Abstract
As the emerging threats of cybercriminals in recent years, how to efficiently and economically identify stealthy activities and attacks to avoid sensitive information leakage has been an important issue. However, due to business confidentiality and a lack of trust among information sharing, such valuable information is not exchanged transparently and not well utilized so far. In this study, we propose a hybrid method for internal threat identification. Our method leverages external open-source intelligence and applies it to internal network activities to uncover potential hacking campaigns among the network. We present the method consisting of collecting external intelligence, detecting internal infections, and identifying threats. We conduct our experiment under a tier-1 network in Taiwan. From the results, our method successfully identifies a number of famous hacking groups which are underneath threats in the large-scale network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
References
Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 14:1–14:28 (2014)
Binde, B., McRee, R., O’Connor, T.J.: Assessing outbound traffic to uncover advanced persistent threat. SANS Institute Whitepaper, p. 16 (2011)
Kührer, M., Rossow, C., Holz, T.: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 1–21. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_1
Ma, X., Zhang, J., Tao, J., Li, J., Tian, J., Guan, X.: DNSRadar: outsourcing malicious domain detection based on distributed cache-footprints. IEEE Trans. Inf. Forensics Secur. 9(11), 1906–1921 (2014)
Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive dns traffic analysis. IEEE Trans. Dependable Secure Comput. 9(5), 714–726 (2012)
Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: The 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 403–414. IEEE (2015)
Rahbarinia, B., Perdisci, R., Antonakakis, M., Dagon, D.: SinkMiner: Mining botnet sinkholes for fun and profit. In: The 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats. USENIX (2013)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: ACM SIGCOMM Computer Communication Review, vol. 36, pp. 291–302. ACM (2006)
Wang, X., Zheng, K., Niu, X., Wu, B., Wu, C.: Detection of command and control in advanced persistent threat based on independent access. In: IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2016)
Zhao, G., Xu, K., Xu, L., Wu, B.: Detecting APT malware infections based on malicious dns and traffic analysis. IEEE Access 3, 1132–1142 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Tsai, MH., Wang, MH., Yang, WC., Lei, CL. (2019). Uncovering Internal Threats Based on Open-Source Intelligence. In: Chang, CY., Lin, CC., Lin, HH. (eds) New Trends in Computer Technologies and Applications. ICS 2018. Communications in Computer and Information Science, vol 1013. Springer, Singapore. https://doi.org/10.1007/978-981-13-9190-3_68
Download citation
DOI: https://doi.org/10.1007/978-981-13-9190-3_68
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9189-7
Online ISBN: 978-981-13-9190-3
eBook Packages: Computer ScienceComputer Science (R0)