Developing Proactive Cyber Threat Intelligence from the Online Hacker Community: A Computational Design Science Approach
Author
Samtani, SagarIssue Date
2018Keywords
cybersecuritycyber threat intelligence
deep learning
design science
graph convolutional networks
hacker community
Advisor
Chen, Hsinchun
Metadata
Show full item recordPublisher
The University of Arizona.Rights
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction, presentation (such as public display or performance) of protected items is prohibited except with permission of the author.Abstract
The proliferation of information systems (IS) has afforded modern society with unprecedented benefits. Unfortunately, malicious hackers often exploit these technologies for cyberwarfare, hacktivism, espionage, or financial purposes, costing the global economy over $450 billion annually. To combat this issue, many organizations develop Cyber Threat Intelligence, or knowledge about key hackers and emerging threats. Despite CTI’s value experts note that existing approaches are reactive in nature. Thus, cyber-attacks remain on an unfortunate uptick. CTI experts have suggested studying the international and ever-evolving online hacker community to address these concerns. However, online hacker community platforms, specifically forums, contain tens of thousands of unstructured, un-sanitized text records. Existing CTI analytics and behavioral and economic methodologies employed in extant IS cybersecurity inquiries were not designed for such data characteristics. This dissertation presents four essays that adopt the design science approach to develop a series of novel CTI computational IT artifacts to solve a salient CTI issues. Essay I sets the foundation by developing a novel data and text mining framework to automatically extract and categorize malicious hacker exploits. Essay II expands upon this by automatically linking exploits and vulnerabilities detected by modern vulnerability scanners with a novel algorithm, the Exploit-Vulnerability Deep Structured Semantic Model. Essay III leverages graph convolutional networks and autoencoders to develop a novel deep learning architecture to identify the hackers and communities. Essay IV extends the model presented in essay III to identify emerging hacker exploits. Beyond the practical contributions provided by the presented IT artifacts, this dissertation offers numerous design principles to guide future computational cybersecurity IS research and other analytics related research inquiries.Type
textElectronic Dissertation
Degree Name
Ph.D.Degree Level
doctoralDegree Program
Graduate CollegeManagement