Darknet and deepnet mining for proactive cybersecurity threat intelligence

Eric Nunes; Ahmad Diab; Andrew Gunn; Ericsson Marin; Vineet Mishra; Vivin Paliath; John Robertson; Jana Shakarian; Amanda Thart; Paulo Shakarian

doi:10.1109/ISI.2016.7745435

Darknet and deepnet mining for proactive cybersecurity threat intelligence

Eric Nunes, Ahmad Diab, Andrew Gunn, Ericsson Marin, Vineet Mishra, Vivin Paliath, John Robertson, Jana Shakarian, Amanda Thart, Paulo Shakarian

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

103 Scopus citations

Abstract

In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.

Original language	English (US)
Title of host publication	IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publication	Cybersecurity and Big Data, ISI 2016
Editors	Wenji Mao, G. Alan Wang, Lina Zhou, Lisa Kaati
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	7-12
Number of pages	6
ISBN (Electronic)	9781509038657
DOIs	https://doi.org/10.1109/ISI.2016.7745435
State	Published - Nov 15 2016
Event	14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Tucson, United States Duration: Sep 28 2016 → Sep 30 2016

Publication series

Name	IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016

Other

Other	14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015
Country/Territory	United States
City	Tucson
Period	9/28/16 → 9/30/16

ASJC Scopus subject areas

Information Systems
Artificial Intelligence
Computer Networks and Communications
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/ISI.2016.7745435

Cite this

Nunes, E., Diab, A., Gunn, A., Marin, E., Mishra, V., Paliath, V., Robertson, J., Shakarian, J., Thart, A., & Shakarian, P. (2016). Darknet and deepnet mining for proactive cybersecurity threat intelligence. In W. Mao, G. A. Wang, L. Zhou, & L. Kaati (Eds.), IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016 (pp. 7-12). [7745435] (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2016.7745435

Darknet and deepnet mining for proactive cybersecurity threat intelligence. / Nunes, Eric; Diab, Ahmad; Gunn, Andrew et al.

IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. ed. / Wenji Mao; G. Alan Wang; Lina Zhou; Lisa Kaati. Institute of Electrical and Electronics Engineers Inc., 2016. p. 7-12 7745435 (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nunes, E, Diab, A, Gunn, A, Marin, E, Mishra, V, Paliath, V, Robertson, J, Shakarian, J, Thart, A & Shakarian, P 2016, Darknet and deepnet mining for proactive cybersecurity threat intelligence. in W Mao, GA Wang, L Zhou & L Kaati (eds), IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016., 7745435, IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016, Institute of Electrical and Electronics Engineers Inc., pp. 7-12, 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Tucson, United States, 9/28/16. https://doi.org/10.1109/ISI.2016.7745435

Nunes E, Diab A, Gunn A, Marin E, Mishra V, Paliath V et al. Darknet and deepnet mining for proactive cybersecurity threat intelligence. In Mao W, Wang GA, Zhou L, Kaati L, editors, IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 7-12. 7745435. (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016). https://doi.org/10.1109/ISI.2016.7745435

Nunes, Eric ; Diab, Ahmad ; Gunn, Andrew et al. / Darknet and deepnet mining for proactive cybersecurity threat intelligence. IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. editor / Wenji Mao ; G. Alan Wang ; Lina Zhou ; Lisa Kaati. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 7-12 (IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016).

@inproceedings{501b2838c4c14180bccd65f55ba840c0,

title = "Darknet and deepnet mining for proactive cybersecurity threat intelligence",

abstract = "In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.",

author = "Eric Nunes and Ahmad Diab and Andrew Gunn and Ericsson Marin and Vineet Mishra and Vivin Paliath and John Robertson and Jana Shakarian and Amanda Thart and Paulo Shakarian",

year = "2016",

month = nov,

day = "15",

doi = "10.1109/ISI.2016.7745435",

language = "English (US)",

series = "IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "7--12",

editor = "Wenji Mao and Wang, {G. Alan} and Lina Zhou and Lisa Kaati",

booktitle = "IEEE International Conference on Intelligence and Security Informatics",

note = "14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 ; Conference date: 28-09-2016 Through 30-09-2016",

}

TY - GEN

T1 - Darknet and deepnet mining for proactive cybersecurity threat intelligence

AU - Nunes, Eric

AU - Diab, Ahmad

AU - Gunn, Andrew

AU - Marin, Ericsson

AU - Mishra, Vineet

AU - Paliath, Vivin

AU - Robertson, John

AU - Shakarian, Jana

AU - Thart, Amanda

AU - Shakarian, Paulo

PY - 2016/11/15

Y1 - 2016/11/15

N2 - In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.

AB - In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.

UR - http://www.scopus.com/inward/record.url?scp=85003876261&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85003876261&partnerID=8YFLogxK

U2 - 10.1109/ISI.2016.7745435

DO - 10.1109/ISI.2016.7745435

M3 - Conference contribution

AN - SCOPUS:85003876261

T3 - IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016

SP - 7

EP - 12

BT - IEEE International Conference on Intelligence and Security Informatics

A2 - Mao, Wenji

A2 - Wang, G. Alan

A2 - Zhou, Lina

A2 - Kaati, Lisa

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015

Y2 - 28 September 2016 through 30 September 2016

ER -

Darknet and deepnet mining for proactive cybersecurity threat intelligence

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this