A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums

Küçük Resim

Dosyalar

Delen-D.pdf (909.15 KB)

Tarih

2022

Yazarlar

Delen, Dursun
Biswas, Baidyanath
Mukhopadhyay, Arunabha
Bhattacharjee, Sudip
Kumar, Ajay
Delen, Dursun

Dergi Başlığı

Dergi ISSN

Cilt Başlığı

Yayıncı

Elsevier

Erişim Hakkı

info:eu-repo/semantics/closedAccess

Araştırma projeleri

Organizasyon Birimleri

Organizasyon Birimi Logosu
Organizasyon Birimi
Yönetim Bilimleri Fakültesi, İşletme Bölümü
Küresel rekabete ayak uydurmak ve sürdürülebilir olmak isteyen tüm şirketler ve kurumlar, değişimi doğru bir şekilde yönetmek, teknolojinin gerekli kıldığı zihinsel ve operasyonel dönüşümü kurumlarına hızlı bir şekilde adapte etmek zorundadırlar.

Dergi sayısı

Özet

Online hacker communities are meeting spots for aspiring and seasoned cybercriminals where they engage in technical discussions, share exploits and relevant hacking tools to be used in launching cyber-attacks on business organizations. Sometimes, the affected organizations can detect these attacks in advance, with the help of cyberthreat intelligence derived from the explicit and implicit features of hacker communication in these forums. Herein, we proposed a novel text-mining based cyber-risk assessment and mitigation framework, which performs the following critical tasks. (i) Cyber-risk Assessment - to identify hacker expertise (i.e., newbie, beginner, intermediate, and advanced) using explicit and implicit features applying various classification algorithms. Among these features, cybersecurity keywords, sharing of attachments, and sentiments emerged as significant. Further, we found that expert hackers demonstrate leadership in the online forums that eventually serve as communities of practice. Consequently, novice hackers gradually develop their cyber-attack skills through prolonged observations, interactions, and external influences in this social learning process. (ii) Cyber-risk mitigation - computes financial impact for every {hacker expertise, attack-type} combination, and then by ranking them on a {likelihood, impact} decision-matrix to prioritize mitigation strategies in affected organizations. Through these novel recommendations, our framework can guide managers to decide on appropriate cybersecurity controls using an {expected loss, probability, attack-type, hacker expertise} metric against financial losses due to cyber-attacks.

Açıklama

Anahtar Kelimeler

Information Security, Cyber Risks, Hacker Forum, Machine Learning, Sentiment Analysis

Kaynak

Decision Support Systems

WoS Q DeÄŸeri

Q1

Scopus Q DeÄŸeri

Q1

Cilt

152

Sayı

Künye

Biswas, B., Mukhopadhyay, A., Bhattacharjee, S., Kumar, A. ve Delen, D. (2022). A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums. Decision Support Systems, 152. https://doi.org/10.1016/j.dss.2021.113651

Bağlantı

http://dx.doi.org/10.1016/j.dss.2021.113651
 https://hdl.handle.net/20.500.12154/1667

Koleksiyon

İşletme Bölümü Koleksiyonu
Scopus İndeksli Yayınlar Koleksiyonu
WoS İndeksli Yayınlar Koleksiyonu