Predicting Cyber Events by Leveraging Hacker Sentiment

Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major business organizations. We consider 3 types of events: malicious software installation, malicious destination visits, and malicious emails that surpassed the target organizations' defenses. We construct predictive signals by applying sentiment analysis on hacker forum posts to better understand hacker behavior. We analyze over 400K posts generated between January 2016 and January 2018 on over 100 hacking forums both on surface and Dark Web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can outperform state-of-the-art deep learning and time-series models on forecasting cyber attacks weeks ahead of the events

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Implementation of Industry 4.0 technology: New opportunities and challenges for maintenance strategy

Abstract Industry 4.0 is revolutionizing decision-making processes within the manufacturing industry. Maintenance strategies play a crucial role to improve progressively technical performances and economical savings. The introduction of Industry 4.0 technology results in relevant innovations able to condition maintenance policies. Moreover, innovative solutions can be introduced, such as "remote maintenance" and the "self-maintenance". In this paper, we investigate the state-of-the-art of technologies in a "smart factory" with the aim to understand how Industry 4.0 technologies are affecting maintenance policies and to discuss their implication in strategies. We found important trends in maintenance policies, such as "remote maintenance" and the attractive option of the "autonomous maintenance". This study represents the first comprehensive investigation in these research themes, and it desires to produce a broader insight and knowledge of current trends and main difficulties, highlighting critical aspects and disadvantages for the implementation of innovative policies

Context-awareness for mobile sensing: a survey and future directions

The evolution of smartphones together with increasing computational power have empowered developers to create innovative context-aware applications for recognizing user related social and cognitive activities in any situation and at any location. The existence and awareness of the context provides the capability of being conscious of physical environments or situations around mobile device users. This allows network services to respond proactively and intelligently based on such awareness. The key idea behind context-aware applications is to encourage users to collect, analyze and share local sensory knowledge in the purpose for a large scale community use by creating a smart network. The desired network is capable of making autonomous logical decisions to actuate environmental objects, and also assist individuals. However, many open challenges remain, which are mostly arisen due to the middleware services provided in mobile devices have limited resources in terms of power, memory and bandwidth. Thus, it becomes critically important to study how the drawbacks can be elaborated and resolved, and at the same time better understand the opportunities for the research community to contribute to the context-awareness. To this end, this paper surveys the literature over the period of 1991-2014 from the emerging concepts to applications of context-awareness in mobile platforms by providing up-to-date research and future research directions. Moreover, it points out the challenges faced in this regard and enlighten them by proposing possible solutions

Actionable Intelligence-Oriented Cyber Threat Modeling Framework

Amid the growing challenges of cybersecurity, the new paradigm of cyber threat intelligence (or CTI) has gained momentum to better deal with cyber threats. There, however, has been one fundamental and very practical problem of information overload organizations face in constructing an effective CTI program. We developed a cyber threat intelligence prototype that automatically and dynamically performs the correlation of business assets, vulnerabilities, and cyber threat information in a scoped setting to remediate the challenge of information overload. Conveniently called TIME (for Threat Intelligence Modeling Environment), it repeats the cycle of: (1) collect internal asset data; (2) gather vulnerability and threat data; (3) correlate vulnerabilities with assets; and (4) derive CTI and alerts significant internal asset-related vulnerabilities in a timely manner. For this, it takes advantage of CTI reports produced by online sites and several NIST standards intended to formalize vulnerability and threat management

Threat Intelligence in Support of Cyber Situation Awareness

Despite technological advances in the information security field, attacks by unauthorized individuals and groups continue to penetrate defenses. Due to the rapidly changing environment of the Internet, the appearance of newly developed malicious software or attack techniques accelerates while security professionals continue in a reactive posture with limited time for identifying new threats. The problem addressed in this study was the perceived value of threat intelligence as a proactive process for information security. The purpose of this study was to explore how situation awareness is enhanced by receiving advanced intelligence reports resulting in better decision-making for proper response to security threats. Using a qualitative case study methodology a purposeful sample of 13 information security professionals were individually interviewed and the data analyzed through Nvivo 11 analytical software. The research questions addressed threat intelligence and its impact on the security analyst\u27s cognitive situation awareness. Analysis of the data collected indicated that threat intelligence may enhance the security analyst\u27s situation awareness, as supported in the general literature. In addition, this study showed that the differences in sources or the lack of an intelligence program may have a negative impact on determining the proper security response in a timely manner. The implications for positive social change include providing leaders with greater awareness through threat intelligence of ways to minimize the effects of cyber attacks, which may result in increasing business and consumer confidence in the protection of personal and confidential information