Predicting enterprise cyber incidents using social network analysis on the darkweb hacker forums

TL;DR

This paper explores how social network analysis of darkweb hacker forums can predict enterprise cyber attacks, demonstrating that analyzing user interaction paths outperforms traditional centrality metrics.

Contribution

It introduces a novel approach using reply network structures from darkweb forums to improve prediction of cyber attacks on organizations.

Findings

Path structure analysis outperforms centrality metrics in prediction accuracy.

Data from 53 darkweb forums over 12 months was used.

The method successfully predicted real-world cyber attacks.

Abstract

With rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. We use information from the darkweb forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise cyber attacks. We use a suite of social network features on top of supervised learning models and validate them on a binary classification problem that attempts to predict whether there would be an attack on any given day for an organization. We conclude from our experiments using information from 53 forums in the darkweb over a span of 12 months to predict real world organization cyber attacks of 2 different security events that analyzing the path structure between groups of users is better than just studying network centralities like Pagerank or relying on the user posting statistics in the forums.