Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence

John Grisham, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.

Original languageEnglish (US)
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecurity and Big Data, ISI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages13-18
Number of pages6
ISBN (Electronic)9781509067275
DOIs
StatePublished - Aug 8 2017
Event15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China
Duration: Jul 22 2017Jul 24 2017

Other

Other15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
CountryChina
CityBeijing
Period7/22/177/24/17

Fingerprint

Recurrent neural networks
Electric network analysis
Network architecture
Application programs
Malware
Threat
Neural networks
Industry
Attack
Android (operating system)
Social network analysis
Data sources

Keywords

  • cyber threat intelligence
  • hacker forums
  • mobile malware
  • recurrent neural networks
  • social network analysis

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Grisham, J., Samtani, S., Patton, M., & Chen, H. (2017). Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017 (pp. 13-18). [8004867] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2017.8004867

Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. / Grisham, John; Samtani, Sagar; Patton, Mark; Chen, Hsinchun.

2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 13-18 8004867.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Grisham, J, Samtani, S, Patton, M & Chen, H 2017, Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. in 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017., 8004867, Institute of Electrical and Electronics Engineers Inc., pp. 13-18, 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017, Beijing, China, 7/22/17. https://doi.org/10.1109/ISI.2017.8004867
Grisham J, Samtani S, Patton M, Chen H. Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 13-18. 8004867 https://doi.org/10.1109/ISI.2017.8004867
Grisham, John ; Samtani, Sagar ; Patton, Mark ; Chen, Hsinchun. / Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence. 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 13-18
@inproceedings{7e98a17e843444698bfdb37a96658988,
title = "Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence",
abstract = "Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.",
keywords = "cyber threat intelligence, hacker forums, mobile malware, recurrent neural networks, social network analysis",
author = "John Grisham and Sagar Samtani and Mark Patton and Hsinchun Chen",
year = "2017",
month = "8",
day = "8",
doi = "10.1109/ISI.2017.8004867",
language = "English (US)",
pages = "13--18",
booktitle = "2017 IEEE International Conference on Intelligence and Security Informatics",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence

AU - Grisham, John

AU - Samtani, Sagar

AU - Patton, Mark

AU - Chen, Hsinchun

PY - 2017/8/8

Y1 - 2017/8/8

N2 - Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.

AB - Cyber-Attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-The-Art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.

KW - cyber threat intelligence

KW - hacker forums

KW - mobile malware

KW - recurrent neural networks

KW - social network analysis

UR - http://www.scopus.com/inward/record.url?scp=85030246331&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030246331&partnerID=8YFLogxK

U2 - 10.1109/ISI.2017.8004867

DO - 10.1109/ISI.2017.8004867

M3 - Conference contribution

AN - SCOPUS:85030246331

SP - 13

EP - 18

BT - 2017 IEEE International Conference on Intelligence and Security Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -