HackerSignal: A Large-Scale Multi-Source Dataset Linking Hacker Community Discourse to the CVE Vulnerability Lifecycle

📅 2026-05-04
📈 Citations: 0
Influential: 0
📄 PDF

career value

212K/year
🤖 AI Summary
This work addresses the absence of large-scale, multi-source, temporally aligned public benchmark datasets that connect hacker community discussions with the full lifecycle of CVE vulnerabilities—from disclosure and exploitation to remediation. We construct and release HackerSignal, a novel dataset aggregating 7.45 million deduplicated documents from 64 sources spanning 1990–2026, unified via CVE identifiers across eight heterogeneous data types, including hacker forums, exploit repositories, security advisories, and code commits. The dataset incorporates precise deduplication, CVE-space alignment, temporal partitioning, and an out-of-distribution (OOD) evaluation framework, accompanied by data tables, audit packages, and Croissant metadata standards. HackerSignal enables three new AI-for-security tasks: cross-source CVE linking, vulnerability type classification, and forward-looking temporal generalization, significantly advancing AI-driven cyber threat intelligence research.
📝 Abstract
We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence (CTI) and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window (1990-2026). In contrast to other publicly accessible cybersecurity datasets, HackerSignal is among the first public benchmark datasets that maps the full potential exploit to vulnerability trajectory from hacker community discourse, exploit databases with working and proof of concept exploits, vulnerability advisories, and software fix commits. HackerSignal creates these linkages through a shared CVE identifier space while preserving source-specific release modes to support a range of unique Artificial Intelligence (AI)-enabled cybersecurity analytics tasks. In this paper, we summarize HackerSignal and illustrate three selected benchmark tasks it uniquely supports: (1) CVE linkage retrieval (cross-source temporal out-of-distribution entity grounding); (2) exploit type classification (8-class vulnerability type prediction with temporal OOD evaluation); and (3) temporal generalization (prospective CVE-disjoint evaluation where C_train and C_test are disjoint). All tasks use temporal splits to evaluate prospective generalization. We release source-shortcut and leakage diagnostics, manual-audit packets, a datasheet, and a release-governance addendum to support the dissemination of the dataset. HackerSignal's code, data, and Croissant metadata are available at hf.co/datasets/BenAmpel/HackerSignal (data) and github.com/BenAmpel/hackersignal (code).
Problem

Research questions and friction points this paper is trying to address.

cyber threat intelligence
CVE linkage
hacker community discourse
vulnerability lifecycle
temporal out-of-distribution
Innovation

Methods, ideas, or system contributions that make the work stand out.

temporal out-of-distribution
cross-source CVE linkage
hacker community discourse
vulnerability lifecycle
prospective generalization
🔎 Similar Papers
No similar papers found.