{"title":"探索黑客资产:作为妥协指标的兴趣话题","authors":"M. Al-Ramahi, I. Alsmadi, Joshua Davenport","doi":"10.1145/3384217.3385619","DOIUrl":null,"url":null,"abstract":"The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers' territories. In this scope, we proposed a systematic approach to automatically extract \"topics of interest, ToI\" from hackers' websites. Those can eventually be used as inputs to actionable security controls or Indicators of Compromise (IOS) collectors. As a showcase, we selected the hackers' news website \"CrackingFire\". ToI can be integrated into Indicators of Compromise (IoC) and once correlated with other signs of attacks from those IoC will trigger further cybersecurity offense or defense actions. We also developed our own dark web crawler and evaluate extracting ToIs. We observed the types of challenges in both the crawling and the processing stages.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"93 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Exploring hackers assets: topics of interest as indicators of compromise\",\"authors\":\"M. Al-Ramahi, I. Alsmadi, Joshua Davenport\",\"doi\":\"10.1145/3384217.3385619\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers' territories. In this scope, we proposed a systematic approach to automatically extract \\\"topics of interest, ToI\\\" from hackers' websites. Those can eventually be used as inputs to actionable security controls or Indicators of Compromise (IOS) collectors. As a showcase, we selected the hackers' news website \\\"CrackingFire\\\". ToI can be integrated into Indicators of Compromise (IoC) and once correlated with other signs of attacks from those IoC will trigger further cybersecurity offense or defense actions. We also developed our own dark web crawler and evaluate extracting ToIs. We observed the types of challenges in both the crawling and the processing stages.\",\"PeriodicalId\":205173,\"journal\":{\"name\":\"Proceedings of the 7th Symposium on Hot Topics in the Science of Security\",\"volume\":\"93 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 7th Symposium on Hot Topics in the Science of Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3384217.3385619\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3384217.3385619","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploring hackers assets: topics of interest as indicators of compromise
The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers' territories. In this scope, we proposed a systematic approach to automatically extract "topics of interest, ToI" from hackers' websites. Those can eventually be used as inputs to actionable security controls or Indicators of Compromise (IOS) collectors. As a showcase, we selected the hackers' news website "CrackingFire". ToI can be integrated into Indicators of Compromise (IoC) and once correlated with other signs of attacks from those IoC will trigger further cybersecurity offense or defense actions. We also developed our own dark web crawler and evaluate extracting ToIs. We observed the types of challenges in both the crawling and the processing stages.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
