Advertisement

Hacker Forum Exploit and Classification for Proactive Cyber Threat Intelligence

  • Apurv Singh GautamEmail author
  • Yamini Gahlot
  • Pooja Kamat
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 98)

Abstract

The exponential growth in data and technology have brought in prospects for progressively destructive cyber-attacks. Traditional security controls are struggling to match with the intricacy of cybercriminal tools and methods, organizations are now looking for better approaches to strengthen their cyber security capabilities. Cyber Threat Intelligence (CTI) in real-time is one such proactive approach which ensures that deployed appliances, security solutions and strategies are continually evaluated or optimized. Amongst various platforms for threat intelligence, hacker forums deliver affluent metadata, and thousands of Tools, Techniques, and Procedures (TTP). This research paper employs machine learning and deep learning approach using neural networks to automatically classify hacker forum data into predefined categories and develop interactive visualizations that enables CTI practitioners to probe collected data for proactive and opportune CTI. The results from this research shows that among all the models, deep learning model RNN GRU gives the best classification results with 99.025% accuracy and 96.56% precision.

Keywords

Cyber Threat Intelligence Neural networks Hacker forums Machine learning Deep learning Text classification 

References

  1. 1.
    Deliu, I.: Extracting cyber threat intelligence from hacker forums, Master’s thesis. NTNU (2017)Google Scholar
  2. 2.
    Williams, R., Samtani, S., Patton, M., Chen, H.: Incremental hacker forum exploit collection and classification for proactive cyber threat intelligence: an exploratory study, pp. 94–99 (2018).  https://doi.org/10.1109/isi.2018.8587336
  3. 3.
    Samtani, S., Chinn, R., Chen, H., Nunamaker, J.: Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence. J. Manag. Inf. Syst. 34, 1023–1053 (2017).  https://doi.org/10.1080/07421222.2017.1394049CrossRefGoogle Scholar
  4. 4.
    Grisham, J., Samtani, S., Patton, M., Chen, H.: Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence, pp. 13–18 (2017).  https://doi.org/10.1109/isi.2017.8004867
  5. 5.
    Nunes, E., Diab, A., Gunn, A., Marin, E., Mishra, V., Paliath, V., Robertson, J., Shakarian, J., Thart, A., Shakarian, P.: DarkNet and DeepNet mining for proactive cybersecurity threat intelligence, pp. 7–12 (2016).  https://doi.org/10.1109/isi.2016.7745435
  6. 6.
    Kim, B.I., Kim, N., Lee, S., Cho, H., Park, J.: A study on a cyber threat intelligence analysis (CTI) platform for the proactive detection of cyber attacks based on automated analysis. In: 2018 International Conference on Platform Technology and Service (PlatCon), Jeju, pp. 1–6 (2018)Google Scholar
  7. 7.
    Ranade, P., Mittal, S., Joshi, A., Joshi, K.P.: Understanding multi-lingual threat intelligence for AI based cyber-defense systems. In: IEEE International Symposium on Technologies for Homeland Security, October 2018Google Scholar
  8. 8.
    Kim, D., Kim, H.K.: Automated dataset generation system for collaborative research of cyber threat intelligence analysis. CoRR, abs/1811.10050 (2018)Google Scholar
  9. 9.
    Samtani, S., Chinn, K., Larson, C., Chen, H.: AZSecure hacker assets portal: cyber threat intelligence and malware analysis. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ, pp. 19–24 (2016)Google Scholar
  10. 10.
    Li, K., Wen, H., Li, H., Zhu, H., Sun, L.: Security OSIF: toward automatic discovery and analysis of event based cyber threat intelligence. In: 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Guangzhou, pp. 741–747 (2018)Google Scholar
  11. 11.
    Goyal, P., Hossain, K.S., Deb, A., Tavabi, N., Bartley, N., Abeliuk, A., Ferrara, E., Lerman, K.: Discovering signals from web sources to predict cyber attacks. CoRR, abs/1806.03342 (2018)Google Scholar
  12. 12.
    Sapienza, A., Ernala, S.K., Bessi, A., Lerman, K., Ferrara, E.: DISCOVER: mining online chatter for emerging cyber threats. In: Companion Proceedings of the Web Conference 2018 (WWW 2018). International World Wide Web Conferences Steering Committee, pp. 983–990. Republic and Canton of Geneva, Switzerland (2018)Google Scholar
  13. 13.
    Mavroeidis, V., Jøsang, A.: Data-driven threat hunting using sysmon. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 82–88. ACM, March 2018Google Scholar
  14. 14.
    Cohen, R., Chesla, A., Medalion, S., Katz, R.: U.S. Patent Application No. 15/433,647 (2018)Google Scholar
  15. 15.
    Other Forums: AZSecure-data.org. https://www.azsecure-data.org/other-forums.html. Accessed 20 Apr 2019
  16. 16.
    Related Words - Find Words Related to Another Word. https://relatedwords.org/relatedto/cyber%20security. Accessed 20 Apr 2019
  17. 17.
    Pennington, J.: August 2014. https://nlp.stanford.edu/projects/glove/. Accessed 20 Apr 2019

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Apurv Singh Gautam
    • 1
    Email author
  • Yamini Gahlot
    • 1
  • Pooja Kamat
    • 1
  1. 1.Department of Computer Science and Information TechnologySymbiosis Institute of TechnologyPuneIndia

Personalised recommendations