The Anonymity of the Dark Web: A Survey #05
This is my personal note about the paper introduction. https://www.researchgate.net/publication/359421382_The_Anonymity_of_the_Dark_Web_A_Survey
This note is writing about overview of section 3 (THREAT INTELLIGENCE TECHNIQUES) on this paper.
Threat intelligence techniques
The architectural framework analysis process
- Data Gathering
- Describe the data sources, the data collection size, the data set's availabitily
- Data pre-processing
- filtering, extractions, duplication or noise reduction
- Data processing
- machine learning, data classification such as clustering or labelling, testing data
- Result`
Dark web forums monitoring
In this section present various security strategies by different cyber security researchers and scientists.
- Marin systematically report
- Mainly reveals three altered methods
- content, social network, and seniority-based analysis
- Mainly reveals three altered methods
- Deliu designed an automatic hybrid cyberthreat intelligence.
- Support Vector Machine and latent Dirichlet allocation
- L'Huillier addressed the community key member.
- Combining text mining and proposed social network analysis techniques.
- Yang et al. developed.
- Visualize system for dark web forum system and relationsip between various forum messages and posters.
- Kadoguchi et al. created.
- A dataset using sixgill's web crawler tool.
- Schafer et al. disscused.
- The architecutre of the Black-window for the early detection of cyberthreats.
- Alnablsi and Islam proposed.
- A methodology to evaluate relationships between dark web forums.
- Sarkar designed
- A framework of attack prediction in the real-time point.
Marketplace's surveillance
- Dong designed
- A framework to detect cyberthreats through text mining techniques in dark web marketplaces.
- Cherqi et al. performed
- An experimental study about illegal trade.
- Nunes et al. designed
- A system that influences threat intelligence and makes a detection based on at-risk systems.
Monitoring of dark websites
- Alkhatib and Basheer monitoring
- by Scrapy1, known as Darky
- Ferry et al. monitoring
- by a regular dark web scan by monitoring policy
- Alyze
- Hadoop-based framework
- Wang et al. suggested
- A method to obtain personal attributes by implementing three steps.
Traffic monitoring in the dark web
- Darknet traffic
- Botnets, Spoofing, DDoS attacks, probes, scanning attacks
- Detection of tor related traffic
- Cuzzocrea et al. describe a procedure using a machine learning technique
and a basic rule of analyzing.
- using Wireshark and the tcpdump tool
- Cuzzocrea et al. describe a procedure using a machine learning technique
and a basic rule of analyzing.
- Detection of malware
- Han te al. proposed
- The real-time detection of malware activities using online processing of the Glasso engine by analyzing dark web traffic.
- Han te al. proposed
- Detection of malign traffic
- Kumar et al. proposed
- A threat detection method by monitoring dark web traffic using machine learning classifier
- Kumar et al. proposed
- Darknet visibility
- Soro et al. deployed
- Three different darknets composed of IPv4 adresses in Brazil, the Netherlands, and Italy to identify darknet visibility facts.
- Soro et al. deployed
Through Honeypot
Low Interaction
- A partial range of communication with the external system.
- The major determination of this type is to detect delimited linking efforts
Medium Interaction
- A semi-virtual honeypot
- better-quality model services than low interaction honeypot
High Interaction
- The most advanced type of honeypot.
- The efficiency is in realistic approaches to the attackers and folds more information related to envisioned attacks
Researches
- Zeid et al. excuted
- Two honeypots with three automated secure virtual machines on the dark
- First, a research honeypot which is a chatroom web server.
- Second, a production honeypot which provides hacking service and is maintained on a vulnerable virtual maxhine.
- Two honeypots with three automated secure virtual machines on the dark
- Catakoglu et al. applied
- A high interaction honeypot, consisting of three types of web-based and
system-based honeypot.
- A website concealed as a private drug marketplace that trade to close group of summoned followers.
- A blog web page that promotes modified Internet results for hosting in the Tor network.
- A convention private setting that only allows privileged persons to log in.
- These honeypots' values show that assaults from the Surface Web effectively undermined the principal clone.
- A high interaction honeypot, consisting of three types of web-based and
system-based honeypot.