Darkweb cyber threat intelligence mining, by seven authors from Arizona State University, deals with the question of how data can be extracted from the darknet and then later used to provide more advanced threat intelligence for organizations. In other words, the authors discuss research approaches on how organizations can be prepared to protect themselves from upcoming threats by extracting insights from forums and product announcements found in the darknet. The content of the book is largely based on the author team’s previous academic publications, which were extended to represent separate chapters.
In chapter 1, the authors briefly introduce the topic of the book and provide an overview of the following chapters. Chapter 2 sets the background by allowing the reader to understand the benefits of cyber threat intelligence, the new challenges that arose for threat intelligence through the darknet, and the impact this should have on the security strategies of organizations. Actual black hat hacker communities are highlighted and discussed in chapter 3, which also covers their internal rules and the content of their forums. Chapter 4 deals with the process of darknet information gathering for threat intelligence purposes. Therefore, the authors describe their data mining pipeline; they show how different supervised and unsupervised machine learning methods perform with the pipeline to detect hacking products and relevant darknet forum discussions, among other aspects. Chapter 5 further details chapter 4’s investigation, and chapter 6 presents a game-theoretic approach for darknet threat intelligence. The concepts of the book are applied to the domain of industrial control systems in chapter 7. Chapter 8 summarizes the book and its conclusions.
The book is well written and well structured. The authors provide interesting facts on the darknet economy, its community, and its underling rules, such as trust-based platforms and the related problems of its participants. For instance, a key problem for darknet participants is staying anonymous while establishing status in the community, for example, by recycling pseudonyms on different forums and by showing your own work. Some of the chapters are easier to understand with prior knowledge of machine learning and game theory; however, most chapters are easy to understand.
Unfortunately, the book contains some minor flaws such as numbers in figures that do not match numbers in the text (p. 22). Another weak point is the reference to nonexistent sections: for example, on p. 26 the reader is referred to Section 3.7, which does not exist. Together with other flaws, such as the labels “1 2 3” for Figure 4.5, the book appears to be one that just had to be finished to meet a deadline.
Regarding its technical content, the book could have pointed more toward historic hacking community roots and its behavior. This was partially done by explaining the fundamentals of the hacking community and the term “hacker” correctly. However, while the authors discuss that darknet pseudonyms are often taken from popular movie characters such as Tyler Durden of Fight Club and “The Dude” in The Big Lebowski, it would have been valuable to provide a link to historic hacking forums of the 1990s and early 2000s, which also featured movie-related pseudonyms such as Zero Cool (from Hackers) and Morpheus (from The Matrix) as well as a similar community behavior that can be found in today’s darknet forums. These structures and community rules would have been interesting to see compared in detail. Moreover, it would have been beneficial to dedicate a separate chapter to related work on darknet investigations since the related work sections are kept rather short.
Despite these flaws, the book provides clear and valuable insights into the darknet community and how data from the darknet can be used for data mining and machine learning. The target audience should be academics and research and development (R&D) staff of organizations who plan to implement advanced threat intelligence. The book is not fully recommendable for practitioners without a background in machine learning or game theory; these readers may skip chapters 6 and 7 and will gain useful know-how from the remaining chapters.
More reviews about this item: Amazon