{"id":"https://openalex.org/W4402957780","doi":"https://doi.org/10.1145/3678890.3678930","title":"You Might Have Known It Earlier: Analyzing the Role of Underground Forums in Threat Intelligence","display_name":"You Might Have Known It Earlier: Analyzing the Role of Underground Forums in Threat Intelligence","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402957780","doi":"https://doi.org/10.1145/3678890.3678930"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678930","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678930","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678890.3678930","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092218076","display_name":"Tommaso Paladini","orcid":"https://orcid.org/0000-0003-2570-1957"},"institutions":[{"id":"https://openalex.org/I93860229","display_name":"Politecnico di Milano","ror":"https://ror.org/01nffqt88","country_code":"IT","type":"education","lineage":["https://openalex.org/I93860229"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Tommaso Paladini","raw_affiliation_strings":["Politecnico di Milano, Italy"],"raw_orcid":"https://orcid.org/0000-0003-2570-1957","affiliations":[{"raw_affiliation_string":"Politecnico di Milano, Italy","institution_ids":["https://openalex.org/I93860229"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107555466","display_name":"Lara Ferro","orcid":"https://orcid.org/0009-0008-7170-7595"},"institutions":[{"id":"https://openalex.org/I93860229","display_name":"Politecnico di Milano","ror":"https://ror.org/01nffqt88","country_code":"IT","type":"education","lineage":["https://openalex.org/I93860229"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Lara Ferro","raw_affiliation_strings":["Politecnico di Milano, Italy"],"raw_orcid":"https://orcid.org/0009-0008-7170-7595","affiliations":[{"raw_affiliation_string":"Politecnico di Milano, Italy","institution_ids":["https://openalex.org/I93860229"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054840981","display_name":"Mario Polino","orcid":"https://orcid.org/0000-0002-0925-2306"},"institutions":[{"id":"https://openalex.org/I93860229","display_name":"Politecnico di Milano","ror":"https://ror.org/01nffqt88","country_code":"IT","type":"education","lineage":["https://openalex.org/I93860229"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Mario Polino","raw_affiliation_strings":["Politecnico di Milano, Italy"],"raw_orcid":"https://orcid.org/0000-0002-0925-2306","affiliations":[{"raw_affiliation_string":"Politecnico di Milano, Italy","institution_ids":["https://openalex.org/I93860229"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046604572","display_name":"Stefano Zanero","orcid":"https://orcid.org/0000-0003-4710-5283"},"institutions":[{"id":"https://openalex.org/I93860229","display_name":"Politecnico di Milano","ror":"https://ror.org/01nffqt88","country_code":"IT","type":"education","lineage":["https://openalex.org/I93860229"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Stefano Zanero","raw_affiliation_strings":["Politecnico di Milano, Italy"],"raw_orcid":"https://orcid.org/0000-0003-4710-5283","affiliations":[{"raw_affiliation_string":"Politecnico di Milano, Italy","institution_ids":["https://openalex.org/I93860229"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048211949","display_name":"Michele Carminati","orcid":"https://orcid.org/0000-0001-8284-6074"},"institutions":[{"id":"https://openalex.org/I93860229","display_name":"Politecnico di Milano","ror":"https://ror.org/01nffqt88","country_code":"IT","type":"education","lineage":["https://openalex.org/I93860229"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Michele Carminati","raw_affiliation_strings":["Politecnico di Milano, Italy"],"raw_orcid":"https://orcid.org/0000-0001-8284-6074","affiliations":[{"raw_affiliation_string":"Politecnico di Milano, Italy","institution_ids":["https://openalex.org/I93860229"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5092218076"],"corresponding_institution_ids":["https://openalex.org/I93860229"],"apc_list":null,"apc_paid":null,"fwci":5.222,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.95750817,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"368","last_page":"383"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12572","display_name":"Intelligence, Security, War Strategy","score":0.9883000254631042,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9848999977111816,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5115893483161926},{"id":"https://openalex.org/keywords/intelligence-analysis","display_name":"Intelligence analysis","score":0.4794386923313141},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3659980297088623},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.3586989641189575}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5115893483161926},{"id":"https://openalex.org/C517642484","wikidata":"https://www.wikidata.org/wiki/Q2388514","display_name":"Intelligence