Abstract

Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PublisherIEEE Computer Society
Pages1-12
Number of pages12
Volume2018-May
ISBN (Electronic)9781538649220
DOIs
StatePublished - Jun 8 2018
Event2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States
Duration: May 15 2018May 17 2018

Other

Other2018 APWG Symposium on Electronic Crime Research, eCrime 2018
CountryUnited States
CitySan Diego
Period5/15/185/17/18

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management

Fingerprint Dive into the research topics of 'At-risk system identification via analysis of discussions on the darkweb'. Together they form a unique fingerprint.

  • Cite this

    Nunes, E., Shakarian, P., & Simari, G. I. (2018). At-risk system identification via analysis of discussions on the darkweb. In Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018 (Vol. 2018-May, pp. 1-12). IEEE Computer Society. https://doi.org/10.1109/ECRIME.2018.8376211