Predicting Cyber Events by Leveraging Hacker Sentiment

Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major business organizations. We consider 3 types of events: malicious software installation, malicious destination visits, and malicious emails that surpassed the target organizations' defenses. We construct predictive signals by applying sentiment analysis on hacker forum posts to better understand hacker behavior. We analyze over 400K posts generated between January 2016 and January 2018 on over 100 hacking forums both on surface and Dark Web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can outperform state-of-the-art deep learning and time-series models on forecasting cyber attacks weeks ahead of the events

Cyber Threat Observatory: Design and Evaluation of an Interactive Dashboard for Computer Emergency Response Teams

Computer emergency response teams (CERTs) of the public sector provide preventive and reactive cybersecurity services for authorities, citizens, and enterprises. However, their tasks of monitoring, analyzing, and communicating threats to establish cyber situational awareness are getting more complex due to the increasing information volume disseminated through public channels. Besides the time-consuming data collection for incident handling and daily reporting, CERTs are often confronted with irrelevant, redundant, or incredible information, exacerbating the time-critical prevention of and response to cyber threats. Thus, this design science research paper presents the user-centered design and evaluation of the Cyber Threat Observatory, which is an automatic, cross-platform and real-time cybersecurity dashboard. Based on expert scenario-based walkthroughs and semi-structured interviews (N=12), it discusses six design implications, including customizability and filtering, data source modularity, cross-platform interrelations, content assessment algorithms, integration with existing software, as well as export and communication capabilities

Кибербезопасность в образовательных сетях

The paper discusses the possible impact of digital space on a human, as well as human-related directions in cyber-security analysis in the education: levels of cyber-security, social engineering role in cyber-security of education, “cognitive vaccination”. “A Human” is considered in general meaning, mainly as a learner. The analysis is provided on the basis of experience of hybrid war in Ukraine that have demonstrated the change of the target of military operations from military personnel and critical infrastructure to a human in general. Young people are the vulnerable group that can be the main goal of cognitive operations in long-term perspective, and they are the weakest link of the System.У статті обговорюється можливий вплив цифрового простору на людину, а також пов'язані з людиною напрямки кібербезпеки в освіті: рівні кібербезпеки, роль соціального інжинірингу в кібербезпеці освіти, «когнітивна вакцинація». «Людина» розглядається в загальному значенні, головним чином як та, що навчається. Аналіз надається на основі досвіду гібридної війни в Україні, яка продемонструвала зміну цілей військових операцій з військовослужбовців та критичної інфраструктури на людину загалом. Молодь - це вразлива група, яка може бути основною метою таких операцій в довгостроковій перспективі, і вони є найслабшою ланкою системи.В документе обсуждается возможное влияние цифрового пространства на человека, а также связанные с ним направления в анализе кибербезопасности в образовании: уровни кибербезопасности, роль социальной инженерии в кибербезопасности образования, «когнитивная вакцинация». «Человек» рассматривается в общем смысле, в основном как ученик. Анализ представлен на основе опыта гибридной войны в Украине, которая продемонстрировала изменение цели военных действий с военного персонала и критической инфраструктуры на человека в целом. Молодые люди являются уязвимой группой, которая может быть главной целью когнитивных операций в долгосрочной перспективе, и они являются самым слабым звеном Систем

Improving Cyber Situational Awareness via Data mining and Predictive Analytic Techniques

As cyber-attacks have become more common in everyday life, there is a need for maintaining and improving cyber security standards in any business or industry. Cyber Situational Awareness (CSA) is a broad strategy which can be adopted by any business or government to tackle cyber-attacks and incidents. CSA is based on current and past incidents, elements and actors in any system. Managers and decision makers need to monitor their systems constantly to understand ongoing events and changes which it can lead to predict future incidents. Prediction of future cyber incidents then can guide cyber managers to be prepared against future cyber threats and breaches. This research aims to improve cyber situational awareness by developing a framework based on data mining techniques specifically classification methods known as predictive approaches and Open Source Intelligence (OSINT). OSINT is another important element in this research because not only it is accessible publicly but also it is cost effective and research friendly. This research highlights the importance of understanding past and current CSA, which it can lead to more preparation against future cyber threats, and cyber security experts can use the developed framework with other different methods and provide a comprehensive strategy to improve cyber security and safety

SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization

Identity crimes in the UK: An examination of the strategies employed by front-line practitioners in the public and private sector to detect, prevent and mitigate against this crime

Identity related crimes are becoming increasingly prevalent in modern society. It is a crime type that concerns and impacts governments, private institutions and consumers worldwide. The aim of this research was to provide a better insight into how this crime is perceived by government and commercial institutions in the UK (including their views on offenders and victims), to review the processes employed by the public and private sector to assess risk and develop mitigation and prevention strategies and, in doing so, to discover how the most prominent criminological theories contribute to these efforts. Its final aim was to examine the current state and effectiveness of the collaborations and partnerships which have been developed across the public/private sector spectrum to understand and combat this crime. The methodology employed to undertake this research was based on conducting interviews with the key identity fraud and crime practitioners within major public and private organisations. Qualitative research was used in order to generate as much information as possible to form ideas. In addition, documents were also examined to complement the data collected from interviews. The researcher, due to previous employment within the UK financial sector dealing payment fraud, was ideally placed to access, and generate participation across government, law enforcement and other commercial organisations. The study highlights the current thinking and approaches by front-line identity crime prevention practitioners in defining, perceiving, measuring, policing, detecting, preventing and mitigating identity crime. It also highlights how heavily existing situational crime prevention techniques are being used to combat this issue and how they are complemented by partnership approaches and, most importantly, data-sharing which is widely accepted by practitioners as being a vitally effective tool in dealing with this issue. Problems exist in the majority of these areas with the central concern being the lack of leadership from the government in taking ownership of this insidious and escalating crime type which creates commercial and individual victims but also significantly, enables serious crimes such as human and drug trafficking and terrorism. Equally pressing is the need for the commercial sector, instead of treating identity crime as a phenomenon to be denied or ignored (or as one which needs to be accepted as a cost of doing business) to improve data sharing, strengthen its defences and review its approach to the treatment and support of victims