Kuehn, Philipp ; Wittorf, Kyra ; Reuter, Christian (2024)
Navigating the Shadows: Manual and Semi-Automated Evaluation of the Dark Web for Cyber Threat Intelligence.
In: IEEE Access, 12
doi: 10.1109/ACCESS.2024.3448247
Artikel, Bibliographie
Kurzbeschreibung (Abstract)
In today’s world, cyber-attacks are becoming more frequent and thus proactive protection against them is becoming more important. Cyber Threat Intelligence (CTI) is a possible solution, as it collects threat information in various information sources and derives stakeholder intelligence to protect one’s infrastructure. The current focus of CTI in research is the clear web, but the dark web may contain further information. To further advance protection, this work analyzes the dark web as Open Source Intelligence (OSINT) data source to complement current CTI information. The underlying assumption is that hackers use the dark web to exchange, develop, and share information and assets. This work aims to understand the structure of the dark web and identify the amount of its openly available CTI related information. We conducted a comprehensive literature review for dark web research and CTI. To follow this up we manually investigated and analyzed 65 dark web forum (DWF), 7 single-vendor shops, and 72 dark web marketplace (DWM). We documented the content and relevance of DWFs and DWMs for CTI, as well as challenges during the extraction and provide mitigations. During our investigation we identified IT security relevant information in both DWFs and DWMs, ranging from malware toolboxes to hacking-as-a-service. One of the most present challenges during our manual analysis were necessary interactions to access information and anti-crawling measures, i.e., CAPTCHAs. This analysis showed 88% of marketplaces and 53% of forums contained relevant data. Our complementary semi-automated analysis of 1,186,906 onion addresses indicates, that the necessary interaction makes it difficult to see the dark web as an open, but rather treat it as specialized information source, when clear web information does not suffice.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2024 |
| Autor(en): | Kuehn, Philipp ; Wittorf, Kyra ; Reuter, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | Navigating the Shadows: Manual and Semi-Automated Evaluation of the Dark Web for Cyber Threat Intelligence |
| Sprache: | Englisch |
| Publikationsjahr: | 22 August 2024 |
| Verlag: | IEEE |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | IEEE Access |
| Jahrgang/Volume einer Zeitschrift: | 12 |
| DOI: | 10.1109/ACCESS.2024.3448247 |
| URL / URN: | https://ieeexplore.ieee.org/document/10643518 |
| Kurzbeschreibung (Abstract): | In today’s world, cyber-attacks are becoming more frequent and thus proactive protection against them is becoming more important. Cyber Threat Intelligence (CTI) is a possible solution, as it collects threat information in various information sources and derives stakeholder intelligence to protect one’s infrastructure. The current focus of CTI in research is the clear web, but the dark web may contain further information. To further advance protection, this work analyzes the dark web as Open Source Intelligence (OSINT) data source to complement current CTI information. The underlying assumption is that hackers use the dark web to exchange, develop, and share information and assets. This work aims to understand the structure of the dark web and identify the amount of its openly available CTI related information. We conducted a comprehensive literature review for dark web research and CTI. To follow this up we manually investigated and analyzed 65 dark web forum (DWF), 7 single-vendor shops, and 72 dark web marketplace (DWM). We documented the content and relevance of DWFs and DWMs for CTI, as well as challenges during the extraction and provide mitigations. During our investigation we identified IT security relevant information in both DWFs and DWMs, ranging from malware toolboxes to hacking-as-a-service. One of the most present challenges during our manual analysis were necessary interactions to access information and anti-crawling measures, i.e., CAPTCHAs. This analysis showed 88% of marketplaces and 53% of forums contained relevant data. Our complementary semi-automated analysis of 1,186,906 onion addresses indicates, that the necessary interaction makes it difficult to see the dark web as an open, but rather treat it as specialized information source, when clear web information does not suffice. |
| Freie Schlagworte: | Ranking-CORE-A, Ranking-ImpactFactor, Student, Security, UsableSec, Projekt-ATHENE-SecUrban, Projekt-CYWARN |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) Forschungsfelder Forschungsfelder > Information and Intelligence Forschungsfelder > Information and Intelligence > Cybersecurity & Privacy |
| Hinterlegungsdatum: | 23 Jan 2025 09:11 |
| Letzte Änderung: | 23 Jan 2025 09:11 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum