Discerning cyber threatening incidents from ordinary events using sentiment analysis and logistic regression.

Many organizations allow incident reports from the general public. Some of these reports may contain information about threatening incidents, while others may describe ordinary events. Incident classification is the process of distinguishing between incidents and events. We describe an automated incident classification system, which uses logistic regression and sentiment analysis to estimate the likelihood that an event is an incident using its textual description. We trained and validated two different models on one dataset and used a different dataset for testing purposes. The model that performed better utilized sentiment analysis at the sentence level as well as at the level of individual verbs, nouns, and adjectives. It achieved 99% accuracy on the validation set and 100% accuracy on the test set over 50% baseline. Overall, we found that using sentiment score increased the model's accuracy, precision, and recall by at least 10% especially when it is applied on several levels of the text. The difference between our approach and the typical human approach is that in our approach we train the system to recognize incidents before any incident actually takes place and our system can recognize incidents even if their descriptions do not include keywords the system previously encountered. [ABSTRACT FROM AUTHOR]