Exploring Hackers Assets: Topics of Interest as Indicators of Compromise
The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers’ territories. In this scope, we proposed a systematic approach to automatically extract "topics of interest, ToI" from hackers’ websites. Those can eventually be used as inputs to actionable security controls or Indicators of Compromise (IOS) collectors. As a showcase, we selected the hackers' news website "CrackingFire". ToI can be integrated into Indicators of Compromise (IoC) and once correlated with other signs of attacks from those IoC will trigger further cybersecurity offense or defense actions. We also developed our own dark web crawler and evaluate extracting ToIs. We observed the types of challenges in both the crawling and the processing stages. |
Izzat Alsmadi is an Assistant Professor in the department of computing and cyber security at the Texas A&M, San Antonio. He has his master and PhD in Software Engineering from North Dakota State University in 2006 and 2008. He has more than 100 conference and journal publications. His research interests include: Cyber intelligence, Cyber security, Software security, software engineering, software testing, social networks and software defined networking. He is lead author, editor in several books including: Springer The NICE Cyber Security Framework Cyber Security Intelligence and Analytics, 2019, Practical Information Security: A Competency-Based Education Course, 2018, Information Fusion for Cyber-Security Analytics (Studies in Computational Intelligence), 2016. The author is also a member of The National Initiative for Cybersecurity Education (NICE) group, which meets frequently to discuss enhancements on cyber security education at the national level.