ThreatMiner - A threat intelligence analysis system for hacker forums

Role: Project Leader.

Research Background: Most of the current more mainstream threat intelligence analysis platforms collect data from network security devices such as IDS/IPS, workstations or network boundaries, extract common threat intelligence entities such as IP addresses, domain names, hash values, etc., and identify threat entities or feature information with high confidence in them. Although these platforms provide basic intelligence information with the support of big data, they are relatively weak in correlating threat events and key hackers. Hacker Forum has a huge amount of threat intelligence information, and this data can provide a rich source of data for threat intelligence analysis. So that more effective threat intelligence analysis can be conducted.

Research Method: The threat intelligence analysis system for hacker forums proposed in this project, based on the theoretical knowledge of deep learning, data mining, pattern matching, etc., deeply mines the massive data in famous hacker forums at home and abroad, and realizes the extraction of threat events in hacker forums and the construction of multi-dimensional key hacker portraits. Since hacker forums contain a large number of threat events and key hackers, the system can be a good and effective supplement to the current threat intelligence system. In addition, the system is deployed on cloud servers to achieve automatic data collection, analysis and presentation, providing network security experts with a real-time, accurate and relevant one-stop threat intelligence analysis platform.

Project Features:

  • Deep learning-based threat event extraction
  • Multi-faceted threat intelligence entity identification
  • Key hacker identification based on graph structure

Research Results: In the process of mining the threat intelligence of hacker forums, the system has successfully mined several cyber threats that exist in hacker forums, such as the spread of the 2.0 upgraded version of Trojan IP Killer, the transaction of credit card CVV by Russian hacker groups, and the DDOS attack on Cloudflare by hacker groups, etc. This result proves that there is a large amount of threat intelligence, and this project can effectively extract and analyze the threat intelligence of hacker forums.

Wenbo Guo
Wenbo Guo

My research interests include Open Source Software Security and Software Supply Chain Security.