Saved in:
Bibliographic Details
Main Authors: Arikkat, Dincy R., T., Sneha B., Nicolazzo, Serena, Nocera, Antonino, P., Vinod, A., Rafidha Rehiman K., R, Karthika
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.20943
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911175904591872
author Arikkat, Dincy R.
T., Sneha B.
Nicolazzo, Serena
Nocera, Antonino
P., Vinod
A., Rafidha Rehiman K.
R, Karthika
author_facet Arikkat, Dincy R.
T., Sneha B.
Nicolazzo, Serena
Nocera, Antonino
P., Vinod
A., Rafidha Rehiman K.
R, Karthika
contents Cyber Threat Intelligence (CTI) enables organizations to anticipate, detect, and mitigate evolving cyber threats. Its effectiveness depends on high-quality datasets, which support model development, training, evaluation, and benchmarking. Building such datasets is crucial, as attack vectors and adversary tactics continually evolve. Recently, Telegram has gained prominence as a valuable CTI source, offering timely and diverse threat-related information that can help address these challenges. In this work, we address these challenges by presenting an end-to-end automated pipeline that systematically collects and filters threat-related content from Telegram. The pipeline identifies relevant Telegram channels and scrapes 145,349 messages from 12 curated channels out of 150 identified sources. To accurately filter threat intelligence messages from generic content, we employ a BERT-based classifier, achieving an accuracy of 96.64%. From the filtered messages, we compile a dataset of 86,509 malicious Indicators of Compromise, including domains, IPs, URLs, hashes, and CVEs. This approach not only produces a large-scale, high-fidelity CTI dataset but also establishes a foundation for future research and operational applications in cyber threat detection.
format Preprint
id arxiv_https___arxiv_org_abs_2509_20943
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle CTI Dataset Construction from Telegram
Arikkat, Dincy R.
T., Sneha B.
Nicolazzo, Serena
Nocera, Antonino
P., Vinod
A., Rafidha Rehiman K.
R, Karthika
Cryptography and Security
Artificial Intelligence
Emerging Technologies
Cyber Threat Intelligence (CTI) enables organizations to anticipate, detect, and mitigate evolving cyber threats. Its effectiveness depends on high-quality datasets, which support model development, training, evaluation, and benchmarking. Building such datasets is crucial, as attack vectors and adversary tactics continually evolve. Recently, Telegram has gained prominence as a valuable CTI source, offering timely and diverse threat-related information that can help address these challenges. In this work, we address these challenges by presenting an end-to-end automated pipeline that systematically collects and filters threat-related content from Telegram. The pipeline identifies relevant Telegram channels and scrapes 145,349 messages from 12 curated channels out of 150 identified sources. To accurately filter threat intelligence messages from generic content, we employ a BERT-based classifier, achieving an accuracy of 96.64%. From the filtered messages, we compile a dataset of 86,509 malicious Indicators of Compromise, including domains, IPs, URLs, hashes, and CVEs. This approach not only produces a large-scale, high-fidelity CTI dataset but also establishes a foundation for future research and operational applications in cyber threat detection.
title CTI Dataset Construction from Telegram
topic Cryptography and Security
Artificial Intelligence
Emerging Technologies
url https://arxiv.org/abs/2509.20943