Search for: All records

Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel deep learning (DL)-based exploit-vulnerability attention deep structured semantic model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel device vulnerability severity metric (DVSM) that incorporates the exploit post date and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and denial of service. Results of these evaluations indicate that the proposed EVA-DSSM achieves precision at 1 scores 20% - 41% higher than non-DL approaches and 4% - 10% higher than DL-basedmore »approaches. We demonstrated the EVA-DSSM’s and DVSM’s practical utility with two CTI case studies: openly accessible systems in the top eight U.S. hospitals and over 20,000 Supervisory Control and Data Acquisition (SCADA) systems worldwide. A complementary user evaluation of the case study results indicated that 45 cybersecurity professionals found the EVA-DSSM and DVSM results more useful for exploit-vulnerability linking and risk prioritization activities than those produced by prevailing approaches. Given the rising cost of cyberattacks, the EVA-DSSM and DVSM have important implications for analysts in security operations centers, incident response teams, and cybersecurity vendors.« less

Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel deep learning (DL)-based exploit-vulnerability attention deep structured semantic model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel device vulnerability severity metric (DVSM) that incorporates the exploit post date and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and denial of service. Results of these evaluations indicate that the proposed EVA-DSSM achieves precision at 1 scores 20%-41% higher than non-DL approaches and 4%-10% higher than DL-based approaches. We demonstrated themore »EVA-DSSM's and DVSM's practical utility with two CTI case studies: openly accessible systems in the top eight U.S. hospitals and over 20,000 Supervisory Control and Data Acquisition (SCADA) systems worldwide. A complementary user evaluation of the case study results indicated that 45 cybersecurity professionals found the EVA-DSSM and DVSM results more useful for exploit-vulnerability linking and risk prioritization activities than those produced by prevailing approaches. Given the rising cost of cyberattacks, the EVA-DSSM and DVSM have important implications for analysts in security operations centers, incident response teams, and cybersecurity vendors.« less

International dark web platforms operating within multiple geopolitical regions and languages host a myriad of hacker assets such as malware, hacking tools, hacking tutorials, and malicious source code. Cybersecurity analytics organizations employ machine learning models trained on human-labeled data to automatically detect these assets and bolster their situational awareness. However, the lack of human-labeled training data is prohibitive when analyzing foreign-language dark web content. In this research note, we adopt the computational design science paradigm to develop a novel IT artifact for cross-lingual hacker asset detection(CLHAD). CLHAD automatically leverages the knowledge learned from English content to detect hacker assets in non-English dark web platforms. CLHAD encompasses a novel Adversarial deep representation learning (ADREL) method, which generates multilingual text representations using generative adversarial networks (GANs). Drawing upon the state of the art in cross-lingual knowledge transfer, ADREL is a novel approach to automatically extract transferable text representations and facilitate the analysis of multilingual content. We evaluate CLHAD on Russian, French, and Italian dark web platforms and demonstrate its practical utility in hacker asset profiling, and conduct a proof-of-concept case study. Our analysis suggests that cybersecurity managers may benefit more from focusing on Russian to identify sophisticated hacking assets. In contrast, financialmore »hacker assets are scattered among several dominant dark web languages. Managerial insights for security managers are discussed at operational and strategic levels.« less

The regularity of devastating cyber-attacks has made cybersecurity a grand societal challenge. Many cybersecurity professionals are closely examining the international Dark Web to proactively pinpoint potential cyber threats. Despite its potential, the Dark Web contains hundreds of thousands of non-English posts. While machine translation is the prevailing approach to process non-English text, applying MT on hacker forum text results in mistranslations. In this study, we draw upon Long-Short Term Memory (LSTM), Cross-Lingual Knowledge Transfer (CLKT), and Generative Adversarial Networks (GANs) principles to design a novel Adversarial CLKT (A-CLKT) approach. A-CLKT operates on untranslated text to retain the original semantics of the language and leverages the collective knowledge about cyber threats across languages to create a language invariant representation without any manual feature engineering or external resources. Three experiments demonstrate how A-CLKT outperforms state-of-the-art machine learning, deep learning, and CLKT algorithms in identifying cyber-threats in French and Russian forums.

