Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence

John Grisham, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.

Original languageEnglish (US)
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecurity and Big Data, ISI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages13-18
Number of pages6
ISBN (Electronic)9781509067275
DOIs
StatePublished - Aug 8 2017
Event15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China
Duration: Jul 22 2017Jul 24 2017

Other

Other15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
CountryChina
CityBeijing
Period7/22/177/24/17

    Fingerprint

Keywords

  • cyber threat intelligence
  • hacker forums
  • mobile malware
  • recurrent neural networks
  • social network analysis

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Grisham, J., Samtani, S., Patton, M., & Chen, H. (2017). Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017 (pp. 13-18). [8004867] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2017.8004867