Hacking the hackers


binary code

|

Consumers panicked in 2013 when retail giant Target suffered a data breach, putting the sensitive financial information of millions at stake. Members of the Democratic National Committee did the same in July of this year when hackers obtained access to party officials’ confidential emails.

The message was clear: No one is safe from hacking.

There are ways to defend against it but until recently the only defenses were reactive or unable to monitor more than one threat at a time. That’s all changing, thanks to a team of ASU researchers who are taking a new approach that allows them to detect a threat before it can do any damage.

The team — led by led by SchoolThe School of Computing, Informatics and Decision Systems Engineering is part of the Ira A. Fulton Schools of Engineering. of Computing, Informatics and Decision Systems Engineering assistant professor Paulo Shakarian with funding from ASU’s Global Security Initiative, Institute for Social Science Research and Office of Naval Research — will present their findings in the paper “Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence” at the Institute of Electrical and Electronics Engineers (IEEE) International Conference on Intelligence and Security Informatics this month in Tucson.

Hacking is no longer a one-man job. Today’s cyber criminals are well-connected and are able to share malicious ideas and information on forums that exist on what is known as the darknet — basically computer networks with restricted access. They’re even able to buy and sell malware on websites not indexed by search engines, collectively referred to as the deepnet.

Using a machine learning system, Shakarian and his team are able to monitor both darknet and deepnet websites for traffic related to potential hacks, giving software developers a heads-up so they know what they need to protect against. The system is currently able to monitor roughly 120 sites at once. It’s the first technology to be able to do so at such a scale, and as Shakarian reported, to allow for the identification of hackers “who have a presence on multiple sites” and “products that are duplicated on multiple sites.”

“The information we’re getting is much, much richer,” he added. “And we think that’s really the key to solving this problem. You can’t just pick one hacker site [to monitor] at random when there are so many out there. … You have to have a more comprehensive view.”

two men talking at a desk in front of a computer

ASU grad student and research associate Eric Nunes (left) and School of Computing, Informatics and Decision Systems Engineering assistant professor Paulo Shakarian hammer out the finer details of their machine learning system approach to defend against cyberattacks. Photo by Jessica Hochreiter/ASU

Their approach works by crawling both hacker marketplaces and forums for exploit-related content, then parsing out that which is related specifically to hacking threats. As student researcher Eric Nunes explained, it can be tricky.

“Most of the products posted on [those kind of sites] are not what we are looking for. They’re not hacking-related,” he said. “Most are weapons, pornography or drug-related.”

The machine learning system approach allows them to filter out that content by doing exactly what it sounds like: It learns which content to look for. It does so through a small bit of initial human content tagging. From there, the system learns what to look for and does so automatically in the future.

Nunes, whom Shakarian calls “one of our star guys,” contributed largely to the development of the system and will be receiving an award for best paper at the IEEE conference later this month for his work on cyber attribution (identifying the bad guys).

According to him, the machine learning system is almost 92 percent accurate in detecting threats on darknet markets and 80 percent accurate at detecting threats on deepnet forums.

The technology is currently licensed to IntelliSpyre Incorporated, a faculty spinout company supported by Shakarian’s Fulton Entrepreneurial Professor Award. Looking forward, he and his team will be working with about a dozen beta testers, who will be supplying their feedback on how they think they can best use it to secure their personal enterprise networks.

They also have plans to collaborate with the University of Southern California on further research into how else the technology can be used. One obvious way is by law enforcement, to track mentions of illegal sales and purchases of drugs and ammunitions.

Shakarian is excited at the prospects of the new system; it’s essentially ushering in a new era of hacking detection.

“You can be like the little Dutch boy and try to plug all the holes,” he said, “but if you know where the bad guy is going next, why not try to plug those ones first?”

Save

Save

More Science and technology

 

Students test black circular inflatable landing pad at a crater site in Flagstaff

Rocket science: Students land opportunity to create inflatable lunar pad for NASA

Sixteen Arizona State University students have landed an opportunity to participate in the 2024 Breakthrough, Innovative and Game-changing (BIG) Idea Challenge. The NASA-sponsored competition…

ImmunoShield Therapeutics founders Jessica Weaver, Orrin Sneer and Matthew Becker with Phoenix Mayor Kate Gallego at the 2024 BIO International Convention

ASU startup pioneers breakthroughs in cell therapy

Regenerative medicine harnesses the body’s inherent ability to heal itself by using cells to repair or replace damaged tissues and organs. The field is full of new possibilities for disease treatment…

Cells dividing as seen through a microscope.

The high cost of complexity

Between 1.8 billion and 800 million years ago, earthly life was in the doldrums. During this period, called the "boring billion," the complexity of life remained minimal, dominated by single-celled…