DARKMENTION: A deployed system to predict enterprise-targeted external cyberattacks

Mohammed Almukaynizi, Ericsson Marin, Eric Nunes, Paulo Shakarian, Gerardo I. Simari, Dipsy Kapoor, Timothy Siedlecki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Recent incidents of data breaches call for organizations to proactively identify cyber attacks on their systems. Darkweb/Deepweb (D2web) forums and marketplaces provide environments where hackers anonymously discuss existing vulnerabilities and commercialize malicious software to exploit those vulnerabilities. These platforms offer security practitioners a threat intelligence environment that allows to mine for patterns related to organization-targeted cyber attacks. In this paper, we describe a system (called DARKMENTION) that learns association rules correlating indicators of attacks from D2web to real-world cyber incidents. Using the learned rules, DARKMENTION generates and submits warnings to a Security Operations Center (SOC) prior to attacks. Our goal was to design a system that automatically generates enterprise-targeted warnings that are timely, actionable, accurate, and transparent. We show that DARKMENTION meets our goal. In particular, we show that it outperforms baseline systems that attempt to generate warnings of cyber attacks related to two enterprises with an average increase in F1 score of about 45% and 57%. Additionally, DARKMENTION was deployed as part of a larger system that is built under a contract with the IARPA Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. It is actively producing warnings that precede attacks by an average of 3 days.

Original languageEnglish (US)
Title of host publication2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
EditorsDongwon Lee, Ghita Mezzour, Ponnurangam Kumaraguru, Nitesh Saxena
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages31-36
Number of pages6
ISBN (Electronic)9781538678480
DOIs
StatePublished - Dec 24 2018
Event16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018 - Miami, United States
Duration: Nov 9 2018Nov 11 2018

Other

Other16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018
CountryUnited States
CityMiami
Period11/9/1811/11/18

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Communication

Fingerprint Dive into the research topics of 'DARKMENTION: A deployed system to predict enterprise-targeted external cyberattacks'. Together they form a unique fingerprint.

  • Cite this

    Almukaynizi, M., Marin, E., Nunes, E., Shakarian, P., Simari, G. I., Kapoor, D., & Siedlecki, T. (2018). DARKMENTION: A deployed system to predict enterprise-targeted external cyberattacks. In D. Lee, G. Mezzour, P. Kumaraguru, & N. Saxena (Eds.), 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018 (pp. 31-36). [8587334] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2018.8587334