SBE TTP: Medium: Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics

SBE TTP：媒介：保护网络空间：通过社交媒体分析了解网络攻击者和攻击

• 批准号: 1314631
• 负责人: Hsinchun Chen
• 金额: $ 119.07万
• 依托单位: University of Arizona
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1314631&HistoricalAwards=false
• 关键词: SBE; TTP; Medium; Securing; Cyber

As society becomes more dependent on cyber infrastructure, the security of networks and information technologies has become a growing concern. Individuals, businesses, and governmental organizations are now common victims of cyber-attacks that seek to steal private data, gain remote control over remote systems, and cause harm to networks and systems through other malicious means. Additionally, critical infrastructures such as smart power grids and communication networks are facing an increasing number of cyber-based threats. As a result, many researchers and security practitioners have begun to investigate cyber attacker communities in order to learn more about cyber attacker behaviors, emerging threats, and the cybercriminal supply chain. Unfortunately, there is a lack of established science for cyber security research. The lack of literature is problematic for researchers wanting to learn more so that they may contribute to and advance the current state of cyber security research. For example, many cyber attacker communities take careful measures to hide themselves by employing anti-crawling measures. This would be a challenge for many researchers and security practitioners. Furthermore, some may find cyber attacker community discussion difficult to interpret due to cyber attacker jargon, advanced security concepts, or foreign contents belonging to cyber attacker groups spanning across different countries or regions.For these reasons, research studying hacker communities is greatly needed, as well as research that advances others? capacity to understand and investigate contents from such communities. Specifically, the development of automated tools and analyses increases the potential for more cyber security research. Web mining and machine learning technologies can be used in tandem with social science methodologies to help answer many questions related to hacker behaviors and culture, illegal markets and covert networks, cybercriminal supply chain, malware analysis, emerging security threats, and other matters. There are many opportunities for extending current cyber security research by combining hacker community data with social science methodologies, computational techniques, and security analysis. In this research, important questions about hacker behaviors, markets, community structure, community contents, artifacts, and cultural differences are explored. Automated techniques to collect and analyze data from forums, Internet Relay Chat, and honeypots will be developed. The development of such tools will help further proactive approaches for preventing cyber-based threats, rather than taking the traditional approach of reacting when something "bad" happens. Better understanding of hacker communities across multiple geopolitical regions will support a better understanding of cybercriminal behavior, and improved and safer practices for security researchers and practitioners.The proposed integrated computational framework and the resulting algorithms and software will also allow social science researchers and security practitioners to closely examine how cyber attacker groups form, develop, and spread their ideas; identify important and influential cyber criminals in the online world; and develop the means to recognize online hacker identities through their communication and interaction styles. Knowing more about cyber criminals, hackers, and their illegal black markets can help policy makers and security professionals make better decisions about how to prevent or respond to attacks. The proposed work also contributes to the educational and professional development of the student research associates who contribute to it. They will learn sound research methods, and how to write about and present their work for scientific and other professional audiences.

随着社会对网络基础设施的依赖程度越来越高，网络和信息技术的安全性日益受到关注。个人、企业和政府组织现在是网络攻击的常见受害者，这些攻击试图窃取私人数据，获得对远程系统的远程控制，并通过其他恶意手段对网络和系统造成损害。此外，智能电网和通信网络等关键基础设施正面临越来越多的网络威胁。因此，许多研究人员和安全从业人员已经开始调查网络攻击者群体，以了解更多关于网络攻击者行为、新兴威胁和网络犯罪供应链的信息。不幸的是，网络安全研究缺乏成熟的科学依据。文献的缺乏对于想要了解更多的研究人员来说是一个问题，这样他们就可以为网络安全研究的现状做出贡献和推进。例如，许多网络攻击者社区通过采用反爬行措施来谨慎地隐藏自己。这对许多研究人员和安全从业人员来说是一个挑战。此外，有些人可能会发现网络攻击者社区讨论难以解释，因为网络攻击者术语，先进的安全概念，或属于不同国家或地区的网络攻击者团体的外国内容。由于这些原因，对黑客社区的研究是非常必要的，同时也需要对其他领域的研究。理解和调查这些社区内容的能力。具体来说，自动化工具和分析的发展增加了更多网络安全研究的潜力。网络挖掘和机器学习技术可以与社会科学方法结合使用，以帮助回答与黑客行为和文化、非法市场和隐蔽网络、网络犯罪供应链、恶意软件分析、新兴安全威胁和其他问题相关的许多问题。通过将黑客社区数据与社会科学方法、计算技术和安全分析相结合，扩展当前的网络安全研究有很多机会。本研究探讨了黑客行为、市场、社区结构、社区内容、人工制品和文化差异等重要问题。将开发从论坛、互联网中继聊天和蜜罐收集和分析数据的自动化技术。这些工具的开发将有助于进一步采取积极主动的方法来预防基于网络的威胁，而不是采取传统的方法来应对“不好”的事情发生。更好地了解跨多个地缘政治区域的黑客社区将有助于更好地了解网络犯罪行为，并为安全研究人员和从业人员提供改进和更安全的实践。拟议的综合计算框架以及由此产生的算法和软件也将使社会科学研究人员和安全从业人员能够仔细研究网络攻击者群体如何形成、发展和传播他们的想法；识别网络世界中重要和有影响力的网络罪犯；通过网络黑客的交流和互动方式来识别网络黑客的身份。更多地了解网络罪犯、黑客和他们的非法黑市，可以帮助政策制定者和安全专业人员更好地决定如何预防或应对攻击。建议的工作也有助于学生研究助理的教育和专业发展。他们将学习合理的研究方法，以及如何为科学和其他专业观众撰写和展示他们的工作。