Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization

Fachkha, Claude; Debbabi, Mourad

doi:10.1109/comst.2015.2497690

Cited by 103 publications

(52 citation statements)

References 143 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Benjamin et al proposed a method for extracting information from hacker forums, IRC channels, and carding shops to identify threats [14]. In addition, Fachkha and Debbabi characterized the darknet and compared several methods for extracting threat information there [15].…”

Section: Collectionmentioning

confidence: 99%

Automated Dataset Generation System for Collaborative Research of Cyber Threat Analysis

Kim

2019

Security and Communication Networks

View full text Add to dashboard Cite

The objectives of cyberattacks are becoming sophisticated, and attackers are concealing their identity by masquerading as other attackers. Cyber threat intelligence (CTI) is gaining attention as a way to collect meaningful knowledge to better understand the intention of an attacker and eventually predict future attacks. A systemic threat analysis based on data acquired from actual cyber incidents is a useful approach to generating intelligence for such an objective. Developing an analysis technique requires a high volume and fine quality data. However, researchers can become discouraged by an inaccessibility to data because organizations rarely release their data to the research community. Owing to a data inaccessibility issue, academic research tends to be biased toward techniques that develope steps of the CTI process other than analysis and production.In this paper, we propose an automated dataset generation system called CTIMiner. The system collects threat data from publicly available security reports and malware repositories. The data are stored in a structured format. We released the source codes and dataset to the public, including approximately 640,000 records from 612 security reports published from January 2008 to June 2019. In addition, we present a statistical feature of the dataset and techniques that can be developed using it. Moreover, we demonstrate an application example of the dataset that analyzes the correlation and characteristics of an incident. We believe our dataset will promote collaborative research on threat analysis for the generation of CTI.

show abstract

Section: Collectionmentioning

confidence: 99%

Automated Dataset Generation System for Collaborative Research of Cyber Threat Analysis

Kim

2019

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…There are significant challenges in assessing possible threats and in keeping such assessments accurate, given advances in technologies and in their uses, such as the evolving "dark net" (Fachkha & Debbabi, 2016;Lacson & Jones, 2016), and the growing offensive capabilities of a few countries and of groups of individuals, including terrorists (Liff, 2012;Lindsay, 2015), plus a great many everyday cybercriminals (Akamai, 2016;Cisco, 2017). South Africa has been the country most often attacked in Africa (Wolfpack, 2013;TMG Digital, 2016;Van Heerden, Von Soms, & Mooi, 2016), with an estimated cost in 2014 of ZAR5.8 billion (Fripp, 2014).…”

Section: Governance Of Cybersecurity -The Case Of South Africamentioning

confidence: 99%

Governance of Cybersecurity - The Case of South Africa

Sutherland¹

2017

Afr. j. inf. commun. (Online)

View full text Add to dashboard Cite

Cybersecurity is a growing concern for governments, with the push for universal access to the Internet, the increasing ubiquity of social networks and the growing reliance on digital government service, and given a growing range of threats from foreign powers, terrorists and criminals. These complex issues span all government ministries, their agencies and contractors, plus provincial and municipal government, and require the state to create legal frameworks and agencies to protect data and offer advice to businesses and citizens, plus ensuring a sufficient supply of skilled technicians and engineers. In the case of South Africa, its government responded in 2015 with a National Cybersecurity Policy Framework (NCPF), with implementation led by the Ministry of State Security. The Protection of Personal Information (POPI) Act of 2013 created the Information Regulator to ensure data privacy. The POPI regime is only being implemented slowly and has overly wide exemptions for national security. South Africa lags behind advanced economies in cybersecurity legislation, in government coordination, in engagement with business and citizens, and in the supply of skilled labour. Delays have meant it lacks the experiences obtained in faster moving countries, and the improvements they have made to their policies and, especially, implementation. Parliament has neither pressed the government for faster action nor explored areas where powers might have been taken that infringe human rights.

show abstract

“…Reference [12] provided an in-depth survey of darknet traffic analysis. The authors discussed a taxonomy of DDoS attacks and different types of scanning events in Ref.…”

Section: Related Workmentioning

confidence: 99%

An Evaluation of Darknet Traffic Taxonomy

Fukuda

2018

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies. Among them darknet provides an effective passive monitoring one. Darknets refer to the globally routable but still unused IP address spaces. They are often used to monitor unexpected incoming network traffic, and serve as an effective network traffic measurement approach for viewing certain remote network security activities. Previous works in this field discussed possible causes (i.e., anomalies) of darknet traffic and applied their classification schemes on short-term traces. Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data. To reach these goals, we propose a simple darknet traffic taxonomy based on network traffic rules, and evaluate it with two darknet traces: one covering 12 years since 2006, while the other covering 11 years since 2007. The evaluation results reveal the effectiveness of this taxonomy: we are able to label over 94% of all source IPs with anomalies defined by the taxonomy, leaving the unlabeled source ratio low. We also examine the evolution of different anomalies since 2006 (especially in recent years), analyze the temporal and spatial dependency and parameter dependency of darknet traffic, and conclude that most sources in the datasets are characterized by just one or two anamalies with simple attack mechanisms. Moreover, we compare the taxonomy with a one-way traffic analysis tool (i.e., iatmon) to better understand their differences.

show abstract

Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization

Cited by 103 publications

References 143 publications

Automated Dataset Generation System for Collaborative Research of Cyber Threat Analysis

Automated Dataset Generation System for Collaborative Research of Cyber Threat Analysis

Governance of Cybersecurity - The Case of South Africa

An Evaluation of Darknet Traffic Taxonomy

Contact Info

Product

Resources

About