TY - GEN
T1 - Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence
AU - Grisham, John
AU - Samtani, Sagar
AU - Patton, Mark
AU - Chen, Hsinchun
N1 - Funding Information:
ACKNOWLEDGMENTS This material is based upon work supported by the National Science Foundation under Grant No. NSF DUE-1303362 (SFS).
Publisher Copyright:
© 2017 IEEE.
PY - 2017/8/8
Y1 - 2017/8/8
N2 - Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.
AB - Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.
KW - cyber threat intelligence
KW - hacker forums
KW - mobile malware
KW - recurrent neural networks
KW - social network analysis
UR - http://www.scopus.com/inward/record.url?scp=85030246331&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030246331&partnerID=8YFLogxK
U2 - 10.1109/ISI.2017.8004867
DO - 10.1109/ISI.2017.8004867
M3 - Conference contribution
AN - SCOPUS:85030246331
T3 - 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017
SP - 13
EP - 18
BT - 2017 IEEE International Conference on Intelligence and Security Informatics
A2 - Zhou, Lina
A2 - Wang, G. Alan
A2 - Xing, Chunxiao
A2 - Luo, Bo
A2 - Zheng, Xiaolong
A2 - Zhang, Hui
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
Y2 - 22 July 2017 through 24 July 2017
ER -