Extração e Análise de Indicadores de Comprometimento (IoCs) em Fóruns da Dark Web
Resumo
Com o aumento e sofisticação dos ataques aos sistemas de informação, torna-se essencial extrair inteligência de ameaças cibernéticas. Nesse sentido, os Indicadores de Comprometimento (IoCs), que consistem em sinais capazes de identificar atividades maliciosas em sistemas computacionais, merecem atenção. O presente trabalho dedica-se à extração e análise de IoCs em fóruns da Dark Web, com o objetivo de fornecer informações relevantes à segurança da informação. Os resultados encontrados indicam uma incidência de IoCs superior a 26%, sendo a maioria URLs. Além disso, constatou-se que os posts das categorias relacionadas à computação possuem quase o dobro de IoCs em comparação com outras categorias.
Referências
Akhgar, B., Gercke, M., Vrochidis, S., and Gibson, H. (2021). Dark Web Investigation. Springer.
Al-Ramahi, M., Alsmadi, I., and Davenport, J. (2020). Exploring hackers assets: topics of interest as indicators of compromise. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security, pages 1–4.
Asiri, M., Saxena, N., Gjomemo, R., and Burnap, P. (2023). Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective. ACM transactions on cyber-physical systems.
Basheer, R. and Alkhatib, B. (2021). Threats from the dark: a review over dark web investigation research for cyber threat intelligence. Journal of Computer Networks and Communications, 2021:1–21.
Bradbury, D. (2014). Unveiling the dark web. Network security, 2014(4):14–17.
Brooks, C. (2021). Alarming cybersecurity stats: What you need to know for 2021. [link]. Accessed: 2022-1-20.
Caballero, J., Gomez, G., Matic, S., Sánchez, G., Sebastián, S., and Villacañas, A. (2023). The rise of goodfatr: A novel accuracy comparison methodology for indicator extraction tools. Future Generation Computer Systems, 144:74–89.
Cubrilovic, N. (2018). Rockyou hack: From bad to worse. dec. 2009. URl: [link].
Dong, F., Yuan, S., Ou, H., and Liu, L. (2018). New cyber threat discovery from darknet marketplaces. In 2018 IEEE Conference on Big Data and Analytics (ICBDA), pages 62–67. IEEE.
Hightower, F. (2017). Observable finder, 2017. URL [link].
Jo, H., Lee, Y., and Shin, S. (2022). Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text. Computers & Security, 120:102763.
Niakanlahiji, A., Safarnejad, L., Harper, R., and Chu, B.-T. (2019). Iocminer: Automatic extraction of indicators of compromise from twitter. In 2019 IEEE International Conference on Big Data (Big Data), pages 4747–4754. IEEE.
Olhar Digital (2021). ANPD abre investigação de vazamento de dados de quase todos os brasileiros. [link]. Accessed: 2022-1-20.
Saleem, J., Islam, R., and Kabir, M. A. (2022). The anonymity of the dark web: A survey. IEEE Access, 10:33628–33660.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., and Ferrara, E. (2017). Early warnings of cyber threats in online discussions. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pages 667–674. IEEE.
Sarkar, S., Almukaynizi, M., Shakarian, J., and Shakarian, P. (2019). Predicting enterprise cyber incidents using social network analysis on dark web hacker forums. The Cyber Defense Review, pages 87–102.
Zhang, P., Ya, J., Liu, T., Li, Q., Shi, J., and Gu, Z. (2019). imcircle: Automatic mining of indicators of compromise from the web. In 2019 IEEE Symposium on Computers and Communications (ISCC), pages 1–6. IEEE.
Al-Ramahi, M., Alsmadi, I., and Davenport, J. (2020). Exploring hackers assets: topics of interest as indicators of compromise. In Proceedings of the 7th Symposium on Hot Topics in the Science of Security, pages 1–4.
Asiri, M., Saxena, N., Gjomemo, R., and Burnap, P. (2023). Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective. ACM transactions on cyber-physical systems.
Basheer, R. and Alkhatib, B. (2021). Threats from the dark: a review over dark web investigation research for cyber threat intelligence. Journal of Computer Networks and Communications, 2021:1–21.
Bradbury, D. (2014). Unveiling the dark web. Network security, 2014(4):14–17.
Brooks, C. (2021). Alarming cybersecurity stats: What you need to know for 2021. [link]. Accessed: 2022-1-20.
Caballero, J., Gomez, G., Matic, S., Sánchez, G., Sebastián, S., and Villacañas, A. (2023). The rise of goodfatr: A novel accuracy comparison methodology for indicator extraction tools. Future Generation Computer Systems, 144:74–89.
Cubrilovic, N. (2018). Rockyou hack: From bad to worse. dec. 2009. URl: [link].
Dong, F., Yuan, S., Ou, H., and Liu, L. (2018). New cyber threat discovery from darknet marketplaces. In 2018 IEEE Conference on Big Data and Analytics (ICBDA), pages 62–67. IEEE.
Hightower, F. (2017). Observable finder, 2017. URL [link].
Jo, H., Lee, Y., and Shin, S. (2022). Vulcan: Automatic extraction and analysis of cyber threat intelligence from unstructured text. Computers & Security, 120:102763.
Niakanlahiji, A., Safarnejad, L., Harper, R., and Chu, B.-T. (2019). Iocminer: Automatic extraction of indicators of compromise from twitter. In 2019 IEEE International Conference on Big Data (Big Data), pages 4747–4754. IEEE.
Olhar Digital (2021). ANPD abre investigação de vazamento de dados de quase todos os brasileiros. [link]. Accessed: 2022-1-20.
Saleem, J., Islam, R., and Kabir, M. A. (2022). The anonymity of the dark web: A survey. IEEE Access, 10:33628–33660.
Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., and Ferrara, E. (2017). Early warnings of cyber threats in online discussions. In 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pages 667–674. IEEE.
Sarkar, S., Almukaynizi, M., Shakarian, J., and Shakarian, P. (2019). Predicting enterprise cyber incidents using social network analysis on dark web hacker forums. The Cyber Defense Review, pages 87–102.
Zhang, P., Ya, J., Liu, T., Li, Q., Shi, J., and Gu, Z. (2019). imcircle: Automatic mining of indicators of compromise from the web. In 2019 IEEE Symposium on Computers and Communications (ISCC), pages 1–6. IEEE.
Publicado
18/09/2023
Como Citar
JESUS FILHO, Sebastião Alves de; GABRIEL, Paulo Henrique Ribeiro; MIANI, Rodrigo Sanches.
Extração e Análise de Indicadores de Comprometimento (IoCs) em Fóruns da Dark Web. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 349-362.
DOI: https://doi.org/10.5753/sbseg.2023.233067.
