scholarly journals Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence

2021 ◽  
Vol 2021 ◽  
pp. 1-21
Author(s):  
Randa Basheer ◽  
Bassel Alkhatib
Keyword(s):  
State Of The Art ◽  
Deep Web ◽  
Web Content ◽  
Ethical Considerations ◽  
Future Directions ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Surface Web ◽  
Dark Web

From proactive detection of cyberattacks to the identification of key actors, analyzing contents of the Dark Web plays a significant role in deterring cybercrimes and understanding criminal minds. Researching in the Dark Web proved to be an essential step in fighting cybercrime, whether with a standalone investigation of the Dark Web solely or an integrated one that includes contents from the Surface Web and the Deep Web. In this review, we probe recent studies in the field of analyzing Dark Web content for Cyber Threat Intelligence (CTI), introducing a comprehensive analysis of their techniques, methods, tools, approaches, and results, and discussing their possible limitations. In this review, we demonstrate the significance of studying the contents of different platforms on the Dark Web, leading new researchers through state-of-the-art methodologies. Furthermore, we discuss the technical challenges, ethical considerations, and future directions in the domain.

Information Retrieval in the Hidden Web

2021 ◽  
pp. 50-71
Author(s):  
Shakeel Ahmed ◽  
Shubham Sharma ◽  
Saneh Lata Yadav
Keyword(s):  
Information Retrieval ◽  
Search Engines ◽  
Deep Web ◽  
Web Content ◽  
Web Data ◽  
Hidden Web ◽  
Special Software ◽  
Surface Web ◽  
Dark Web

Information retrieval is finding material of unstructured nature within large collections stored on computers. Surface web consists of indexed content accessible by traditional browsers whereas deep or hidden web content cannot be found with traditional search engines and requires a password or network permissions. In deep web, dark web is also growing as new tools make it easier to navigate hidden content and accessible with special software like Tor. According to a study by Nature, Google indexes no more than 16% of the surface web and misses all of the deep web. Any given search turns up just 0.03% of information that exists online. So, the key part of the hidden web remains inaccessible to the users. This chapter deals with positing some questions about this research. Detailed definitions, analogies are explained, and the chapter discusses related work and puts forward all the advantages and limitations of the existing work proposed by researchers. The chapter identifies the need for a system that will process the surface and hidden web data and return integrated results to the users.

scholarly journals Dark-Web Cyber Threat Intelligence: From Data to Intelligence to Prediction

Information ◽  
2018 ◽  
Vol 9 (12) ◽  
pp. 305
Author(s):  
Paulo Shakarian
Keyword(s):  
Scientific Work ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Security Informatics ◽  
Cyber Threat Intelligence ◽  
Dark Web

Scientific work that leverages information about communities on the deep and dark web has opened up new angles in the field of security informatics. [...]

scholarly journals Informing Cyber Threat Intelligence through Dark Web Situational Awareness: The AZSecure Hacker Assets Portal

2021 ◽  
Vol 2 (4) ◽  
pp. 1-10
Author(s):  
Sagar Samtani ◽  
Weifeng Li ◽  
Victor Benjamin ◽  
Hsinchun Chen
Keyword(s):  
Law Enforcement ◽  
Situational Awareness ◽  
San Antonio ◽  
Web Based ◽  
Log Files ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Significant Attention ◽  
Dark Web

To increase situational awareness, major cybersecurity platforms offer Cyber Threat Intelligence (CTI) about emerging cyber threats, key threat actors, and their modus operandi. However, this intelligence is often reactive, as it analyzes event log files after attacks have already occurred, lacking more active scrutiny of potential threats brewing in cyberspace before an attack has occurred. One intelligence source receiving significant attention is the Dark Web, where significant quantities of malicious hacking tools and other cyber assets are hosted. We present the AZSecure Hacker Assets Portal (HAP). The Dark Web-based HAP collects, analyzes, and reports on the major Dark Web data sources to offer unique perspective of hackers, their cybercriminal assets, and their intentions and motivations, ultimately contributing CTI insights to improve situational awareness. HAP currently supports 200+ users internationally from academic institutions such as UT San Antonio and National Taiwan University, law enforcement entities such as Calgary and Ontario Provincial Police, and industry organizations including General Electric and PayPal.

scholarly journals Cyber Threat Discovery from Dark Web

10.29007/nkfk ◽  
2019 ◽  
Author(s):  
Azene Zenebe ◽  
Mufaro Shumba ◽  
Andrei Carillo ◽  
Sofia Cuenca
Keyword(s):  
Machine Learning ◽  
Random Forest Classifier ◽  
Online Forums ◽  
Security Breaches ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Ibm Watson ◽  
Cyber Threat Intelligence ◽  
Dark Web ◽  
Machine Learning Models

In the darknet, hackers are constantly sharing information with each other and learning from each other. These conversations in online forums for example can contain data that may help assist in the discovery of cyber threat intelligence. Cyber Threat Intelligence (CTI) is information or knowledge about threats that can help prevent security breaches in cyberspace. In addition, monitoring and analysis of this data manually is challenging because forum posts and other data on the darknet are high in volume and unstructured. This paper uses descriptive analytics and predicative analytics using machine learning on forum posts dataset from darknet to discover valuable cyber threat intelligence. The IBM Watson Analytics and WEKA machine learning tool were used. Watson Analytics showed trends and relationships in the data. WEKA provided machine learning models to classify the type of exploits targeted by hackers from the form posts. The results showed that Crypter, Password cracker and RATs (Remote Administration Tools), buffer overflow exploit tools, and Keylogger system exploits tools were the most common in the darknet and that there are influential authors who are frequent in the forums. In addition, machine learning helps build classifiers for exploit types. The Random Forest classifier provided a higher accuracy than the Random Tree and Naïve Bayes classifiers. Therefore, analyzing darknet forum posts can provide actionable information as well as machine learning is effective in building classifiers for prediction of exploit types. Predicting exploit types as well as knowing patterns and trends on hackers’ plan helps defend the cyberspace proactively.

scholarly journals A Shared Cyber Threat Intelligence Solution for SMEs

Electronics ◽  
2021 ◽  
Vol 10 (23) ◽  
pp. 2913
Author(s):  
Max van Haastrecht ◽  
Guy Golpur ◽  
Gilad Tzismadia ◽  
Rolan Kab ◽  
Cristian Priboi ◽  
...  
Keyword(s):  
Systematic Review ◽  
State Of The Art ◽  
Cyber Threats ◽  
Current State ◽  
Intelligence Sharing ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Small- and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future.

Sign in / Sign up

Export Citation Format

Share Document