Abstract

Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PublisherIEEE Computer Society
Pages1-12
Number of pages12
Volume2018-May
ISBN (Electronic)9781538649220
DOIs
StatePublished - Jun 8 2018
Event2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States
Duration: May 15 2018May 17 2018

Other

Other2018 APWG Symposium on Electronic Crime Research, eCrime 2018
CountryUnited States
CitySan Diego
Period5/15/185/17/18

Fingerprint

Identification (control systems)
Learning systems
Classifiers
Logic programming
Knowledge representation
System identification
Industry
Threat

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management

Cite this

Nunes, E., Shakarian, P., & Simari, G. I. (2018). At-risk system identification via analysis of discussions on the darkweb. In Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 (Vol. 2018-May, pp. 1-12). IEEE Computer Society. https://doi.org/10.1109/ECRIME.2018.8376211

At-risk system identification via analysis of discussions on the darkweb. / Nunes, Eric; Shakarian, Paulo; Simari, Gerardo I.

Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May IEEE Computer Society, 2018. p. 1-12.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Nunes, E, Shakarian, P & Simari, GI 2018, At-risk system identification via analysis of discussions on the darkweb. in Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. vol. 2018-May, IEEE Computer Society, pp. 1-12, 2018 APWG Symposium on Electronic Crime Research, eCrime 2018, San Diego, United States, 5/15/18. https://doi.org/10.1109/ECRIME.2018.8376211
Nunes E, Shakarian P, Simari GI. At-risk system identification via analysis of discussions on the darkweb. In Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May. IEEE Computer Society. 2018. p. 1-12 https://doi.org/10.1109/ECRIME.2018.8376211
Nunes, Eric ; Shakarian, Paulo ; Simari, Gerardo I. / At-risk system identification via analysis of discussions on the darkweb. Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018. Vol. 2018-May IEEE Computer Society, 2018. pp. 1-12
@inproceedings{52bd21a458e94cc5a619f1f2b4e5972d,
title = "At-risk system identification via analysis of discussions on the darkweb",
abstract = "Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15{\%}-57{\%} while maintaining recall over baseline approaches.",
author = "Eric Nunes and Paulo Shakarian and Simari, {Gerardo I.}",
year = "2018",
month = "6",
day = "8",
doi = "10.1109/ECRIME.2018.8376211",
language = "English (US)",
volume = "2018-May",
pages = "1--12",
booktitle = "Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018",
publisher = "IEEE Computer Society",

}

TY - GEN

T1 - At-risk system identification via analysis of discussions on the darkweb

AU - Nunes, Eric

AU - Shakarian, Paulo

AU - Simari, Gerardo I.

PY - 2018/6/8

Y1 - 2018/6/8

N2 - Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.

AB - Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.

UR - http://www.scopus.com/inward/record.url?scp=85049305944&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049305944&partnerID=8YFLogxK

U2 - 10.1109/ECRIME.2018.8376211

DO - 10.1109/ECRIME.2018.8376211

M3 - Conference contribution

VL - 2018-May

SP - 1

EP - 12

BT - Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018

PB - IEEE Computer Society

ER -