DARKMENTION: A Deployed System to Predict Enterprise-Targeted External Cyberattacks

10/30/2018
by   Mohammed Almukaynizi, et al.
10

Recent incidents of data breaches call for organizations to proactively identify cyber attacks on their systems. Darkweb/Deepweb (D2web) forums and marketplaces provide environments where hackers anonymously discuss existing vulnerabilities and commercialize malicious software to exploit those vulnerabilities. These platforms offer security practitioners a threat intelligence environment that allows to mine for patterns related to organization-targeted cyber attacks. In this paper, we describe a system (called DARKMENTION) that learns association rules correlating indicators of attacks from D2web to real-world cyber incidents. Using the learned rules, DARKMENTION generates and submits warnings to a Security Operations Center (SOC) prior to attacks. Our goal was to design a system that automatically generates enterprise-targeted warnings that are timely, actionable, accurate, and transparent. We show that DARKMENTION meets our goal. In particular, we show that it outperforms baseline systems that attempt to generate warnings of cyber attacks related to two enterprises with an average increase in F1 score of about 45 larger system that is built under a contract with the IARPA Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. It is actively producing warnings that precede attacks by an average of 3 days.

READ FULL TEXT

page 1

page 2

page 3

page 4

page 5

page 6

research
04/06/2020

Challenges in Forecasting Malicious Events from Incomplete Data

The ability to accurately predict cyber-attacks would enable organizatio...
research
09/24/2019

Mining user interaction patterns in the darkweb to predict enterprise cyber incidents

With rise in security breaches over the past few years, there has been a...
research
08/03/2021

Linking Common Vulnerabilities and Exposures to the MITRE ATT CK Framework: A Self-Distillation Approach

Due to the ever-increasing threat of cyber-attacks to critical cyber inf...
research
09/18/2023

Modulation to the Rescue: Identifying Sub-Circuitry in the Transistor Morass for Targeted Analysis

Physical attacks form one of the most severe threats against secure comp...
research
04/07/2023

SCART: Simulation of Cyber Attacks for Real-Time

Real-Time systems are often implemented as reactive systems that respond...
research
03/15/2022

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

A wide variety of Cyber Threat Information (CTI) is used by Security Ope...
research
06/10/2020

Evaluating the Exploitability of Implicit Interactions in Distributed Systems

Implicit interactions refer to those interactions among the components o...

Please sign up or login with your details

Forgot password? Click here to reset