Given the constant growth and increasing sophistication of cyberattacks, cybersecurity can no longer rely solely on traditional defense techniques and tools. Proactive detection of cyber threats has become essential to help security teams identify potential risks and implement effective mitigation measures. Cyber Threat Intelligence (CTI) plays a key role by providing security analysts with evidence-based knowledge about cyber threats. CTI information can be extracted using various techniques and data sources; however, machine learning has proven promising. As for data sources, social networks and online discussion forums are commonly explored. In this study, we apply text mining techniques and machine learning to data collected from Dark Web forums in Brazilian Portuguese to identify malicious posts. Our contributions include the creation of three original datasets, a novel multi-stage labeling process combining indicators of compromise (IoCs), contextual keywords, and manual analysis, and a comprehensive evaluation of text representations and classifiers. To our knowledge, this is the first study to focus specifically on Brazilian Portuguese content in this domain. The best-performing model, using LightGBM and TF-IDF, was able to detect relevant posts with high accuracy. We also applied topic modeling to validate the model's outputs on unlabeled data, confirming its robustness in real-world scenarios.

翻译：鉴于网络攻击的持续增长与日益复杂化，网络安全已无法仅依赖传统防御技术与工具。主动检测网络威胁对于协助安全团队识别潜在风险并实施有效缓解措施至关重要。网络威胁情报通过向安全分析师提供基于证据的网络威胁知识，发挥着关键作用。CTI信息可通过多种技术与数据源提取；然而，机器学习已被证明具有广阔前景。在数据源方面，社交网络与在线讨论论坛是常见的研究对象。本研究将文本挖掘技术与机器学习应用于从巴西葡萄牙语暗网论坛收集的数据，以识别恶意帖子。我们的贡献包括创建三个原创数据集、一种结合入侵指标、上下文关键词与人工分析的新型多阶段标注流程，以及对文本表示方法与分类器的全面评估。据我们所知，这是该领域首个专门针对巴西葡萄牙语内容的研究。采用LightGBM与TF-IDF的最佳性能模型能够以高精度检测相关帖子。我们还应用主题建模在未标注数据上验证模型输出，证实了其在真实场景中的鲁棒性。