = 0.93; PE = 0.28; XB = 0.042). The system demonstrated the ability to promptly detect signs of cyber threats and has scalability potential for monitoring and attack prediction tasks. The results indicate its potential in increasing the speed of response to cyber threats and strengthening the protection of information systems.

1. Sommer, R., and Paxson, V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. Proceedings of the IEEE Symposium on Security and Privacy, 305–316 (2010). https://doi.org/10.1109/SP.2010.25.

2. Bilge, L., and Dumitras, T. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. Proceedings of the ACM Conference on Computer and Communications Security (CCS), 83–94 (2012). https://doi.org/10.1145/2382196.2382284.

3. National Institute of Standards and Technology (NIST). National Vulnerability Database (NVD) (2010). https://nvd.nist.gov/.

4. Zhao, X., Wang, X., and Li, X. Vulnerability Disclosure and Information Verification Delays in Cybersecurity. Journal of Cybersecurity Research, 3 (2), 45–60 (2015).

5. Wang, W., and Lu, Y. Mining Cyber Threat Intelligence from the Dark Web. IEEE Transactions on Information Forensics and Security, 13 (2), 275–286 (2018). https://doi.org/10.1109/TIFS.2017.2761918.

6. O’Connor, N., and Torabi, A. Cyber Threat Intelligence: An Introduction. IEEE Security & Privacy, 13 (3), 19–27 (2015).

7. Cadar, C., Dunbar, D., and Engler, D. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 209–224 (2008).

8. Yadav, S., Sharma, A., and Gupta, M. Indicators of Compromise Analysis Using Threat Intelligence Platforms. Journal of Cybersecurity, 5 (4), 210–223 (2019). https://doi.org/10.5555/1855741.1855756.

9. Devlin, J., Chang, M.W., Lee, K., and Toutanova, K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. Proceedings of NAACL HLT, 4171–4186 (2019). https://doi.org/10.18653/v1/N19-1423.

10. Aghaei, E., Jain, S., Arun, P., and Sambamoorthy, A. SecureBERT 2.0: Advanced Language Model for Cybersecurity Intelligence. Cisco AI, San Jose, CA, USA (2025). {eaghaei, sjain2, parun, asambamo}@ cisco.com.

11. Jin, Y., Jang, E., Cui, J., Chung, J.-W., Lee, Y., and Shin, S. DarkBERT: A Language Model for the Dark Side of the Internet. KAIST, Daejeon, South Korea; S2W Inc., Seongnam, South Korea (2023). {ijinjin, claude}@kaist.ac.kr; {genesith, geeoon19, jwchung, lee}@s2w.inc. https://aclanthology.org/2023.acl-long.415.pdf.

12. Güven, M. A Comprehensive Review of Large Language Models in Cyber Security. International Journal of Computational and Experimental Science and Engineering, 10 (3), 507–516 (2024). https://doi.org/10.22399/ijcesen.469.

13. Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L., and Polosukhin, I. Attention Is All You Need. Advances in Neural Information Processing Systems (NeurIPS), 5998–6008 (2017). https://doi.org/10.48550/arXiv.1706.03762.

14. Jang, J.S.R. ANFIS: Adaptive-Network-Based Fuzzy Inference System. IEEE Transactions on Systems, Man, and Cybernetics, 23 (3), 665–685 (1993). https://doi.org/10.1109/21.256541.

15. Kasabov, N., and Song, Q. DENFIS: Dynamic Evolving Neural-Fuzzy Inference System and Its Application for Time-Series Prediction. IEEE Transactions on Fuzzy Systems, 10 (2), 144–154 (2002). https://doi.org/10.1109/91.995117.

16. Poletaev, V.S. Informatsionno-analiticheskaya sistema prognozirovaniya ugroz i uyazvimostey informatsionnoy bezopasnosti na osnove analiza dannykh tematicheskikh internet-resursov [InformationAnalytical System for Predicting Cybersecurity Threats and Vulnerabilities Based on Analysis of Thematic Internet Resources] (Ulyanovsk: UlSU, 2024), 172 p. (in Russian)