TY - GEN
T1 - At-risk system identification via analysis of discussions on the darkweb
AU - Nunes, Eric
AU - Shakarian, Paulo
AU - Simari, Gerardo I.
N1 - Funding Information:
Literal L is called the conclusion supported by the argument, and A is the support. An argument 〈B,L〉 is a subargument of 〈A,L′〉 iff B ⊆ A. The following examples discuss arguments for our scenario.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/6/8
Y1 - 2018/6/8
N2 - Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.
AB - Threat assessment of systems is critical to organizations' security policy. Identifying systems likely to be at-risk by threat actors can help organizations better defend against likely cyber attacks. Currently, identifying such systems to a large extent is guided by the Common Vulnerability Scoring System (CVSS). Previous research has demonstrated poor correlation between a high CVSS score and at-risk systems. In this paper, we look at hacker discussions on darkweb marketplaces and forums to identify the platforms, vendors, and products likely to be at-risk by hackers. We propose a reasoning system that combines DeLP (Defeasible Logic Programming) and machine learning classifiers to identify systems based on hacker discussions observed on the darkweb. The resulting system is therefore a hybrid between classical knowledge representation and reasoning techniques and machine learning classifiers. We evaluate the system on hacker discussions collected from nearly 300 darkweb forums and marketplaces provided by a threat intelligence company. We improved precision by 15%-57% while maintaining recall over baseline approaches.
UR - http://www.scopus.com/inward/record.url?scp=85049305944&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049305944&partnerID=8YFLogxK
U2 - 10.1109/ECRIME.2018.8376211
DO - 10.1109/ECRIME.2018.8376211
M3 - Conference contribution
AN - SCOPUS:85049305944
T3 - eCrime Researchers Summit, eCrime
SP - 1
EP - 12
BT - Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
PB - IEEE Computer Society
T2 - 2018 APWG Symposium on Electronic Crime Research, eCrime 2018
Y2 - 15 May 2018 through 17 May 2018
ER -