Extração e Análise de Indicadores de Comprometimento (IoCs) em Fóruns da Dark Web
Abstract
With the increase and sophistication of attacks on information systems, it becomes essential to extract cyber threat intelligence. In this regard, Indicators of Compromise (IoCs), which consist of signals capable of identifying malicious activities in computer systems, deserve attention. This work is dedicated to the extraction and analysis of IoCs in Dark Web forums, aiming to provide relevant information for information security. The results indicate an incidence of IoCs above 26%, with the majority being URLs. Furthermore, it was found that posts in computer-related categories have almost twice the number of IoCs compared to other categories.
References
Akhgar, B., Gercke, M., Vrochidis, S., and Gibson, H. (2021). Dark Web Investigation. Springer.
Al-Ramahi, M., Alsmadi, I., and Davenport, J. (2020). Exploring hackers assets: topics of interest as indicators of compromise. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security, pages 1–4.
Asiri, M., Saxena, N., Gjomemo, R., and Burnap, P. (2023). Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective. ACM transactions on cyber-physical systems.
Basheer, R. and Alkhatib, B. (2021). Threats from the dark: a review over dark web investigation research for cyber threat intelligence. Journal of Computer Networks and Communications, 2021:1–21.
Bradbury, D. (2014). Unveiling the dark web. Network security, 2014(4):14–17.
Brooks, C. (2021). Alarming cybersecurity stats: What you need to know for 2021. [link]. Accessed: 2022-1-20.
Caballero, J., Gomez, G., Matic, S., Sánchez, G., Sebastián, S., and Villacañas, A. (2023). The rise of goodfatr: A novel accuracy comparison methodology for indicator extraction tools. Future Generation Computer Systems, 144:74–89.
Cubrilovic, N. (2018). Rockyou hack: From bad to worse. dec. 2009. URl: [link].
Dong, F., Yuan, S., Ou, H., and Liu, L. (2018). New cyber threat discovery from darknet marketplaces. In 2018 IEEE Conference on Big Data and Analytics (ICBDA), pages 62–67. IEEE.
Hightower, F. (2017). Observable finder, 2017. URL [link].
Jo, H., Lee, Y., and Shin, S. (2022). Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text. Computers & Security, 120:102763.
Niakanlahiji, A., Safarnejad, L., Harper, R., and Chu, B.-T. (2019). Iocminer: Automatic extraction of indicators of compromise from twitter. In 2019 IEEE International Conference on Big Data (Big Data), pages 4747–4754. IEEE.
Olhar Digital (2021). ANPD abre investigação de vazamento de dados de quase todos os brasileiros. [link]. Accessed: 2022-1-20.
Saleem, J., Islam, R., and Kabir, M. A. (2022). The anonymity of the dark web: A survey. IEEE Access, 10:33628–33660.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., and Ferrara, E. (2017). Early warnings of cyber threats in online discussions. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pages 667–674. IEEE.
Sarkar, S., Almukaynizi, M., Shakarian, J., and Shakarian, P. (2019). Predicting enterprise cyber incidents using social network analysis on dark web hacker forums. The Cyber Defense Review, pages 87–102.
Zhang, P., Ya, J., Liu, T., Li, Q., Shi, J., and Gu, Z. (2019). imcircle: Automatic mining of indicators of compromise from the web. In 2019 IEEE Symposium on Computers and Communications (ISCC), pages 1–6. IEEE.
Al-Ramahi, M., Alsmadi, I., and Davenport, J. (2020). Exploring hackers assets: topics of interest as indicators of compromise. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security, pages 1–4.
Asiri, M., Saxena, N., Gjomemo, R., and Burnap, P. (2023). Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective. ACM transactions on cyber-physical systems.
Basheer, R. and Alkhatib, B. (2021). Threats from the dark: a review over dark web investigation research for cyber threat intelligence. Journal of Computer Networks and Communications, 2021:1–21.
Bradbury, D. (2014). Unveiling the dark web. Network security, 2014(4):14–17.
Brooks, C. (2021). Alarming cybersecurity stats: What you need to know for 2021. [link]. Accessed: 2022-1-20.
Caballero, J., Gomez, G., Matic, S., Sánchez, G., Sebastián, S., and Villacañas, A. (2023). The rise of goodfatr: A novel accuracy comparison methodology for indicator extraction tools. Future Generation Computer Systems, 144:74–89.
Cubrilovic, N. (2018). Rockyou hack: From bad to worse. dec. 2009. URl: [link].
Dong, F., Yuan, S., Ou, H., and Liu, L. (2018). New cyber threat discovery from darknet marketplaces. In 2018 IEEE Conference on Big Data and Analytics (ICBDA), pages 62–67. IEEE.
Hightower, F. (2017). Observable finder, 2017. URL [link].
Jo, H., Lee, Y., and Shin, S. (2022). Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text. Computers & Security, 120:102763.
Niakanlahiji, A., Safarnejad, L., Harper, R., and Chu, B.-T. (2019). Iocminer: Automatic extraction of indicators of compromise from twitter. In 2019 IEEE International Conference on Big Data (Big Data), pages 4747–4754. IEEE.
Olhar Digital (2021). ANPD abre investigação de vazamento de dados de quase todos os brasileiros. [link]. Accessed: 2022-1-20.
Saleem, J., Islam, R., and Kabir, M. A. (2022). The anonymity of the dark web: A survey. IEEE Access, 10:33628–33660.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., and Ferrara, E. (2017). Early warnings of cyber threats in online discussions. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pages 667–674. IEEE.
Sarkar, S., Almukaynizi, M., Shakarian, J., and Shakarian, P. (2019). Predicting enterprise cyber incidents using social network analysis on dark web hacker forums. The Cyber Defense Review, pages 87–102.
Zhang, P., Ya, J., Liu, T., Li, Q., Shi, J., and Gu, Z. (2019). imcircle: Automatic mining of indicators of compromise from the web. In 2019 IEEE Symposium on Computers and Communications (ISCC), pages 1–6. IEEE.
Published
2023-09-18
How to Cite
JESUS FILHO, Sebastião Alves de; GABRIEL, Paulo Henrique Ribeiro; MIANI, Rodrigo Sanches.
Extração e Análise de Indicadores de Comprometimento (IoCs) em Fóruns da Dark Web. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 349-362.
DOI: https://doi.org/10.5753/sbseg.2023.233067.
