Leveraging Large Darknets for Actionable Threat Intelligence: An Artificial Intelligence-Driven Approach

Open Access
- Author:
- Prajapati, Rupesh
- Graduate Program:
- Informatics
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- October 04, 2024
- Committee Members:
- Carleen Maitland, Program Head/Chair
Vasant Honavar, Major Field Member
Jia Li, Outside Unit & Field Member
Michalis Kallitsis, Special Member
Dinghao Wu, Chair & Dissertation Advisor
John Yen, Major Field Member - Keywords:
- Threat Intelligence
Artificial Intelligence
AI
Network Telescopes
Darknet
Machine Learning
Cybersecurity
Cyber Threat
Internet Landscape
Temporal Change Detection - Abstract:
- Adversaries increasingly rely on active reconnaissance techniques, such as probing, to identify and exploit vulnerabilities within target systems. Understanding these probing activities provides invaluable insights into the evolving threat landscape, empowering security professionals to proactively adapt their defense strategies and mitigate potential cyberattacks. Large network telescopes, or darknets, offer a powerful resource for analyzing these probes in detail, capturing vast amounts of scanning traffic from a wide range of potential malicious actors. However, effectively extracting timely, actionable threat intelligence from this massive volume of darknet data remains a significant challenge. This dissertation explores the potential of artificial intelligence (AI) techniques to overcome these challenges and provide actionable threat intelligence from large-scale darknet data. Focusing on the intricate interplay of scanning behavior, system vulnerabilities, and evolving threat actor tactics, this research investigates the efficacy of AI for extracting actionable intelligence from darknet data. First, the study delves into the identification and interpretation of temporal changes within the Internet threat landscape. By analyzing network traffic patterns and identifying anomalies in scanning behaviors, this research presents a novel framework for near real-time detection of emerging threats. Furthermore, the dissertation explores the potential for cross-sensor data fusion, leveraging the insights gleaned from darknets to correlate with intelligence gathered from other security sensor networks. This enables the inference of threat actor motives and techniques based solely on their scanning behavior, further enhancing the granularity of threat intelligence. Lastly, this research investigates the feasibility of a Learning Using Privileged Information (LUPI) framework to significantly enhance threat intelligence inference. By incorporating limited but highly valuable privileged information, this approach seeks to improve the accuracy and efficiency of AI-driven threat intelligence extraction from darknet data. This dissertation ultimately contributes to a more comprehensive understanding of the cyber threat landscape, enabling the development of robust and proactive security strategies.