TY - GEN
T1 - Finding cryptocurrency attack indicators using temporal logic and darkweb data
AU - Almukaynizi, Mohammed
AU - Paliath, Vivin
AU - Shah, Malay
AU - Shah, Malav
AU - Shakarian, Paulo
N1 - Funding Information:
ACKNOWLEDGMENT Some of the authors were supported by the Office of Naval Research (ONR) Neptune program. Paulo Shakarian, Vivin Paliath, Malay Shah, and Malav Shah are supported by the Office of the Director of National Intelligence (ODNI) and the Intelligence Advanced Research Projects Activity (IARPA) via the Air Force Research Laboratory (AFRL) contract number FA8750-16-C-0112. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. Disclaimer: The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ODNI, IARPA, AFRL, or the U.S. Government.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/24
Y1 - 2018/12/24
N2 - With the recent prevalence of darkweb/deepweb (D2web) sites specializing in the trade of exploit kits and malware, malicious actors have easy-access to a wide-range of tools that can empower their offensive capability. In this study, we apply concepts from causal reasoning, itemset mining, and logic programming on historical cryptocurrency-related cyber incidents with intelligence collected from over 400 D2web hacker forums. Our goal was to find indicators of cyber threats targeting cryptocurrency traders and exchange platforms from hacker activity. Our approach found interesting activities that, when observed together in the D2web, subsequent cryptocurrency-related incidents are at least twice as likely to occur than they would if no activity was observed. We also present an algorithmic extension to a previously-introduced algorithm called APT-Extract that allows to model new semantic structures that are specific to our application.
AB - With the recent prevalence of darkweb/deepweb (D2web) sites specializing in the trade of exploit kits and malware, malicious actors have easy-access to a wide-range of tools that can empower their offensive capability. In this study, we apply concepts from causal reasoning, itemset mining, and logic programming on historical cryptocurrency-related cyber incidents with intelligence collected from over 400 D2web hacker forums. Our goal was to find indicators of cyber threats targeting cryptocurrency traders and exchange platforms from hacker activity. Our approach found interesting activities that, when observed together in the D2web, subsequent cryptocurrency-related incidents are at least twice as likely to occur than they would if no activity was observed. We also present an algorithmic extension to a previously-introduced algorithm called APT-Extract that allows to model new semantic structures that are specific to our application.
UR - http://www.scopus.com/inward/record.url?scp=85058996587&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85058996587&partnerID=8YFLogxK
U2 - 10.1109/ISI.2018.8587361
DO - 10.1109/ISI.2018.8587361
M3 - Conference contribution
AN - SCOPUS:85058996587
T3 - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
SP - 91
EP - 93
BT - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
A2 - Lee, Dongwon
A2 - Mezzour, Ghita
A2 - Kumaraguru, Ponnurangam
A2 - Saxena, Nitesh
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018
Y2 - 9 November 2018 through 11 November 2018
ER -