{"id":"https://openalex.org/W4414276977","doi":"https://doi.org/10.1145/3766908","title":"Using a Stack to Find an AI Needle: Topic Modeling for Cyber Threat Intelligence","display_name":"Using a Stack to Find an AI Needle: Topic Modeling for Cyber Threat Intelligence","publication_year":2025,"publication_date":"2025-09-17","ids":{"openalex":"https://openalex.org/W4414276977","doi":"https://doi.org/10.1145/3766908"},"language":"en","primary_location":{"id":"doi:10.1145/3766908","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3766908","pdf_url":null,"source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://doi.org/10.1145/3766908","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5114761514","display_name":"Saskia Laura Schr\u00f6er","orcid":"https://orcid.org/0000-0002-2952-5228"},"institutions":[{"id":"https://openalex.org/I184656255","display_name":"University of Liechtenstein","ror":"https://ror.org/01qjrx392","country_code":"LI","type":"education","lineage":["https://openalex.org/I184656255"]}],"countries":["LI"],"is_corresponding":true,"raw_author_name":"Saskia Laura Schr\u00f6er","raw_affiliation_strings":["Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein","Liechtenstein Business School, University of Liechtenstein, Liechtenstein"],"raw_orcid":"https://orcid.org/0000-0002-2952-5228","affiliations":[{"raw_affiliation_string":"Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]},{"raw_affiliation_string":"Liechtenstein Business School, University of Liechtenstein, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081850451","display_name":"Jeremy D. Seideman","orcid":"https://orcid.org/0009-0002-4133-0535"},"institutions":[{"id":"https://openalex.org/I121847817","display_name":"The Graduate Center, CUNY","ror":"https://ror.org/00awd9g61","country_code":"US","type":"education","lineage":["https://openalex.org/I121847817"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jeremy D. Seideman","raw_affiliation_strings":["Computer Science Department, CUNY Graduate Center, New York, New York, USA","Computer Science Department, The Graduate Center, CUNY, USA"],"raw_orcid":"https://orcid.org/0009-0002-4133-0535","affiliations":[{"raw_affiliation_string":"Computer Science Department, CUNY Graduate Center, New York, New York, USA","institution_ids":["https://openalex.org/I121847817"]},{"raw_affiliation_string":"Computer Science Department, The Graduate Center, CUNY, USA","institution_ids":["https://openalex.org/I121847817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020241433","display_name":"Shoufu Luo","orcid":"https://orcid.org/0000-0003-3488-4783"},"institutions":[{"id":"https://openalex.org/I121847817","display_name":"The Graduate Center, CUNY","ror":"https://ror.org/00awd9g61","country_code":"US","type":"education","lineage":["https://openalex.org/I121847817"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shoufu Luo","raw_affiliation_strings":["Computer Science Department, CUNY Graduate Center, New York, New York, USA","Computer Science Department, The Graduate Center, CUNY, USA"],"raw_orcid":"https://orcid.org/0000-0003-3488-4783","affiliations":[{"raw_affiliation_string":"Computer Science Department, CUNY Graduate Center, New York, New York, USA","institution_ids":["https://openalex.org/I121847817"]},{"raw_affiliation_string":"Computer Science Department, The Graduate Center, CUNY, USA","institution_ids":["https://openalex.org/I121847817"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084036967","display_name":"Giovanni Apruzzese","orcid":"https://orcid.org/0000-0002-6890-9611"},"institutions":[{"id":"https://openalex.org/I184656255","display_name":"University of Liechtenstein","ror":"https://ror.org/01qjrx392","country_code":"LI","type":"education","lineage":["https://openalex.org/I184656255"]}],"countries":["LI"],"is_corresponding":false,"raw_author_name":"Giovanni Apruzzese","raw_affiliation_strings":["Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein","Liechtenstein Business School, University of Liechtenstein, Liechtenstein"],"raw_orcid":"https://orcid.org/0000-0002-6890-9611","affiliations":[{"raw_affiliation_string":"Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]},{"raw_affiliation_string":"Liechtenstein Business School, University of Liechtenstein, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112273201","display_name":"Sven Dietrich","orcid":null},"institutions":[{"id":"https://openalex.org/I121847817","display_name":"The Graduate Center, CUNY","ror":"https://ror.org/00awd9g61","country_code":"US","type":"education","lineage":["https://openalex.org/I121847817"]},{"id":"https://openalex.org/I39694355","display_name":"Hunter College","ror":"https://ror.org/00g2xk477","country_code":"US","type":"education","lineage":["https://openalex.org/I39694355"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sven Dietrich","raw_affiliation_strings":["Computer Science Department, Hunter College, New York, New