Predicting Cyber Threats through Hacker Social Networks in Darkweb and Deepweb Forums

We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.

[1]  Christopher L. Smith,et al.  Predicting Exploitation of Disclosed Software Vulnerabilities Using Open-source Data , 2017, IWSPA@CODASPY.

[2]  Jason R. C. Nurse,et al.  Extracting Social Structure from DarkWeb Forums , 2015 .

[3]  Alan Said,et al.  Predicting Cyber Vulnerability Exploits with Machine Learning , 2015, Scandinavian Conference on AI.

[4]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[5]  Stefan Savage,et al.  An analysis of underground forums , 2011, IMC '11.

[6]  Christos Faloutsos,et al.  Fraud Detection through Graph-Based User Behavior Modeling , 2015, CCS.

[7]  Tudor Dumitras,et al.  Some Vulnerabilities Are Different Than Others - Studying Vulnerabilities and Attack Surfaces in the Wild , 2014, RAID.

[8]  Alan Said,et al.  Predicting Vulnerability Exploits in the Wild , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[9]  Paulo Shakarian,et al.  Exploring Malicious Hacker Forums , 2016, Cyber Deception.

[10]  Fabio Massacci,et al.  Comparing Vulnerability Severity and Exploits Using Case-Control Studies , 2014, TSEC.

[11]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[12]  Hsinchun Chen,et al.  Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops , 2015, 2015 IEEE International Conference on Intelligence and Security Informatics (ISI).

[13]  Jason R. C. Nurse,et al.  Identifying Key-Players in Online Activist Groups on the Facebook Social Network , 2015, 2015 IEEE International Conference on Data Mining Workshop (ICDMW).

[14]  Reza Zafarani,et al.  Social Media Mining: An Introduction , 2014 .

[15]  Ahmad Diab,et al.  Darkweb Cyber Threat Intelligence Mining , 2017 .

[16]  Thomas J. Holt,et al.  Examining the social networks of malware writers and hackers , 2012 .

[17]  Hsinchun Chen,et al.  Exploring hacker assets in underground forums , 2015, 2015 IEEE International Conference on Intelligence and Security Informatics (ISI).

[18]  Tudor Dumitras,et al.  Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits , 2015, USENIX Security Symposium.

[19]  Ahmad Diab,et al.  Darknet and deepnet mining for proactive cybersecurity threat intelligence , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).