Abstract We report on a long-lasting, elevated gamma-ray flux state from VER J0521+211 observed by VERITAS, MAGIC, and Fermi-LAT in 2013 and 2014. The peak integral flux above 200 GeV measured with the nightly binned light curve is (8.8 ± 0.4) × 10 −7 photons m −2 s −1 , or ∼37% of the Crab Nebula flux. Multiwavelength observations from X-ray, UV, and optical instruments are also presented. A moderate correlation between the X-ray and TeV gamma-ray fluxes was observed, and the X-ray spectrum appeared harder when the flux was higher. Using the gamma-ray spectrum and four models of the extragalactic background light (EBL), a conservative 95% confidence upper limit on the redshift of the source was found to be z ≤ 0.31. Unlike the gamma-ray and X-ray bands, the optical flux did not increase significantly during the studied period compared to the archival low-state flux. The spectral variability from optical to X-ray bands suggests that the synchrotron peak of the spectral energy distribution (SED) may become broader during flaring states, which can be adequately described with a one-zone synchrotron self-Compton model varying the high-energy end of the underlying particle spectrum. The synchrotron peak frequency of the SED and themore »radio morphology of the jet from the MOJAVE program are consistent with the source being an intermediate-frequency-peaked BL Lac object.« less

Abstract The results of gamma-ray observations of the binary system HESS J0632 + 057 collected during 450 hr over 15 yr, between 2004 and 2019, are presented. Data taken with the atmospheric Cherenkov telescopes H.E.S.S., MAGIC, and VERITAS at energies above 350 GeV were used together with observations at X-ray energies obtained with Swift-XRT, Chandra, XMM-Newton, NuSTAR, and Suzaku. Some of these observations were accompanied by measurements of the H α emission line. A significant detection of the modulation of the very high-energy gamma-ray fluxes with a period of 316.7 ± 4.4 days is reported, consistent with the period of 317.3 ± 0.7 days obtained with a refined analysis of X-ray data. The analysis of data from four orbital cycles with dense observational coverage reveals short-timescale variability, with flux-decay timescales of less than 20 days at very high energies. Flux variations observed over a timescale of several years indicate orbit-to-orbit variability. The analysis confirms the previously reported correlation of X-ray and gamma-ray emission from the system at very high significance, but cannot find any correlation of optical H α parameters with fluxes at X-ray or gamma-ray energies in simultaneous observations. The key finding is that the emission of HESS J0632more »+ 057 in the X-ray and gamma-ray energy bands is highly variable on different timescales. The ratio of gamma-ray to X-ray flux shows the equality or even dominance of the gamma-ray energy range. This wealth of new data is interpreted taking into account the insufficient knowledge of the ephemeris of the system, and discussed in the context of results reported on other gamma-ray binary systems.« less

We report multiwavelength observations of the gravitationally lensed blazar QSO B0218+357 in 2016–2020. Optical, X-ray, and GeV flares were detected. The contemporaneous MAGIC observations do not show significant very high energy (VHE; ≳100 GeV) gamma-ray emission. The lack of enhancement in radio emission measured by The Owens Valley Radio Observatory indicates the multizone nature of the emission from this object. We constrain the VHE duty cycle of the source to be <16 2014-like flares per year (95 per cent confidence). For the first time for this source, a broad-band low-state spectral energy distribution is constructed with a deep exposure up to the VHE range. A flux upper limit on the low-state VHE gamma-ray emission of an order of magnitude below that of the 2014 flare is determined. The X-ray data are used to fit the column density of (8.10 ± 0.93stat) × 1021 cm−2 of the dust in the lensing galaxy. VLBI observations show a clear radio core and jet components in both lensed images, yet no significant movement of the components is seen. The radio measurements are used to model the source-lens-observer geometry and determine the magnifications and time delays for both components. The quiescent emission is modelled with the high-energy bump explained asmore »a combination of synchrotron-self-Compton and external Compton emission from a region located outside of the broad-line region. The bulk of the low-energy emission is explained as originating from a tens-of-parsecs scale jet.

« less