scholarly journals Cyber Threat Discovery from Dark Web

10.29007/nkfk ◽  
2019 ◽  
Author(s):  
Azene Zenebe ◽  
Mufaro Shumba ◽  
Andrei Carillo ◽  
Sofia Cuenca
Keyword(s):  
Machine Learning ◽  
Random Forest Classifier ◽  
Online Forums ◽  
Security Breaches ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Ibm Watson ◽  
Cyber Threat Intelligence ◽  
Dark Web ◽  
Machine Learning Models

In the darknet, hackers are constantly sharing information with each other and learning from each other. These conversations in online forums for example can contain data that may help assist in the discovery of cyber threat intelligence. Cyber Threat Intelligence (CTI) is information or knowledge about threats that can help prevent security breaches in cyberspace. In addition, monitoring and analysis of this data manually is challenging because forum posts and other data on the darknet are high in volume and unstructured. This paper uses descriptive analytics and predicative analytics using machine learning on forum posts dataset from darknet to discover valuable cyber threat intelligence. The IBM Watson Analytics and WEKA machine learning tool were used. Watson Analytics showed trends and relationships in the data. WEKA provided machine learning models to classify the type of exploits targeted by hackers from the form posts. The results showed that Crypter, Password cracker and RATs (Remote Administration Tools), buffer overflow exploit tools, and Keylogger system exploits tools were the most common in the darknet and that there are influential authors who are frequent in the forums. In addition, machine learning helps build classifiers for exploit types. The Random Forest classifier provided a higher accuracy than the Random Tree and Naïve Bayes classifiers. Therefore, analyzing darknet forum posts can provide actionable information as well as machine learning is effective in building classifiers for prediction of exploit types. Predicting exploit types as well as knowing patterns and trends on hackers’ plan helps defend the cyberspace proactively.

scholarly journals Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

2021 ◽  
Vol 1 (1) ◽  
pp. 140-163
Author(s):  
Davy Preuveneers ◽  
Wouter Joosen
Keyword(s):  
Machine Learning ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Learning Models ◽  
Security Threat ◽  
Fine Grained ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

scholarly journals Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence

2021 ◽  
Vol 2021 ◽  
pp. 1-21
Author(s):  
Randa Basheer ◽  
Bassel Alkhatib
Keyword(s):  
State Of The Art ◽  
Deep Web ◽  
Web Content ◽  
Ethical Considerations ◽  
Future Directions ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Surface Web ◽  
Dark Web

From proactive detection of cyberattacks to the identification of key actors, analyzing contents of the Dark Web plays a significant role in deterring cybercrimes and understanding criminal minds. Researching in the Dark Web proved to be an essential step in fighting cybercrime, whether with a standalone investigation of the Dark Web solely or an integrated one that includes contents from the Surface Web and the Deep Web. In this review, we probe recent studies in the field of analyzing Dark Web content for Cyber Threat Intelligence (CTI), introducing a comprehensive analysis of their techniques, methods, tools, approaches, and results, and discussing their possible limitations. In this review, we demonstrate the significance of studying the contents of different platforms on the Dark Web, leading new researchers through state-of-the-art methodologies. Furthermore, we discuss the technical challenges, ethical considerations, and future directions in the domain.

scholarly journals Dark-Web Cyber Threat Intelligence: From Data to Intelligence to Prediction

Information ◽  
2018 ◽  
Vol 9 (12) ◽  
pp. 305
Author(s):  
Paulo Shakarian
Keyword(s):  
Scientific Work ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Security Informatics ◽  
Cyber Threat Intelligence ◽  
Dark Web

Scientific work that leverages information about communities on the deep and dark web has opened up new angles in the field of security informatics. [...]

scholarly journals inTIME: A Machine Learning-Based Framework for Gathering and Leveraging Web Data to Cyber-Threat Intelligence

Electronics ◽  
2021 ◽  
Vol 10 (7) ◽  
pp. 818
Author(s):  
Paris Koloveas ◽  
Thanasis Chantzios ◽  
Sofia Alevizopoulou ◽  
Spiros Skiadopoulos  ◽  
Christos Tryfonopoulos 
Keyword(s):  
Machine Learning ◽  
Web Sites ◽  
Security Analysts ◽  
Holistic View ◽  
Integrated Framework ◽  
Management Platform ◽  
Threat Intelligence ◽  
Wide Range ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

In today’s world, technology has become deep-rooted and more accessible than ever over a plethora of different devices and platforms, ranging from company servers and commodity PCs to mobile phones and wearables, interconnecting a wide range of stakeholders such as households, organizations and critical infrastructures. The sheer volume and variety of the different operating systems, the device particularities, the various usage domains and the accessibility-ready nature of the platforms creates a vast and complex threat landscape that is difficult to contain. Staying on top of these evolving cyber-threats has become an increasingly difficult task that presently relies heavily on collecting and utilising cyber-threat intelligence before an attack (or at least shortly after, to minimize the damage) and entails the collection, analysis, leveraging and sharing of huge volumes of data. In this work, we put forward inTIME, a machine learning-based integrated framework that provides an holistic view in the cyber-threat intelligence process and allows security analysts to easily identify, collect, analyse, extract, integrate, and share cyber-threat intelligence from a wide variety of online sources including clear/deep/dark web sites, forums and marketplaces, popular social networks, trusted structured sources (e.g., known security databases), or other datastore types (e.g., pastebins). inTIME is a zero-administration, open-source, integrated framework that enables security analysts and security stakeholders to (i) easily deploy a wide variety of data acquisition services (such as focused web crawlers, site scrapers, domain downloaders, social media monitors), (ii) automatically rank the collected content according to its potential to contain useful intelligence, (iii) identify and extract cyber-threat intelligence and security artifacts via automated natural language understanding processes, (iv) leverage the identified intelligence to actionable items by semi-automatic entity disambiguation, linkage and correlation, and (v) manage, share or collaborate on the stored intelligence via open standards and intuitive tools. To the best of our knowledge, this is the first solution in the literature to provide an end-to-end cyber-threat intelligence management platform that is able to support the complete threat lifecycle via an integrated, simple-to-use, yet extensible framework.

scholarly journals Informing Cyber Threat Intelligence through Dark Web Situational Awareness: The AZSecure Hacker Assets Portal

2021 ◽  
Vol 2 (4) ◽  
pp. 1-10
Author(s):  
Sagar Samtani ◽  
Weifeng Li ◽  
Victor Benjamin ◽  
Hsinchun Chen
Keyword(s):  
Law Enforcement ◽  
Situational Awareness ◽  
San Antonio ◽  
Web Based ◽  
Log Files ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Significant Attention ◽  
Dark Web

To increase situational awareness, major cybersecurity platforms offer Cyber Threat Intelligence (CTI) about emerging cyber threats, key threat actors, and their modus operandi. However, this intelligence is often reactive, as it analyzes event log files after attacks have already occurred, lacking more active scrutiny of potential threats brewing in cyberspace before an attack has occurred. One intelligence source receiving significant attention is the Dark Web, where significant quantities of malicious hacking tools and other cyber assets are hosted. We present the AZSecure Hacker Assets Portal (HAP). The Dark Web-based HAP collects, analyzes, and reports on the major Dark Web data sources to offer unique perspective of hackers, their cybercriminal assets, and their intentions and motivations, ultimately contributing CTI insights to improve situational awareness. HAP currently supports 200+ users internationally from academic institutions such as UT San Antonio and National Taiwan University, law enforcement entities such as Calgary and Ontario Provincial Police, and industry organizations including General Electric and PayPal.

Sign in / Sign up

Export Citation Format

Share Document