Extraction of Actionable Threat Intelligence from Dark Web Data

Extraction of Actionable Threat Intelligence from Dark Web Data

연구 분야: Safety

학회: 2023 International Conference on Control, Communication and Computing (ICCC)

Darknet has emerged as an excellent platform for cybercriminals to conduct various illicit activities such as operating a fully functional crypto-currency-based marketplace or maintaining a highly anonymous communication channel. However, it also acts as a source of Cyber Threat Intelligence which is the information about the techniques, tactics, or motives of an emerging threat. The life cycle of a Darknet-based Cyber Threat Intelligence solution mainly consists of the Collection, Processing, Analysis, and Production of Data from the Darknet. The Collection and Processing stages deal with accumulating information from various dark web pages and transforming the data into some format using a big data system. The Analysis part is integral to the Threat Intelligence schema since it constitutes the extraction of named entities like Organization, Offensive Activity, Tools, etc., and the determination of relationships between these entities. The production stage is like data mining where some knowledge is extracted that can be relevant to an organization under consideration. Such knowledge can mitigate risks and disrupt any targeted cyber-attack campaigns, making Cyber Threat Intelligence actionable. In this research, an open-source-intelligence toolset is used to scan and collect data from the dark web forums through crawling and scrapping. The collected data is then ingested into a state-of-the-art NLP model that extracts actionable threat intelligence using Named Entity Recognition. The experimental results indicate that the model could identify HackerIds, tools, software, organizations, and other entities in the discussions of dark web forums with better efficiency and accuracy. This could be used to identify the source of a data leak, the release of new malware, evidence of a new exploit, and other offensive activities.