Automated data mining system finds 300 threats a week, say researchers

Threat intelligence is a much-bandied phrase these days, with security analysts saying CISOs need it to keep ahead of attackers. So it’s interesting to read that researchers at Arizona State University have created a system that gathers data from hacker marketplaces and forums to identify emerging cyber threats. It could add another useful weapon in the fight against threat actors.

Meanwhile a chief strategy officer at a security vendor has reminded CISOs that threat intelligence also includes looking in their own organizations for holes they are leaving open for exploitation.

First the research paper: The authors say their system — which involves a crawler, data mining and machine learning — collects on average 305 high-quality cyber threat warnings each week, including information on newly-developed malware and exploits that have not yet been deployed.  “With the use of machine learning models, we are able to recall 92 per cent of products in marketplaces and 80 per cent of discussions on forums relating to malicious hacking with high precision,” say the authors.

The system has three components: Crawlers that hunt for and retrieves HTML documents and forum discussions from darknet; a parser for each crawler that extracts specific information from marketplaces on the sale of malware/exploits and hacker forums discussing services and threats. This structured information is stored in two relational databases. The parser also communicates a list of relevant Web pages to the crawler, which are re-crawled to get time-varying data; and a classifier that uses machine learning techniques to detect relevant products.

In tests the researchers found 16 new zero-day exploits over a 4 week period, which could help CISOs decide what systems of their own to patch or replace. Researchers were also able to construct a social network of likely hackers from the data gathered on people participating in multiple malicious hacker forums or marketplaces.

The project is considered successful enough that the researchers hope to commercialize it. IT will be interesting to see who picks it up, how much the system adds to threat knowledge and how much customers will have to pay for it.

Advance warning of what’s coming is helpful to CISOs, but Adam Meyer, chief security strategist at SurfWatch Labs. reminds infosec pros in a column this week that one way to use threat intelligence is to evaluate the risks in their environments.

A threat actor could be preparing an exploit of an application the organization has, but you may not have to worry about it because you’re prepared. He suggests infosec pros think of whether an actor has the capability, opportunity and the intent to cause harm. So asking questions like does the actor have the capability to cause an event, have they been known to do it in the past, are they active in communications forums and do they have the opportunity — meaning are there vulnerabilities in your defences.

“Look at breach history in various sectors and look at your own internal incident information,” he writes. “How much was due to organizations opening the door and giving the adversary the opportunity? How much of it was due poor maintenance, poor oversight, and/or poor cyber hygiene?” Threat intelligence, he says, helps answer those questions.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now