Cyber threats pose grave national security dangers to the US.

Many cyber-attacks today are executed

with ever-growing collection of malicious tools. Cyber threat intelligence (CTI) and malware analysis
portals aim to provide knowledge and tools to help prevent and mitigate attacks. However, current CTI
and malware analysis portals and techniques have been criticized for being too reactive as they rely on
data collected from past cyber-attacks. Online hacker forums provide a novel source of data that can
inform a proactive CTI and malware portal. This research demonstrates the AZSecure Hacker Assets
Portal. This portal collects and analyzes malicious assets directly from the largely untapped and rich data
source of online hacker communities by utilizing state-of-the-art machine learning techniques. This
paper explores the development and evolution of the AZSecure Hacker Assets Portal. We also present
key portal functionalities such as asset searching, browsing, and downloading, source code visualizations
and code comparison analytics, and an interactive CTI dashboard.

Refernce

Samtani, S., Chinn, K., Larson, C. and Chen, H., 2016, September. AZSecure Hacker Assets Portal: Cyber
threat intelligence and malware analysis. In 2016 IEEE Conference on Intelligence and Security
Informatics (ISI) (pp. 19-24). Ieee.

Threat intelligence is the provision of evidence-based knowledge about existing or potential threats.
Benefits of threat intelligence include improved efficiency and effectiveness in security operations in
terms of detective and preventive capabilities. Successful threat intelligence within the cyber domain
demands a knowledge base of threat information and an expressive way to represent this knowledge.
This purpose is served by the use of taxonomies, sharing standards, and ontologies. This paper
introduces the Cyber Threat Intelligence (CTI) model, which enables cyber defenders to explore their
threat intelligence capabilities and understand their position against the ever-changing cyber threat
landscape. In addition, we use our model to analyze and evaluate several existing taxonomies, sharing
standards, and ontologies relevant to cyber threat intelligence. Our results show that the cyber security
community lacks an ontology covering the complete spectrum of threat intelligence. To conclude, we
argue the importance of developing a multi-layered cyber threat intelligence ontology based on the CTI
model and the steps should be taken under consideration, which are the foundation of our future work.

reference

Mavroeidis, V. and Bromander, S., 2017, September. Cyber threat intelligence model: an evaluation of
taxonomies, sharing standards, and ontologies within cyber threat intelligence. In 2017 European
Intelligence and Security Informatics Conference (EISIC) (pp. 91-98). IEEE.

Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many
companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks,
and information technology (IT). However, CTI traditionally analyzes attacks after they have already
happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to
develop proactive CTI by better understanding the threats present in hacker communities. This study
contributes a novel CTI framework by leveraging an automated and principled web, data, and text
mining approach to collect and analyze vast amounts of malicious hacker tools directly from large,
international underground hacker communities. By using this framework, we identified many freely
available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools
may have been the cause of recent breaches against organizations such as the Office of Personnel
Management (OPM). The study contributes to our understanding and practice of the timely proactive
identification of cyber threats.

Refences

Samtani, S., Chinn, R., Chen, H. and Nunamaker Jr, J.F., 2017. Exploring emerging hacker assets and key
hackers for proactive cyber threat intelligence. Journal of Management Information Systems, 34(4),
pp.1023-1053.