Automated Framework for Scalable Collection and Intelligent Analytics of Hacker IRC Information

摘要

Cyber security is a challenging research problem especially when one considers exponential growth in information technologies. Most previous cyber security research have generally centered on securing and protecting physical resources (computers, network devices, and mobile platforms), protocols and applications. However, little work has focused on the human side and behavior, what motivates cyber attackers to launch attacks, their goals, and where they get their hacking and attacking tools. In this paper, we present an automated approach to collect information about hackers, and attempt to understand their behaviors and goals. Internet Relay Chat (IRC) forums have been widely used by hackers to exchange data, tools and train new novice hackers. We present our approach to implement an automated framework that uses several bots to collect IRC messages from malicious forums and analyze them. A resilient botnet mechanism is utilized to ensure complete IRC data collection. In addition, we present an intelligent hacking language module based on Stanford CoreNLP to analyze hacker activity. Our experimental results show that our botnets can be used to effectively monitor, analyze, and predict hacker activities and goals.