Muutke küpsiste eelistusi

Exploring Malicious Hacker Communities: Toward Proactive Cyber-Defense [Kõva köide]

(California State Polytechnic University, Pomona), , , (Arizona State University), Foreword by , (King Saud University, Saudi Arabia), (Arizona State University)
  • Formaat: Hardback, 200 pages, kõrgus x laius x paksus: 235x156x17 mm, kaal: 440 g, Worked examples or Exercises
  • Ilmumisaeg: 29-Apr-2021
  • Kirjastus: Cambridge University Press
  • ISBN-10: 1108491596
  • ISBN-13: 9781108491594
Teised raamatud teemal:
Exploring Malicious Hacker Communities: Toward Proactive Cyber-DefenseSuurem pilt
  • Formaat: Hardback, 200 pages, kõrgus x laius x paksus: 235x156x17 mm, kaal: 440 g, Worked examples or Exercises
  • Ilmumisaeg: 29-Apr-2021
  • Kirjastus: Cambridge University Press
  • ISBN-10: 1108491596
  • ISBN-13: 9781108491594
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781108491594.html
Märksõnad:
As cyber threats become ever more frequent, a proactive defense that shifts attention from the defender to the attacker environment is key to designing better attack prediction systems. This book offers models to analyze threat intelligence mined from malicious hacker communities, providing insight into the heart of the underground cyber world.

Malicious hackers utilize the World Wide Web to share knowledge. Analyzing the online communication of these threat actors can help reduce the risk of attacks. This book shifts attention from the defender environment to the attacker environment, offering a new security paradigm of 'proactive cyber threat intelligence' that allows defenders of computer networks to gain a better understanding of their adversaries by analyzing assets, capabilities, and interest of malicious hackers. The authors propose models, techniques, and frameworks based on threat intelligence mined from the heart of the underground cyber world: the malicious hacker communities. They provide insights into the hackers themselves and the groups they form dynamically in the act of exchanging ideas and techniques, buying or selling malware, and exploits. The book covers both methodology - a hybridization of machine learning, artificial intelligence, and social network analysis methods - and the resulting conclusions, detailing how a deep understanding of malicious hacker communities can be the key to designing better attack prediction systems.

