ASU prof leads team of researchers in effort to stem cyberattacks
Consumers panicked in 2013 when retail giant Target suffered a data breach, putting the sensitive financial information of millions at stake. Members of the Democratic National Committee did the same in July of this year when hackers obtained access to party officials’ confidential emails.
The message was clear: No one is safe from hacking.
There are ways to defend against it but until recently the only defenses were reactive or unable to monitor more than one threat at a time. That’s all changing, thanks to a team of ASU researchers who are taking a new approach that allows them to detect a threat before it can do any damage.
The team — led by led by SchoolThe School of Computing, Informatics and Decision Systems Engineering is part of the Ira A. Fulton Schools of Engineering. of Computing, Informatics and Decision Systems Engineering assistant professor Paulo Shakarian with funding from ASU’s Global Security Initiative, Institute for Social Science Research and Office of Naval Research — will present their findings in the paper “Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence” at the Institute of Electrical and Electronics Engineers (IEEE) International Conference on Intelligence and Security Informatics this month in Tucson.
Hacking is no longer a one-man job. Today’s cyber criminals are well-connected and are able to share malicious ideas and information on forums that exist on what is known as the darknet — basically computer networks with restricted access. They’re even able to buy and sell malware on websites not indexed by search engines, collectively referred to as the deepnet.
Using a machine learning system, Shakarian and his team are able to monitor both darknet and deepnet websites for traffic related to potential hacks, giving software developers a heads-up so they know what they need to protect against. The system is currently able to monitor roughly 120 sites at once. It’s the first technology to be able to do so at such a scale, and as Shakarian reported, to allow for the identification of hackers “who have a presence on multiple sites” and “products that are duplicated on multiple sites.”
“The information we’re getting is much, much richer,” he added. “And we think that’s really the key to solving this problem. You can’t just pick one hacker site [to monitor] at random when there are so many out there. … You have to have a more comprehensive view.”
Their approach works by crawling both hacker marketplaces and forums for exploit-related content, then parsing out that which is related specifically to hacking threats. As student researcher Eric Nunes explained, it can be tricky.
“Most of the products posted on [those kind of sites] are not what we are looking for. They’re not hacking-related,” he said. “Most are weapons, pornography or drug-related.”
The machine learning system approach allows them to filter out that content by doing exactly what it sounds like: It learns which content to look for. It does so through a small bit of initial human content tagging. From there, the system learns what to look for and does so automatically in the future.
Nunes, whom Shakarian calls “one of our star guys,” contributed largely to the development of the system and will be receiving an award for best paper at the IEEE conference later this month for his work on cyber attribution (identifying the bad guys).
According to him, the machine learning system is almost 92 percent accurate in detecting threats on darknet markets and 80 percent accurate at detecting threats on deepnet forums.
The technology is currently licensed to IntelliSpyre Incorporated, a faculty spinout company supported by Shakarian’s Fulton Entrepreneurial Professor Award. Looking forward, he and his team will be working with about a dozen beta testers, who will be supplying their feedback on how they think they can best use it to secure their personal enterprise networks.
They also have plans to collaborate with the University of Southern California on further research into how else the technology can be used. One obvious way is by law enforcement, to track mentions of illegal sales and purchases of drugs and ammunitions.
Shakarian is excited at the prospects of the new system; it’s essentially ushering in a new era of hacking detection.
“You can be like the little Dutch boy and try to plug all the holes,” he said, “but if you know where the bad guy is going next, why not try to plug those ones first?”