Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

Samtani, Sagar; Chinn, Ryan; Chen, Hsinchun; Nunamaker, Jay F.

doi:10.1080/07421222.2017.1394049

Cited by 138 publications

(67 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In recent days , due to enormous available of accessing resources and evolution of innovating technologies, anyone who are interested in any type of hacking can involve themselves in exploring the TTP's used by the hacker communities can acquire their knowledge through forums, IRC, carding shops etc., [21].On day today basis, the exploits are increasing and made as commercialization [22]and become lively for hacker community. [24]Cyber-attacks affect the global economy of many billion dollar in preventing from [18] execution of malicious tools like trojans, zeus, ransomware and keyloggers, SQL injections, and DDoS from United States, Russia, and China. To prevent the cyber-attacks the vendors like FireEye, Cyveillance, Symantec, McAfee, Trend Micro, Sophos, and Kaspersky involved in the generation of Cyber Threat Intelligence (CTI) reports.…”

Section: Online Forums and Cti Reportsmentioning

confidence: 99%

“…The cyber threat Intelligence is used to act proactively toward detecting the zero -day attacks using machine learning techniques against the hackers. [18]Since in the existing approaches followed by the Academia, research communities and CTI report generation are reactive instead it has to be proactive in composing the information from the forums of online hackers including the tools and adversaries' profile. There are many hacker's forum available online to exchange the knowledge and the content of the tools and the techniques used in the attack patterns(For example, U.S. forums mainly deals with cybercrime and general hacking, Russian forums focus on underground economies and data breaches, Chinese forums share about cyber warfare and virtual goods) .The participants in the forum maximum are unskilled and novices can be develop to skilled high level of profile by accessing through posted link of keywords or phrases which enables the users can access the information and also share hyperlinks, pictures, videos, source code, attachments to disseminate the malicious.…”

Section: Online Forums and Cti Reportsmentioning

confidence: 99%

See 1 more Smart Citation

Prediction of Adversary’s TTP using Caldera

2019

IJITEE

View full text Add to dashboard Cite

Due to the ubiquity of the internet in all the lines of the disciplines, cyber security becomes essential in day to day life. To make the cyber assets resilient from the challenging attacks like Advanced Persistent Threats (APT), the experts needs a strategic rules and proactive decision-making models The Caldera is a adversarial emulator for both blue and red team to test the APT along with the cyber kill chain(CKC).The resilience could be achieved when the blue team and red team work together in analyzing the cyber threats based on the probabilistic of creating adversarial profile with different characteristic helps in finding the priority of the assets of the organization from the point of an adversary in launching the cyber -attack.

show abstract

Section: Online Forums and Cti Reportsmentioning

confidence: 99%

Section: Online Forums and Cti Reportsmentioning

confidence: 99%

Prediction of Adversary’s TTP using Caldera

2019

IJITEE

View full text Add to dashboard Cite

show abstract

“…Hackers use these message boards to post messages within threads of conversations related to hacking tools, techniques, and malicious source code. Among the four major platforms, forums are the only one allowing hackers to post malicious exploits for others to freely download [5]. The open sharing of hacking assets enables individuals with limited hacking skills to become capable of conducting cyberattacks [4].…”

Section: ) Hacker Forumsmentioning

confidence: 99%

Identifying, Collecting, and Presenting Hacker Community Data: Forums, IRC, Carding Shops, and DNMs

Zhang

Ebrahimi

et al. 2018

2018 IEEE International Conference on Intelligence and Security Informatics (ISI)

Self Cite

View full text Add to dashboard Cite

Cyber-attacks cost the global economy over $450 billion annually. To combat this issue, researchers and practitioners put enormous efforts into developing Cyber Threat Intelligence, or the process of identifying emerging threats and key hackers. However, the reliance on internal network data to has resulted in inherently reactive intelligence. CTI experts have urged the importance of proactively studying the large, everevolving online hacker community. Despite their CTI value, collecting data from hacker community platforms is a non-trivial task. In this paper, we summarize our efforts in systematically identifying and automatically collecting a large-scale of hacker forums, carding shops, Internet-Relay-Chat, and DarkNet Marketplaces. We also present our efforts to provide this data to the larger CTI community via the AZSecure Hacker Assets Portal (www.azsecure-hap.com). With our methodology, we collected 102 platforms for a total of 43,902,913 records. To the best of our knowledge, this compilation of hacker community data is the largest such collection in academia, and can enable a numerous novel and valuable proactive CTI research inquiries.

show abstract

“…In the second category more work has been done on non-English platforms. In [7], Support Vector Machine (SVM) was used in a monolingual setting to classify malware source codes on eight forums in English and Russian. In their approach, Russian data was machine translated to English using Google Translate.…”

Section: A Cyber Threat Detection In Hacker Communitymentioning

confidence: 99%

“…While labeled data in English is often available, the language barrier results in limited labeled data in non-English DNMs which hinders cyber threat detection. Current studies use machine translation (MT) to tackle this challenge [7]- [9]. However, informal, nongrammatical and hacker-specific language causes translation errors.…”

Section: Introductionmentioning

confidence: 99%

Detecting Cyber Threats in Non-English Dark Net Markets: A Cross-Lingual Transfer Learning Approach

Ebrahimi

Surdeanu

Chen

2018

2018 IEEE International Conference on Intelligence and Security Informatics (ISI)

Self Cite

View full text Add to dashboard Cite

Recent advances in proactive cyber threat intelligence rely on early detection of cyber threats in hacker communities. Dark Net Markets (DNMs) are growing platforms in hacker community that provide hackers with highlyspecialized tools and products which may not be found in other platforms. While text classification techniques have been used for cyber threat detection in English DNMs, the task is hindered in non-English platforms due to the language barrier and lack of ground-truth data. Current approaches use monolingual models on machine translated data to overcome these challenges. However, the translation errors can deteriorate the classification results. The abundance of data in English DNMs can be leveraged in learning non-English threats without using machine translation. In this study, we show that a deep cross-lingual model that can jointly learn the common language representation from two languages, significantly outperforms a monolingual model learned on machine translated data for identifying cyber threats in non-English DNMs. Unlike most studies, our approach does not require any external data source such as bilingual word embeddings or bilingual lexicons. Our experiments on Russian DNMs show that this approach can achieve better performance than state-of-the-art methods for non-English cyber threat detection in malicious hacker community.

show abstract

Exploring Emerging Hacker Assets and Key Hackers for Proactive Cyber Threat Intelligence

Cited by 138 publications

References 19 publications

Prediction of Adversary’s TTP using Caldera

Prediction of Adversary’s TTP using Caldera

Identifying, Collecting, and Presenting Hacker Community Data: Forums, IRC, Carding Shops, and DNMs

Detecting Cyber Threats in Non-English Dark Net Markets: A Cross-Lingual Transfer Learning Approach

Contact Info

Product

Resources

About