Machine learning algorithm goes deep and dark, locking zero-day vulnerability

The loopholes are also divided into threes and nines. Theoretically, there are some loopholes that are not enough for an attacker to threaten your system. However, there are loopholes, such as Zero-day Exploit, that are extremely destructive. Some people rely on such loopholes to develop malicious software, invade people's computer systems, and steal important information. This is one of the biggest threats to cyber security today.

Discovering vulnerabilities and preventing the production of malicious software is an important task for network security experts. Today, a research team at Arizona State University has developed a set of machine learning algorithms to help monitor and identify these vulnerabilities in the black market.

The birth of a malicious software

In February 2015, Microsoft discovered a serious flaw in the Windows operating system that could allow hackers to remotely manipulate the target computer. The vulnerability has a huge range of impacts, including Vista, Win7, Win8 and other server systems.

Microsoft immediately released a patch, but the details of the vulnerability soon spread throughout the hacking community.

In April, an exploit based on this vulnerability was sold on black and sold for $15,000. In July, the first malware based on this product appeared as a Trojan horse program named Dyre Banking that could attack users around the world and steal credit card numbers from infected devices.

From the above incident, we can see the basic process of the emergence of malicious software. First, a hacker uses a loophole to develop a program product that can be used for attack and sells it on the black market. The buyer uses it to develop malicious software and then infects user equipment .

In this case, Microsoft itself discovered the vulnerability and released patches in advance. However, if malicious hackers discovered the vulnerability before the software company, then this loophole is a “zero-day vulnerability”. The word "zero day" is used to satire that software vendors and security companies simply do not know their loopholes: software vendors know this loophole for a few days? No day! The main goal of network security experts is to find them before the "zero-day vulnerability" program becomes malicious.

Deep and dark nets under machine learning

For Arizona State University's Eric Nunes and colleagues, this Dyre Banking Trojan incident gave them an important inspiration and could use a completely new approach to deal with such cybersecurity issues.

They use machine learning to research hacker forums and trading markets in Deep Web and Dark Web, and track the latest loopholes .

Let’s talk about the concepts of deep and dark networks first. The general network is divided into three levels. The first is the surface network , which is the network that ordinary people usually use and use. Any search engine can crawl and easily access it. Then there is the deep network : all networks except the surface network are called deep networks, search engines can not crawl it, it is not completely hidden, but ordinary search engines can not find its whereabouts. The third layer is the dark network : dark network is part of the deep network, but it is artificially hidden. If you are not a big player, you can hardly break into this network.

Nunes and his colleagues developed a crawler program that gathered information from deep and dark web HTML pages to monitor the activities of hackers here. Obviously, the key to this work is to find the best starting page for the crawler program, and this task must be completed by someone familiar with Deep Web.

The depth of the contents of the deep network, Nunes's system only extracts information related to hacking activities, and abandon the irrelevant drug-like, weapons trading and other content. Therefore, in the process of building a database, it is necessary to label information, and to indicate to the algorithm which are related to hacking activities and which are irrelevant. In the current training database, 25% of the labels are done manually, and one person has to label 5 black market products per minute or two topics in a forum. Later, they used tagged data to train algorithms and used unlabeled data to test learning outcomes.

Research results

The results of machine learning are very interesting. Nunes and his colleagues stated that this machine learning model has a recognition rate of 92% for the black market products and 80% for the malicious attack topics discussed in the forum . This is a very high accuracy.

And this system has revealed some malicious hacking behavior. "In four weeks, we discovered 16 zero-day loopholes in the black market transaction data," the team revealed. This includes a serious vulnerability for Android, the transaction price is 20,000 US dollars, there is a security vulnerability of IE 11 browser, the price is 10,000 US dollars.

The team also produced social pedigrees in deep web forums and trading markets . The team stated that 751 deep-net users appeared in more than one transaction market, among which one seller was active in 7 markets and 1 forum, and provided more than 80 products related to malicious attacks.

This business is really profitable. "The black market customer rated the seller between 4.7 and 5.0. He has conducted more than 7,000 successful transactions, which means that his product is very reliable and very popular among buyers." Nunes and colleagues said.

At present, this system collects 305 high-quality cyber threat warnings on an average week , which has attracted the attention of many businesses. In fact, the team revealed that they are now ready to hand over the system to a business partner. If this team continues to search for zero-day vulnerabilities, and before these vulnerabilities develop into malicious programs, they can help software developers repair vulnerabilities in time, which is of great help to network security experts.

Of course, this will also become part of the “cat and mouse game” in cybersecurity. Now hackers already know that they are being systematically monitored and do not know how they will change their behavior. If this change happens, the cat and mouse game will enter a new round.

Via MIT Technology Review


LSZH Wire

Lszh Wire,Lszh Grounding Wire,Lsoh Grounding Wire,Lshf Grounding Wire

Baosheng Science&Technology Innovation Co.,Ltd , https://www.bscables.com

Posted on