Exploring Malicious Hacker Communities Toward Proactive Cyber-Defense

Malicious hackers utilize the World Wide Web to share knowledge. Analyzing the online communication of these threat actors can help reduce the risk of attacks. This book shifts attention from the defender environment to the attacker environment, offering a new security paradigm of 'proactive cyber threat intelligence' that allows defenders of computer networks to gain a better understanding of their adversaries by analyzing assets, capabilities, and interest of malicious hackers. The authors propose models, techniques, and frameworks based on threat intelligence mined from the heart of the underground cyber world: the malicious hacker communities. They provide insights into the hackers themselves and the groups they form dynamically in the act of exchanging ideas and techniques, buying or selling malware, and exploits. The book covers both methodology - a hybridization of machine learning, artificial intelligence, and social network analysis methods - and the resulting conclusions, detailing how a deep understanding of malicious hacker communities can be the key to designing better attack prediction systems.

Foreword Edward G. Amoroso; Preface; 1. Introduction; 2. Background; Part I. Understanding the Behavior of Malicious Hackers: 3. Mining key-hackers; 4. Reasoning about hacker engagement; 5. Uncovering communities of malware and exploit vendors; Part II. Predicting Imminent Cyber Threats: 6. Identifying exploits in the wild proactively; 7. Predicting enterprise-targeted external cyber-attacks; 8. Bringing social network analysis to aid in cyber-attack prediction; 9. Finding at-risk systems without software vulnerability identifiers (CVE's); 10. Final considerations.