analysis","level":2,"score":0.4794386923313141},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3659980297088623},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3586989641189575}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3678890.3678930","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678930","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:re.public.polimi.it:11311/1272603","is_oa":false,"landing_page_url":"https://hdl.handle.net/11311/1272603","pdf_url":null,"source":{"id":"https://openalex.org/S4306400312","display_name":"Virtual Community of Pathological Anatomy (University of Castilla La Mancha)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79189158","host_organization_name":"University of Castilla-La Mancha","host_organization_lineage":["https://openalex.org/I79189158"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"doi:10.1145/3678890.3678930","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678930","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W1982982698","https://openalex.org/W2252849902","https://openalex.org/W2554200766","https://openalex.org/W2744049423","https://openalex.org/W2784295274","https://openalex.org/W2798110387","https://openalex.org/W2799224341","https://openalex.org/W2837911466","https://openalex.org/W2891270452","https://openalex.org/W2968538311","https://openalex.org/W2978864691","https://openalex.org/W3011594683","https://openalex.org/W3082048389","https://openalex.org/W3088962608","https://openalex.org/W3093511169","https://openalex.org/W3094491574","https://openalex.org/W3100667263","https://openalex.org/W3113358185","https://openalex.org/W3139456136","https://openalex.org/W3146331832","https://openalex.org/W3195567830","https://openalex.org/W3198127954","https://openalex.org/W3199212845","https://openalex.org/W3211888892","https://openalex.org/W3214329506","https://openalex.org/W4281381644","https://openalex.org/W4281478262","https://openalex.org/W4320024310","https://openalex.org/W4385570822"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"This":[0,88,138,208],"paper":[1],"analyzes":[2],"88":[3],"million":[4],"hacker":[5,25,70,191],"forum":[6,51,116],"posts":[7,52],"of":[8,24,59,79,86,92,98,135,166,190,200],"a":[9,18,28,36,108],"publicly":[10],"available":[11],"dataset":[12],"and":[13,53,55,148,175,197],"75,000":[14],"online":[15],"articles":[16],"over":[17,61,77],"20-year":[19],"timespan,":[20],"studying":[21],"the":[22,80,90,133,141,163,188,198,211],"potential":[23,205],"forums":[26,71,192],"as":[27,95,159,161,193],"proactive":[29],"Cyber":[30],"Threat":[31],"Intelligence":[32],"(CTI)":[33],"source.":[34],"Using":[35],"custom":[37],"Natural":[38],"Language":[39],"Processing":[40],"pipeline":[41],"with":[42],"fine-tuned":[43],"BERT-based":[44],"models,":[45],"we":[46],"extract":[47],"named":[48],"entities":[49,82],"from":[50],"reports":[54,75],"cross-reference":[56],"their":[57],"date":[58],"occurrence":[60],"different":[62],"periods.":[63],"Our":[64,185],"analysis":[65,104],"reveals":[66],"that":[67,106,140,214],"discussions":[68,117],"on":[69,217],"precede":[72],"official":[73],"security":[74],"for":[76,204],"60%":[78],"identified":[81],"in":[83,124,162,178,182],"20":[84],"years":[85],"data.":[87],"highlights":[89],"relevance":[91],"these":[93],"platforms":[94,151],"early":[96,194],"indicators":[97,196],"cyber":[99],"threats.":[100],"However,":[101],"our":[102],"longitudinal":[103],"shows":[105],"such":[107],"trend":[109],"has":[110],"been":[111],"constantly":[112],"decreasing":[113],"since":[114],"2012:":[115],"no":[118],"longer":[119],"consistently":[120],"anticipate":[121],"threats":[122],"discussed":[123],"cybersecurity":[125,219],"reports,":[126],"possibly":[127],"due":[128],"to":[129],"increased":[130],"scrutiny":[131],"or":[132],"emergence":[134],"alternative":[136],"channels.":[137],"suggests":[139],"CTI":[142],"community":[143],"should":[144],"adapt":[145],"by":[146],"identifying":[147],"monitoring":[149,202],"new":[150],"where":[152],"threat":[153,195],"actors":[154],"congregate.":[155],"Despite":[156],"not":[157],"being":[158],"thriving":[160],"first":[164],"decade":[165],"2000,":[167],"underground":[168],"communities":[169],"are":[170],"still":[171],"releasing":[172],"novel":[173],"malware":[174,180],"showing":[176],"interest":[177],"discussing":[179],"employed":[181],"real":[183],"cyberattacks.":[184],"results":[186],"highlight":[187],"value":[189],"importance":[199],"proactively":[201],"them":[203],"cyberattack":[206],"detection.":[207],"approach":[209],"addresses":[210],"research":[212],"gap":[213],"predominantly":[215],"focuses":[216],"traditional":[218],"reports.":[220]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":2}],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}