-
Deep Learning Algorithm for Threat Detection in Hackers Forum (Deep Web)
Authors:
Victor Adewopo,
Bilal Gonen,
Nelly Elsayed,
Murat Ozer,
Zaghloul Saad Elsayed
Abstract:
In our current society, the inter-connectivity of devices provides easy access for netizens to utilize cyberspace technology for illegal activities. The deep web platform is a consummative ecosystem shielded by boundaries of trust, information sharing, trade-off, and review systems. Domain knowledge is shared among experts in hacker's forums which contain indicators of compromise that can be explo…
▽ More
In our current society, the inter-connectivity of devices provides easy access for netizens to utilize cyberspace technology for illegal activities. The deep web platform is a consummative ecosystem shielded by boundaries of trust, information sharing, trade-off, and review systems. Domain knowledge is shared among experts in hacker's forums which contain indicators of compromise that can be explored for cyberthreat intelligence. Develo** tools that can be deployed for threat detection is integral in securing digital communication in cyberspace. In this paper, we addressed the use of TOR relay nodes for anonymizing communications in deep web forums. We propose a novel approach for detecting cyberthreats using a deep learning algorithm Long Short-Term Memory (LSTM). The developed model outperformed the experimental results of other researchers in this problem domain with an accuracy of 94\% and precision of 90\%. Our model can be easily deployed by organizations in securing digital communications and detection of vulnerability exposure before cyberattack.
△ Less
Submitted 3 February, 2022;
originally announced February 2022.
-
Is Cryptojacking Dead after Coinhive Shutdown?
Authors:
Said Varlioglu,
Bilal Gonen,
Murat Ozer,
Mehmet F. Bastug
Abstract:
Cryptojacking is the exploitation of victims' computer resources to mine for cryptocurrency using malicious scripts. It has become popular after 2017 when attackers started to exploit legal mining scripts, especially Coinhive scripts. Coinhive was actually a legal mining service that provided scripts and servers for in-browser mining activities. Nevertheless, over 10 million web users had been vic…
▽ More
Cryptojacking is the exploitation of victims' computer resources to mine for cryptocurrency using malicious scripts. It has become popular after 2017 when attackers started to exploit legal mining scripts, especially Coinhive scripts. Coinhive was actually a legal mining service that provided scripts and servers for in-browser mining activities. Nevertheless, over 10 million web users had been victims every month before the Coinhive shutdown that happened in Mar 2019. This paper explores the new era of the cryptojacking world after Coinhive discontinued its service. We aimed to see whether and how attackers continue cryptojacking, generate new malicious scripts, and developed new methods. We used a capable cryptojacking detector named CMTracker that proposed by Hong et al. in 2018. We automatically and manually examined 2770 websites that had been detected by CMTracker before the Coinhive shutdown. The results revealed that 99\% of sites no longer continue cryptojacking. 1\% of websites still run 8 unique mining scripts. By tracking these mining scripts, we detected 632 unique cryptojacking websites. Moreover, open-source investigations (OSINT) demonstrated that attackers still use the same methods. Therefore, we listed the typical patterns of cryptojacking. We concluded that cryptojacking is not dead after the Coinhive shutdown. It is still alive, but not as attractive as it used to be.
△ Less
Submitted 13 March, 2020; v1 submitted 7 January, 2020;
originally announced January 2020.
-
Plunge into the Underworld: A Survey on Emergence of Darknet
Authors:
Victor Adewopo,
Bilal Gonen,
Said Varlioglu,
Murat Ozer
Abstract:
The availability of sophisticated technologies and methods of perpetrating criminogenic activities in the cyberspace is a pertinent societal problem. Darknet is an encrypted network technology that uses the internet infrastructure and can only be accessed using special network configuration and software tools to access its contents which are not indexed by search engines. Over the years darknets t…
▽ More
The availability of sophisticated technologies and methods of perpetrating criminogenic activities in the cyberspace is a pertinent societal problem. Darknet is an encrypted network technology that uses the internet infrastructure and can only be accessed using special network configuration and software tools to access its contents which are not indexed by search engines. Over the years darknets traditionally are used for criminogenic activities and famously acclaimed to promote cybercrime, procurements of illegal drugs, arms deals, and cryptocurrency markets. In countries with oppressive regimes, censorship of digital communications, and strict policies prompted journalists and freedom fighters to seek freedom using darknet technologies anonymously while others simply exploit it for illegal activities. Recently, MIT's Lincoln Laboratory of Artificial Intelligence augmented a tool that can be used to expose illegal activities behind the darknet. We studied relevant literature reviews to help researchers to better understand the darknet technologies, identify future areas of research on the darknet and ultimately to optimize how data-driven insights can be utilized to support governmental agencies in unraveling the depths of darknet technologies. This paper focuses on the use of the internet for crimes, deanonymization of TOR-services, darknet a new digital street for illicit drugs, research questions and hypothesis to guide researchers in further studies. Finally, in this study, we propose a model to examine and investigate anonymous online illicit markets.
△ Less
Submitted 17 March, 2020; v1 submitted 7 January, 2020;
originally announced January 2020.
-
A Prevention and a Traction System for Ransomware Attacks
Authors:
Murat Ozer,
Said Varlioglu,
Bilal Gonen,
Mehmet F. Bastug
Abstract:
Over the past three years, especially following WannaCry malware, ransomware has become one of the biggest concerns for private businesses, state, and local government agencies. According to Homeland Security statistics, 1.5 million ransomware attacks have occurred per year since 2016. Cybercriminals often use creative methods to inject their malware into the target machines and use sophisticated…
▽ More
Over the past three years, especially following WannaCry malware, ransomware has become one of the biggest concerns for private businesses, state, and local government agencies. According to Homeland Security statistics, 1.5 million ransomware attacks have occurred per year since 2016. Cybercriminals often use creative methods to inject their malware into the target machines and use sophisticated cryptographic techniques to hold hostage victims' files and programs unless a certain amount of equivalent Bitcoin is paid. The return to the cybercriminals is so high (estimated \$1 billion in 2019) without any cost because of the advanced anonymity provided by cryptocurrencies, especially Bitcoin \cite{Paquet-Clouston2019}. Given this context, this study first discusses the current state of ransomware, detection, and prevention systems. Second, we propose a global ransomware center to better manage our concerted efforts against cybercriminals. The policy implications of the proposed study are discussed in the conclusion section.
△ Less
Submitted 17 March, 2020; v1 submitted 7 January, 2020;
originally announced January 2020.
-
User characterization for online social networks
Authors:
Tayfun Tuna,
Esra Akbas,
Ahmet Aksoy,
Muhammed Abdullah Canbaz,
Umit Karabiyik,
Bilal Gonen,
Ramazan Aygun
Abstract:
Online social network analysis has attracted great attention with a vast number of users sharing information and availability of APIs that help to crawl online social network data. In this paper, we study the research studies that are helpful for user characterization as online users may not always reveal their true identity or attributes. We especially focused on user attribute determination such…
▽ More
Online social network analysis has attracted great attention with a vast number of users sharing information and availability of APIs that help to crawl online social network data. In this paper, we study the research studies that are helpful for user characterization as online users may not always reveal their true identity or attributes. We especially focused on user attribute determination such as gender, age, etc.; user behavior analysis such as motives for deception; mental models that are indicators of user behavior; user categorization such as bots vs. humans; and entity matching on different social networks. We believe our summary of analysis of user characterization will provide important insights to researchers and better services to online users.
△ Less
Submitted 26 December, 2016; v1 submitted 12 November, 2016;
originally announced November 2016.