Predicting cyber threats through hacker social networks in darkweb and deepweb forums

Mohammed Almukaynizi; Alexander Grimm; Eric Nunes; Jana Shakarian; Paulo Shakarian

doi:10.1145/3145574.3145590

Predicting cyber threats through hacker social networks in darkweb and deepweb forums

Mohammed Almukaynizi, Alexander Grimm, Eric Nunes, Jana Shakarian, Paulo Shakarian

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

24 Scopus citations

Abstract

We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.

Original language	English (US)
Title of host publication	Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017
Publisher	Association for Computing Machinery
ISBN (Electronic)	9781450352697
DOIs	https://doi.org/10.1145/3145574.3145590
State	Published - Oct 19 2017
Event	2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017 - Santa Fe, United States Duration: Oct 19 2017 → Oct 22 2017

Publication series

Name	ACM International Conference Proceeding Series

Other

Other	2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017
Country/Territory	United States
City	Santa Fe
Period	10/19/17 → 10/22/17

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Access to Document

10.1145/3145574.3145590

Cite this

Almukaynizi, M., Grimm, A., Nunes, E., Shakarian, J., & Shakarian, P. (2017). Predicting cyber threats through hacker social networks in darkweb and deepweb forums. In Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017 Article a12 (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3145574.3145590

Predicting cyber threats through hacker social networks in darkweb and deepweb forums. / Almukaynizi, Mohammed; Grimm, Alexander; Nunes, Eric et al.
Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017. Association for Computing Machinery, 2017. a12 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Almukaynizi, M, Grimm, A, Nunes, E, Shakarian, J & Shakarian, P 2017, Predicting cyber threats through hacker social networks in darkweb and deepweb forums. in Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017., a12, ACM International Conference Proceeding Series, Association for Computing Machinery, 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017, Santa Fe, United States, 10/19/17. https://doi.org/10.1145/3145574.3145590

Almukaynizi M, Grimm A, Nunes E, Shakarian J, Shakarian P. Predicting cyber threats through hacker social networks in darkweb and deepweb forums. In Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017. Association for Computing Machinery. 2017. a12. (ACM International Conference Proceeding Series). doi: 10.1145/3145574.3145590

@inproceedings{8328de492c9f44f794973294b37e9b00,

title = "Predicting cyber threats through hacker social networks in darkweb and deepweb forums",

abstract = "We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.",

author = "Mohammed Almukaynizi and Alexander Grimm and Eric Nunes and Jana Shakarian and Paulo Shakarian",

note = "Publisher Copyright: {\textcopyright} 2017 ACM. Copyright: Copyright 2018 Elsevier B.V., All rights reserved.; 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017 ; Conference date: 19-10-2017 Through 22-10-2017",

year = "2017",

month = oct,

day = "19",

doi = "10.1145/3145574.3145590",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

booktitle = "Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017",

}

TY - GEN

T1 - Predicting cyber threats through hacker social networks in darkweb and deepweb forums

AU - Almukaynizi, Mohammed

AU - Grimm, Alexander

AU - Nunes, Eric

AU - Shakarian, Jana

AU - Shakarian, Paulo

PY - 2017/10/19

Y1 - 2017/10/19

N2 - We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.

AB - We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.

UR - http://www.scopus.com/inward/record.url?scp=85049414628&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049414628&partnerID=8YFLogxK

U2 - 10.1145/3145574.3145590

DO - 10.1145/3145574.3145590

M3 - Conference contribution

AN - SCOPUS:85049414628

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017

PB - Association for Computing Machinery

T2 - 2017 International Conference of the Computational Social Science Society of the Americas, CSS 2017

Y2 - 19 October 2017 through 22 October 2017

ER -

Predicting cyber threats through hacker social networks in darkweb and deepweb forums

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this