TY - GEN
T1 - Predicting cyber threats through hacker social networks in darkweb and deepweb forums
AU - Almukaynizi, Mohammed
AU - Grimm, Alexander
AU - Nunes, Eric
AU - Shakarian, Jana
AU - Shakarian, Paulo
N1 - Publisher Copyright:
© 2017 ACM.
Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.
PY - 2017/10/19
Y1 - 2017/10/19
N2 - We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.
AB - We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.
UR - http://www.scopus.com/inward/record.url?scp=85049414628&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049414628&partnerID=8YFLogxK
U2 - 10.1145/3145574.3145590
DO - 10.1145/3145574.3145590
M3 - Conference contribution
AN - SCOPUS:85049414628
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017
PB - Association for Computing Machinery
T2 - 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017
Y2 - 19 October 2017 through 22 October 2017
ER -