Muu info

Cutting-edge models for proactive cybersecurity, applying AI, learning, and network analysis to information mined from hacker communities.
Foreword ix
Edward G. Amoroso
Preface xi
1 Introduction
1(5)
2 Background
6(9)
2.1 Introduction
6(1)
2.2 Inside Online Hacking Communities
7(8)
PART I UNDERSTANDING THE BEHAVIOR OF MALICIOUS HACKERS
15(60)
3 Mining Key-Hackers
17(26)
3.1 Introduction
17(2)
3.2 Dataset
19(1)
3.3 Leveraging Users' Reputation to Obtain Ground Truth Data
20(2)
3.4 Problem Statement
22(1)
3.5 Feature Engineering
23(10)
3.5.1 Activity
24(1)
3.5.2 Expertise
24(4)
3.5.3 Knowledge Transfer Behavior
28(2)
3.5.4 Structural Position
30(1)
3.5.5 Influence
31(1)
3.5.6 Coverage
32(1)
3.6 Supervised Learning Experiments
33(7)
3.6.1 Training and Testing
33(7)
3.7 Related Work
40(1)
3.8 Conclusion
41(2)
4 Reasoning About Hacker Engagement
43(17)
4.1 Introduction
43(2)
4.2 Dataset
45(1)
4.3 Sequential Rule Mining Task
45(4)
4.3.1 Problem Formalization
46(3)
4.4 Experiments and Results
49(9)
4.4.1 Training
49(5)
4.4.2 Testing and Performance Analysis
54(2)
4.4.3 Baseline
56(2)
4.5 Related Work
58(1)
4.6 Conclusion
59(1)
5 Uncovering Communities Of Malware And Exploit Vendors
60(15)
5.1 Introduction
60(1)
5.2 Dataset
61(1)
5.3 Methodology
62(11)
5.3.1 Creating a Bipartite Network of Vendors and Products
62(2)
5.3.2 Clustering the Products in Product Categories
64(1)
5.3.3 Splitting the Marketplaces into Two Disjoint Sets
64(2)
5.3.4 Creating Bipartite Networks of Vendors and Product Categories
66(2)
5.3.5 Projecting Bipartite Networks of Vendors and Product Categories into a Monopartite Network of Vendors
68(1)
5.3.6 Finding Communities of Vendors in Each Set of Markets
68(3)
5.3.7 Calculating the Community Overlapping between the Two Sets of Markets
71(2)
5.3.8 Significance Analysis
73(1)
5.4 Related Work
73(1)
5.5 Conclusion
74(1)
PART II PREDICTING IMMINENT CYBER-THREATS
75(114)
6 Identifying Exploits In The Wild Proactively
77(31)
6.1 Introduction
77(3)
6.2 Challenges
80(2)
6.3 Exploit Prediction Model
82(6)
6.3.1 Data Sources
83(3)
6.3.2 Feature Description
86(2)
6.4 Vulnerability and Exploit Analysis
88(4)
6.5 Experimental Setup
92(9)
6.5.1 Performance Evaluation
93(1)
6.5.2 Results
94(7)
6.6 Adversarial Data Manipulation
101(3)
6.7 Discussion
104(1)
6.8 Related Work
105(2)
6.9 Conclusion
107(1)
7 Predicting Enterprise-Targeted External Cyber-Attacks
108(19)
7.1 Introduction
108(2)
7.2 Preliminaries
110(3)
7.2.1 Syntax
110(1)
7.2.2 Semantics
111(2)
7.3 Dataset Description
113(1)
7.3.1 Online Hacker Community Infrastructure
113(1)
7.3.2 Enterprise-Relevant External Threats
113(1)
7.4 Extracting Indicators of Cyber-threats
114(1)
7.5 A Novel Logic Programming-Based Cyber-threat Prediction System
114(2)
7.5.1 Learner
115(1)
7.5.2 Predictor
115(1)
7.6 Predicting Enterprise-Targeted Attacks
116(2)
7.6.1 Experimental Settings
117(1)
7.6.2 Evaluation
118(1)
7.6.3 Results
118(1)
7.7 Technical Challenges
118(2)
7.8 An Extension to the Current Approach
120(4)
7.8.1 Extracting Entity Tags
121(1)
7.8.2 Results
122(2)
7.9 Related Work
124(2)
7.10 Conclusion
126(1)
8 Bringing Social Network Analysis To Aid In Cyber-Attack Prediction
127(36)
8.1 Introduction
127(2)
8.2 Dataset
129(4)
8.2.1 External Threats (GT)
129(1)
8.2.2 Online Hacker Forum Data
129(3)
8.2.3 CPE Groups
132(1)
8.3 Prediction Problem
133(1)
8.4 Framework for Attack Prediction
133(17)
8.4.1 Step 1: Feature Engineering
135(8)
8.4.2 Step 2: Training Models for Prediction
143(5)
8.4.3 Step 3: Attack Prediction
148(2)
8.5 Experiments and Results
150(7)
8.5.1 Parameter Settings
150(1)
8.5.2 Results
151(6)
8.6 Discussion
157(3)
8.6.1 Prediction in High-Activity Weeks
157(1)
8.6.2 Experiments with Another Security Breach Dataset
158(2)
8.7 Related Work
160(2)
8.8 Conclusions
162(1)
9 Finding At-Risk Systems Without Software Vulnerability Identifiers (Cves)
163(20)
9.1 Introduction
163(2)
9.2 System Overview
165(1)
9.3 Dataset
166(2)
9.3.1 Online Hacker Data
166(2)
9.4 Argumentation Model
168(5)
9.5 Experiments
173(6)
9.5.1 Data Representation
174(1)
9.5.2 Supervised Learning Approaches
175(1)
9.5.3 Evaluation Metrics
175(1)
9.5.4 Baseline Model (BM)
175(1)
9.5.5 Reasoning Framework (RFrame)
176(3)
9.6 Discussion
179(1)
9.7 Related Work
180(1)
9.8 Conclusion
181(2)
10 Final Considerations
183(6)
10.1 Contributions
184(2)
10.2 Future Directions
186(3)
References 189(14)
Index 203