Malicious hackers utilize the World Wide Web to share knowledge. Analyzing the online communication of these threat actors can help reduce the risk of attacks. This book shifts attention from the defender environment to the attacker environment, offering a new security paradigm of 'proactive cyber threat intelligence' that allows defenders of computer networks to gain a better understanding of their adversaries by analyzing assets, capabilities, and interest of malicious hackers. The authors propose models, techniques, and frameworks based on threat intelligence mined from the heart of the underground cyber world: the malicious hacker communities. They provide insights into the hackers themselves and the groups they form dynamically in the act of exchanging ideas and techniques, buying or selling malware, and exploits. The book covers both methodology - a hybridization of machine learning, artificial intelligence, and social network analysis methods - and the resulting conclusions, detailing how a deep understanding of malicious hacker communities can be the key to designing better attack prediction systems.

The important and rapidly emerging new field known as 'cyber threat intelligence' explores the paradigm that defenders of computer networks gain a better understanding of their adversaries by understanding what assets they have available for an attack. In this book, a team of experts examines a new type of cyber threat intelligence from the heart of the malicious hacking underworld - the dark web. These highly secure sites have allowed anonymous communities of malicious hackers to exchange ideas and techniques, and to buy/sell malware and exploits. Aimed at both cybersecurity practitioners and researchers, this book represents a first step toward a better understanding of malicious hacking communities on the dark web and what to do about them. The authors examine real-world darkweb data through a combination of human and automated techniques to gain insight into these communities, describing both methodology and results.

This SpringerBrief discusses how to develop intelligent systems for cyber attribution regarding cyber-attacks. Specifically, the authors review the multiple facets of the cyber attribution problem that make it difficult for "out-of-the-box" artificial intelligence and machine learning techniques to handle. Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or signals intelligence) is a difficult problem not only due to the effort required to obtain evidence, but the ease with which an adversary can plant false evidence. This SpringerBrief not only lays out the theoretical foundations for how to handle the unique aspects of cyber attribution - and how to update models used for this purpose - but it also describes a series of empirical results, as well as compares results of specially-designed frameworks for cyber attribution to standard machine learning approaches. Cyber attribution is not only a challenging problem, but there are also problems in performing such research, particularly in obtaining relevant data. This SpringerBrief describes how to use capture-the-flag for such research, and describes issues from organizing such data to running your own capture-the-flag specifically designed for cyber attribution. Datasets and software are also available on the companion website.