York, USA and Computer Science Department, CUNY Graduate Center, New York, New York, USA","Computer Science Department, Hunter College &amp; The Graduate Center, CUNY, USA"],"raw_orcid":"https://orcid.org/0009-0005-8326-9930","affiliations":[{"raw_affiliation_string":"Computer Science Department, Hunter College, New York, New York, USA and Computer Science Department, CUNY Graduate Center, New York, New York, USA","institution_ids":["https://openalex.org/I39694355","https://openalex.org/I121847817"]},{"raw_affiliation_string":"Computer Science Department, Hunter College &amp; The Graduate Center, CUNY, USA","institution_ids":["https://openalex.org/I39694355","https://openalex.org/I121847817"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089735573","display_name":"Pavel Laskov","orcid":"https://orcid.org/0000-0002-3212-7167"},"institutions":[{"id":"https://openalex.org/I184656255","display_name":"University of Liechtenstein","ror":"https://ror.org/01qjrx392","country_code":"LI","type":"education","lineage":["https://openalex.org/I184656255"]}],"countries":["LI"],"is_corresponding":false,"raw_author_name":"Pavel Laskov","raw_affiliation_strings":["Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein","Liechtenstein Business School, University of Liechtenstein, Liechtenstein"],"raw_orcid":"https://orcid.org/0000-0002-3212-7167","affiliations":[{"raw_affiliation_string":"Liechtenstein Business School, University of Liechtenstein, Vaduz, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]},{"raw_affiliation_string":"Liechtenstein Business School, University of Liechtenstein, Liechtenstein","institution_ids":["https://openalex.org/I184656255"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5114761514"],"corresponding_institution_ids":["https://openalex.org/I184656255"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33754242,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"6","issue":"4","first_page":"1","last_page":"40"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T13910","display_name":"Computational and Text Analysis Methods","score":0.982200026512146,"subfield":{"id":"https://openalex.org/subfields/3300","display_name":"General Social Sciences"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T13910","display_name":"Computational and Text Analysis Methods","score":0.982200026512146,"subfield":{"id":"https://openalex.org/subfields/3300","display_name":"General Social Sciences"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9749000072479248,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10994","display_name":"Terrorism, Counterterrorism, and Political Violence","score":0.9437000155448914,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/relevance","display_name":"Relevance (law)","score":0.7505999803543091},{"id":"https://openalex.org/keywords/topic-model","display_name":"Topic model","score":0.46950000524520874},{"id":"https://openalex.org/keywords/intelligence-analysis","display_name":"Intelligence analysis","score":0.37630000710487366},{"id":"https://openalex.org/keywords/expert-opinion","display_name":"Expert opinion","score":0.3400999903678894},{"id":"https://openalex.org/keywords/open-research","display_name":"Open research","score":0.32989999651908875},{"id":"https://openalex.org/keywords/applications-of-artificial-intelligence","display_name":"Applications of artificial intelligence","score":0.32600000500679016},{"id":"https://openalex.org/keywords/big-data","display_name":"Big data","score":0.30649998784065247}],"concepts":[{"id":"https://openalex.org/C158154518","wikidata":"https://www.wikidata.org/wiki/Q7310970","display_name":"Relevance (law)","level":2,"score":0.7505999803543091},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.699999988079071},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.6069999933242798},{"id":"https://openalex.org/C171686336","wikidata":"https://www.wikidata.org/wiki/Q3532085","display_name":"Topic model","level":2,"score":0.46950000524520874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3783000111579895},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.37630000710487366},{"id":"https://openalex.org/C3020580240","wikidata":"https://www.wikidata.org/wiki/Q663272","display_name":"Expert opinion","level":2,"score":0.3400999903678894},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.32989999651908875},{"id":"https://openalex.org/C157170001","wikidata":"https://www.wikidata.org/wiki/Q4781507","display_name":"Applications of artificial intelligence","level":2,"score":0.32600000500679016},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.30820000171661377},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.30649998784065247},{"id":"https://openalex.org/C2767350","wikidata":"https://www.wikidata.org/wiki/Q6662173","display_name":"Business