Abstract

Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PublisherIEEE Computer Society
Pages1-12
Number of pages12
ISBN (Electronic)9781538649220
DOIs
StatePublished - Jun 8 2018
Event2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States
Duration: May 15 2018May 17 2018

Publication series

NameeCrime Researchers Summit, eCrime
Volume2018-May
ISSN (Print)2159-1237
ISSN (Electronic)2159-1245

Other

Other2018 APWG Symposium on Electronic Crime Research, eCrime 2018
CountryUnited States
CitySan Diego
Period5/15/185/17/18

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management

Fingerprint Dive into the research topics of 'At-risk system identification via analysis of discussions on the darkweb'. Together they form a unique fingerprint.

Cite this