Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence

John Grisham, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

49 Scopus citations

Abstract

Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.

Original languageEnglish (US)
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecurity and Big Data, ISI 2017
EditorsLina Zhou, G. Alan Wang, Chunxiao Xing, Bo Luo, Xiaolong Zheng, Hui Zhang
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages13-18
Number of pages6
ISBN (Electronic)9781509067275
DOIs
StatePublished - Aug 8 2017
Event15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China
Duration: Jul 22 2017Jul 24 2017

Publication series

Name2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017

Other

Other15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
Country/TerritoryChina
CityBeijing
Period7/22/177/24/17

Keywords

  • cyber threat intelligence
  • hacker forums
  • mobile malware
  • recurrent neural networks
  • social network analysis

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence'. Together they form a unique fingerprint.

Cite this