Abstract
In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.
Original language | English (US) |
---|---|
Title of host publication | IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 7-12 |
Number of pages | 6 |
ISBN (Electronic) | 9781509038657 |
DOIs | |
State | Published - Nov 15 2016 |
Event | 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 - Tucson, United States Duration: Sep 28 2016 → Sep 30 2016 |
Other
Other | 14th IEEE International Conference on Intelligence and Security Informatics, ISI 2015 |
---|---|
Country | United States |
City | Tucson |
Period | 9/28/16 → 9/30/16 |
Fingerprint
ASJC Scopus subject areas
- Information Systems
- Artificial Intelligence
- Computer Networks and Communications
- Information Systems and Management
- Safety, Risk, Reliability and Quality
Cite this
Darknet and deepnet mining for proactive cybersecurity threat intelligence. / Nunes, Eric; Diab, Ahmad; Gunn, Andrew; Marin, Ericsson; Mishra, Vineet; Paliath, Vivin; Robertson, John; Shakarian, Jana; Thart, Amanda; Shakarian, Paulo.
IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 7-12 7745435.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Darknet and deepnet mining for proactive cybersecurity threat intelligence
AU - Nunes, Eric
AU - Diab, Ahmad
AU - Gunn, Andrew
AU - Marin, Ericsson
AU - Mishra, Vineet
AU - Paliath, Vivin
AU - Robertson, John
AU - Shakarian, Jana
AU - Thart, Amanda
AU - Shakarian, Paulo
PY - 2016/11/15
Y1 - 2016/11/15
N2 - In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.
AB - In this paper, we present an operational system for cyber threat intelligence gathering from various social platforms on the Internet particularly sites on the darknet and deepnet. We focus our attention to collecting information from hacker forum discussions and marketplaces offering products and services focusing on malicious hacking. We have developed an operational system for obtaining information from these sites for the purposes of identifying emerging cyber threats. Currently, this system collects on average 305 high-quality cyber threat warnings each week. These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-Attack. This provides a significant service to cyber-defenders. The system is significantly augmented through the use of various data mining and machine learning techniques. With the use of machine learning models, we are able to recall 92% of products in marketplaces and 80% of discussions on forums relating to malicious hacking with high precision. We perform preliminary analysis on the data collected, demonstrating its application to aid a security expert for better threat analysis.
UR - http://www.scopus.com/inward/record.url?scp=85003876261&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85003876261&partnerID=8YFLogxK
U2 - 10.1109/ISI.2016.7745435
DO - 10.1109/ISI.2016.7745435
M3 - Conference contribution
AN - SCOPUS:85003876261
SP - 7
EP - 12
BT - IEEE International Conference on Intelligence and Security Informatics: Cybersecurity and Big Data, ISI 2016
PB - Institute of Electrical and Electronics Engineers Inc.
ER -