Skip to main content

Threat Intelligence Analysis of Onion Websites Using Sublinks and Keywords

  • 866 Accesses

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 814)

Abstract

With advances in dark web technology, cybercrimes are increasing. Onion websites are the main resources of unauthorized crime activities in the dark web. One of the main objectives of cyber threat intelligence (CTI) is to find out popular onion websites which are responsible for cybercrimes. It is imperative but cumbersome to monitor dark world and gather threat intelligence. Government and intelligence agencies manually look for hidden networks and their connections to dark world for building up threat intelligence. However, the existing onion websites use dynamic IP addresses which are difficult to trace. In this paper, we propose a Threat iNtelligence Tool (TnT) for automatic monitoring of onion websites and build up threat intelligence by predicting their popularity in the dark world. TnT is developed based on two parameters—number of sublinks and keywords—which are collected from every website. The proposed TnT is tested on a set of onion websites presently exist in the dark world. Our testing results extract the most popular onion sites which are the source of information and discussion platform about criminal activities and services in the dark web.

Keywords

  • Threat intelligence
  • Tor network
  • Onion website
  • Dark web

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-981-13-1501-5_50
  • Chapter length: 12 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   229.00
Price excludes VAT (USA)
  • ISBN: 978-981-13-1501-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   299.99
Price excludes VAT (USA)
Fig. 1
Fig. 2

References

  1. Antonopoulos, A.M.: Mastering Bitcoin. O’Reilly Media, Inc., Newton (2015)

    Google Scholar 

  2. Barrio, P., Gravano, L.: Sampling strategies for information extraction over the deep web. Inf. Process. Manage. 53(2), 309–331 (2017). (Elsevier)

    CrossRef  Google Scholar 

  3. Cox, J.: Study claims dark web sites are most commonly used for crime (February 2016). Accessed on 19 June 2017

    Google Scholar 

  4. Dredge, S.: What is Tor? A beginner’s guide to the privacy tool (November 2013). Accessed on 19 June 2017

    Google Scholar 

  5. DSB: Resilient military systems and the advanced cyber threat, January 2013. [Online] Available in http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-081.pdf. Accessed on 25 Nov 2017

  6. Fu, T., Abbasi, A., Chen, H.: A focused crawler for Dark Web forums. J. Am. Soc. Inf. Sci. Technol. 61(6), 1213–1231 (2010)

    Google Scholar 

  7. Ghosh, S., Porras, P., Yegneswaran, V., Nitz, K., Das, A.: ATOL: A framework for automated analysis and categorization of the Darkweb Ecosystem. In: Proceedings of the AAAI-17 Workshop on Artificial Intelligence for Cyber Security, San Fransisco, USA (February 2017)

    Google Scholar 

  8. Greenberg, A.: Hacker lexicon: What is the dark web? (November 2014). Accessed on 19 June 2017

    Google Scholar 

  9. Guitton, C.: A review of the available content on Tor hidden services: the case against further development. Comput. Hum. Behav. 29(6), 2805–2815 (2013)

    CrossRef  Google Scholar 

  10. He, B., Patel, M., Zhang, Z., Chang, K.C.-C.: Accessing the Deep Web. Commun. ACM 50(5), 94–101 (2007)

    CrossRef  Google Scholar 

  11. Johnson, A., Syverson, P., Dingledine, R., Mathewson, N.: Trust-based anonymous communication: adversary models and routing algorithms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security

    Google Scholar 

  12. McMillan, R.: Definition: threat intelligence (May 2013). Accessed on 19 June 2017

    Google Scholar 

  13. Olston, C., Najork, M.: Web crawling. Found. Trends Inf. Retrieval 4(3), 175–246 (2010)

    CrossRef  Google Scholar 

  14. Raghavan, S., Garcia-Molina, H.: Crawling the hidden web. In: Proceedings of the 27th International Conference on Very Large Data Bases

    Google Scholar 

  15. Shaikh, Z.A., Harkut, D.: An overview of network traffic classification methods. Int. J. Recent Innovation Trends Comput. Commun. 3(2), 482–488 (2015)

    Google Scholar 

  16. Tor. Tor: Overview (September 2002). Accessed on 19 June 2017

    Google Scholar 

  17. Xu, J., Chen, H.: The topology of dark networks. Commun. ACM 51(10), 58–65 (2008)

    CrossRef  Google Scholar 

  18. Zulkarnine, A.T., Frank, R., Monk, B., Mitchell, J., Davies, G.: Surfacing collaborated networks in dark web to find illicit and criminal content. In: Proceedings of IEEE Conference on Intelligence and Security Informatics (ISI), pp. 109–114, Tucson, AZ, USA (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Manas Khatua .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Trivedi, T., Parihar, V., Khatua, M., Mehtre, B.M. (2019). Threat Intelligence Analysis of Onion Websites Using Sublinks and Keywords. In: Abraham, A., Dutta, P., Mandal, J., Bhattacharya, A., Dutta, S. (eds) Emerging Technologies in Data Mining and Information Security. Advances in Intelligent Systems and Computing, vol 814. Springer, Singapore. https://doi.org/10.1007/978-981-13-1501-5_50

Download citation