15 Scopus citations


Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.

Original languageEnglish (US)
Title of host publicationProceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PublisherIEEE Computer Society
Number of pages12
ISBN (Electronic)9781538649220
StatePublished - Jun 8 2018
Event2018 APWG Symposium on Electronic Crime Research, eCrime 2018 - San Diego, United States
Duration: May 15 2018May 17 2018

Publication series

NameeCrime Researchers Summit, eCrime
ISSN (Print)2159-1237
ISSN (Electronic)2159-1245


Other2018 APWG Symposium on Electronic Crime Research, eCrime 2018
Country/TerritoryUnited States
CitySan Diego

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management


Dive into the research topics of 'At-risk system identification via analysis of discussions on the darkweb'. Together they form a unique fingerprint.

Cite this