Multi-labeling with topic models for searching security information

Security information such as threat information and vulnerability information are utilized to analyze cyberattacks. If specific keywords such as the name of malware related to the event to be analyzed are known in advance, it is possible to obtain information using typical search engines. However, when a security operator cannot recall appropriate keywords related to the event to be analyzed, or when a commonly recognized identifier does not exist, a general search engine cannot be expected to produce useful results. In this paper, we propose a method using topic models and outlier detection to generate multi-labels for search, with the goal of constructing a search engine that can present relevant security information even in such situations. In addition, this paper discusses the application of the proposed method to 2386 security reports issued from 2017 to 2019 to demonstrate that the labeling can be focused on specific topics.