DARKMENTION: A Deployed System to Predict Enterprise-Targeted External Cyberattacks

Almukaynizi, Mohammed; Marin, Ericsson; Nunes, Eric; Shakarian, Paulo; Simari, Gerardo I.; Kapoor, Dipsy; Siedlecki, Timothy

doi:10.1109/isi.2018.8587334

Cited by 15 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recommender systems are also considered in vulnerability assessment and scoring [13], [14]. Identification of systems at risk via analysis of discussion on the darkweb can be found in work by Almukaynizi, et al [15]. Nevertheless, network defense and incident handling are lacking recommender systems or similar tools.…”

Section: Background and Related Workmentioning

confidence: 99%

Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents

Husák

2021

2021 IEEE International Conference on Intelligence and Security Informatics (ISI)

View full text Add to dashboard Cite

Effective triage is of utmost importance for cybersecurity incident response, namely in handling ransomware or similar incidents in which the attacker may use self-propagating worms, infected files, or email attachments to spread malware. If a device is infected, it is vital to know which other devices can be infected too or are immediately threatened. The number and heterogeneity of devices in today's network complicate situational awareness of incident handlers, and, thus, we propose a recommender system that uses network monitoring data to prioritize devices in the network based on their similarity and proximity to an already infected device. The system enumerates devices in close proximity in terms of physical and logical network topology and sorts them by their similarity given by the similarity of their behavioral profile, fingerprint, or common history. The incident handlers can use the recommendation to promptly prevent malware from spreading or trace the attacker's lateral movement.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents

Husák

2021

2021 IEEE International Conference on Intelligence and Security Informatics (ISI)

View full text Add to dashboard Cite

show abstract

“…• Security software: SIEM systems [80], intrusion detection/prevention systems [37], [103], [107], [128], [162], [173], [174], firewalls [37], [104], [127], [128], [174], anti-virus software [37], [111], [127], vulnerability scanners [173], identity and access management [104] • Network assets: Switches [104], [173], routers [104], [128], [173], servers [104], [127], [173], hosts [104], [173], proxies [174] • Virtualization environments: Hypervisor, virtual machine introspection, cloud environments [80] • Operational technology: Sensors, actuators, PLCs • Other Software: Open-Source Big Data Analytics [80], databases [173], identity and access management [173], mailserver [174], operating systems [111], [174] • Physical security assets: Security cameras, access control • External (Threat) Intelligence: Geolocation and DNS lookup [80], open source intelligence (OSINT) [47], [129], intelligence from threat sharing platforms or other organizations [130]- [132] • People:…”

Section: ) Data Collectionmentioning

confidence: 99%

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

“…In another work, Almukaynizi et al [26] introduced the DARKMENTION system that employs association rules to find correlations between threats mentioned on Dark and Deep Webs and real-world cyber incidents. By using the discovered correlations, the system generates warnings to cybersecurity organizations promptly.…”

Section: Detecting and Predictingmentioning

confidence: 99%

Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence

Basheer

Alkhatib

2021

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

From proactive detection of cyberattacks to the identification of key actors, analyzing contents of the Dark Web plays a significant role in deterring cybercrimes and understanding criminal minds. Researching in the Dark Web proved to be an essential step in fighting cybercrime, whether with a standalone investigation of the Dark Web solely or an integrated one that includes contents from the Surface Web and the Deep Web. In this review, we probe recent studies in the field of analyzing Dark Web content for Cyber Threat Intelligence (CTI), introducing a comprehensive analysis of their techniques, methods, tools, approaches, and results, and discussing their possible limitations. In this review, we demonstrate the significance of studying the contents of different platforms on the Dark Web, leading new researchers through state-of-the-art methodologies. Furthermore, we discuss the technical challenges, ethical considerations, and future directions in the domain.

show abstract

DARKMENTION: A Deployed System to Predict Enterprise-Targeted External Cyberattacks

Cited by 15 publications

References 11 publications

Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents

Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents

Security Operations Center: A Systematic Study and Open Challenges

Threats from the Dark: A Review over Dark Web Investigation Research for Cyber Threat Intelligence

Contact Info

Product

Resources

About