Threat Intelligence Analysis of Onion Websites Using Sublinks and Keywords

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 814)


With advances in dark web technology, cybercrimes are increasing. Onion websites are the main resources of unauthorized crime activities in the dark web. One of the main objectives of cyber threat intelligence (CTI) is to find out popular onion websites which are responsible for cybercrimes. It is imperative but cumbersome to monitor dark world and gather threat intelligence. Government and intelligence agencies manually look for hidden networks and their connections to dark world for building up threat intelligence. However, the existing onion websites use dynamic IP addresses which are difficult to trace. In this paper, we propose a Threat iNtelligence Tool (TnT) for automatic monitoring of onion websites and build up threat intelligence by predicting their popularity in the dark world. TnT is developed based on two parameters—number of sublinks and keywords—which are collected from every website. The proposed TnT is tested on a set of onion websites presently exist in the dark world. Our testing results extract the most popular onion sites which are the source of information and discussion platform about criminal activities and services in the dark web.


Threat intelligence Tor network Onion website Dark web 


  1. 1.
    Antonopoulos, A.M.: Mastering Bitcoin. O’Reilly Media, Inc., Newton (2015)Google Scholar
  2. 2.
    Barrio, P., Gravano, L.: Sampling strategies for information extraction over the deep web. Inf. Process. Manage. 53(2), 309–331 (2017). (Elsevier)CrossRefGoogle Scholar
  3. 3.
    Cox, J.: Study claims dark web sites are most commonly used for crime (February 2016). Accessed on 19 June 2017Google Scholar
  4. 4.
    Dredge, S.: What is Tor? A beginner’s guide to the privacy tool (November 2013). Accessed on 19 June 2017Google Scholar
  5. 5.
    DSB: Resilient military systems and the advanced cyber threat, January 2013. [Online] Available in Accessed on 25 Nov 2017
  6. 6.
    Fu, T., Abbasi, A., Chen, H.: A focused crawler for Dark Web forums. J. Am. Soc. Inf. Sci. Technol. 61(6), 1213–1231 (2010)Google Scholar
  7. 7.
    Ghosh, S., Porras, P., Yegneswaran, V., Nitz, K., Das, A.: ATOL: A framework for automated analysis and categorization of the Darkweb Ecosystem. In: Proceedings of the AAAI-17 Workshop on Artificial Intelligence for Cyber Security, San Fransisco, USA (February 2017)Google Scholar
  8. 8.
    Greenberg, A.: Hacker lexicon: What is the dark web? (November 2014). Accessed on 19 June 2017Google Scholar
  9. 9.
    Guitton, C.: A review of the available content on Tor hidden services: the case against further development. Comput. Hum. Behav. 29(6), 2805–2815 (2013)CrossRefGoogle Scholar
  10. 10.
    He, B., Patel, M., Zhang, Z., Chang, K.C.-C.: Accessing the Deep Web. Commun. ACM 50(5), 94–101 (2007)CrossRefGoogle Scholar
  11. 11.
    Johnson, A., Syverson, P., Dingledine, R., Mathewson, N.: Trust-based anonymous communication: adversary models and routing algorithms. In: Proceedings of the 18th ACM Conference on Computer and Communications SecurityGoogle Scholar
  12. 12.
    McMillan, R.: Definition: threat intelligence (May 2013). Accessed on 19 June 2017Google Scholar
  13. 13.
    Olston, C., Najork, M.: Web crawling. Found. Trends Inf. Retrieval 4(3), 175–246 (2010)CrossRefGoogle Scholar
  14. 14.
    Raghavan, S., Garcia-Molina, H.: Crawling the hidden web. In: Proceedings of the 27th International Conference on Very Large Data BasesGoogle Scholar
  15. 15.
    Shaikh, Z.A., Harkut, D.: An overview of network traffic classification methods. Int. J. Recent Innovation Trends Comput. Commun. 3(2), 482–488 (2015)Google Scholar
  16. 16.
    Tor. Tor: Overview (September 2002). Accessed on 19 June 2017Google Scholar
  17. 17.
    Xu, J., Chen, H.: The topology of dark networks. Commun. ACM 51(10), 58–65 (2008)CrossRefGoogle Scholar
  18. 18.
    Zulkarnine, A.T., Frank, R., Monk, B., Mitchell, J., Davies, G.: Surfacing collaborated networks in dark web to find illicit and criminal content. In: Proceedings of IEEE Conference on Intelligence and Security Informatics (ISI), pp. 109–114, Tucson, AZ, USA (2016)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Sardar Patel University of Police Security and Criminal JusticeJodhpurIndia
  2. 2.Indian Institute of TechnologyJodhpurIndia
  3. 3.IDRBT (RBI Institute)HyderabadIndia

Personalised recommendations