Finding Cryptocurrency Attack Indicators Using Temporal Logic and Darkweb Data

With the recent prevalence of darkweb/deepweb (D2web) sites specializing in the trade of exploit kits and malware, malicious actors have easy-access to a wide-range of tools that can empower their offensive capability. In this study, we apply concepts from causal reasoning, itemset mining, and logic...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Almukaynizi, Mohammed, Paliath, Vivin, Shah, Malay, Shah, Malav, Shakarian, Paulo
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 30.10.2018
Subjects
Algorithms
Cybersecurity
Data mining
Digital currencies
Indicators
Intelligence gathering
Logic programming
Malware
Temporal logic
Online AccessGet full text

Cover

More Information
Summary:With the recent prevalence of darkweb/deepweb (D2web) sites specializing in the trade of exploit kits and malware, malicious actors have easy-access to a wide-range of tools that can empower their offensive capability. In this study, we apply concepts from causal reasoning, itemset mining, and logic programming on historical cryptocurrency-related cyber incidents with intelligence collected from over 400 D2web hacker forums. Our goal was to find indicators of cyber threats targeting cryptocurrency traders and exchange platforms from hacker activity. Our approach found interesting activities that, when observed together in the D2web, subsequent cryptocurrency-related incidents are at least twice as likely to occur than they would if no activity was observed. We also present an algorithmic extension to a previously-introduced algorithm called APT-Extract that allows to model new semantic structures that are specific to our application.
ISSN:2331-8422