intelligence","level":2,"score":0.2757999897003174},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.27300000190734863},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.27250000834465027},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.2639000117778778},{"id":"https://openalex.org/C2781083858","wikidata":"https://www.wikidata.org/wiki/Q17327049","display_name":"Scientific literature","level":2,"score":0.2542000114917755},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.2538999915122986},{"id":"https://openalex.org/C105409693","wikidata":"https://www.wikidata.org/wiki/Q5937824","display_name":"Human intelligence","level":2,"score":0.25220000743865967}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3766908","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3766908","pdf_url":null,"source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3766908","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3766908","pdf_url":null,"source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W40716904","https://openalex.org/W618024573","https://openalex.org/W1674074141","https://openalex.org/W1984487609","https://openalex.org/W2174706414","https://openalex.org/W2483639310","https://openalex.org/W2585401086","https://openalex.org/W2595494611","https://openalex.org/W2736010381","https://openalex.org/W2760313715","https://openalex.org/W2768247965","https://openalex.org/W2795481720","https://openalex.org/W2883847230","https://openalex.org/W2907165009","https://openalex.org/W2934198733","https://openalex.org/W2940555334","https://openalex.org/W2944885779","https://openalex.org/W2978837948","https://openalex.org/W2982205235","https://openalex.org/W3004908285","https://openalex.org/W3045464143","https://openalex.org/W3086302916","https://openalex.org/W3097652319","https://openalex.org/W3121480663","https://openalex.org/W3162913697","https://openalex.org/W3171785101","https://openalex.org/W3186276894","https://openalex.org/W3196996542","https://openalex.org/W3206777893","https://openalex.org/W3215448314","https://openalex.org/W4230686833","https://openalex.org/W4232293864","https://openalex.org/W4283313119","https://openalex.org/W4285018249","https://openalex.org/W4300829337","https://openalex.org/W4313855630","https://openalex.org/W4385074759","https://openalex.org/W4385973016","https://openalex.org/W4401426188","https://openalex.org/W4407147061","https://openalex.org/W4409092974","https://openalex.org/W4411506875","https://openalex.org/W4413298488","https://openalex.org/W6927783942"],"related_works":[],"abstract_inverted_index":{"Cyber":[0],"Threat":[1],"Intelligence":[2],"(CTI)":[3],"is":[4,38],"a":[5,71,167],"fundamental":[6],"activity":[7],"to":[8,27,60,79,101,187,199],"ensure":[9],"the":[10,30,36,49,62,108,120,131,153,177,190],"protection":[11],"of":[12,21,33,127,179,192],"modern":[13],"organizations":[14],"against":[15],"sophisticated":[16,154],"cyberattackers.":[17],"A":[18],"large":[19],"body":[20],"literature":[22],"has":[23],"addressed":[24],"problems":[25],"related":[26],"CTI.":[28],"Despite":[29],"scientific":[31],"validity":[32],"such":[34],"results,":[35],"reality":[37],"that":[39,76,145],"CTI":[40,45,67,84,174,193],"practitioners":[41],"rarely":[42],"deploy":[43],"advanced":[44],"methods":[46],"proposed":[47],"by":[48,69,166],"research":[50,109,159],"community":[51],"and":[52],"mostly":[53],"rely":[54],"on":[55],"manual":[56,63],"processes.":[57],"We":[58,87,133],"seek":[59],"facilitate":[61],"analyses":[64],"typical":[65],"for":[66,116,189],"practice":[68],"proposing":[70],"novel":[72],"topic":[73],"modeling":[74],"technique":[75],"enables":[77],"analysts":[78],"identify":[80],"specific":[81],"topics":[82],"in":[83,158,196],"data":[85],"sources.":[86],"demonstrate":[88],"how":[89],"our":[90,180],"method,":[91],"released":[92],"as":[93],"an":[94],"open":[95],"source":[96],"tool,":[97],"can":[98],"be":[99],"used":[100],"investigate":[102],"three":[103],"case":[104],"studies":[105],"revolving":[106],"around":[107],"question":[110],"whether":[111],"attackers":[112,146],"are":[113,163],"deploying":[114],"AI":[115,128,150,155],"malicious":[117],"purposes":[118],"\u201cin":[119],"wild,\u201d":[121],"and,":[122],"if":[123],"so,":[124],"what":[125],"features":[126],"interest":[129],"them":[130],"most.":[132],"analyzed":[134],"7":[135],"million":[136],"discussions":[137],"from":[138],"18":[139],"underground":[140],"forums.":[141],"Our":[142,161],"findings":[143],"reveal":[144],"may":[147],"favor":[148],"easy-to-use":[149],"toolkits":[151],"over":[152],"techniques":[156],"envisioned":[157],"papers.":[160],"contributions":[162],"further":[164],"validated":[165],"user":[168],"study":[169],"(N":[170],"=":[171],"24)":[172],"with":[173],"experts,":[175],"confirming":[176],"relevance":[178],"research.":[181],"Ultimately,":[182],"we":[183],"advocate":[184],"future":[185],"endeavors":[186],"account":[188],"opinion":[191],"practitioners\u2014who":[194],"should,":[195],"turn,":[197],"try":[198],"cooperate.":[200]},"counts_by_year":[],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}