Abstract

We present an approach that combines social network analysis with machine learning techniques to predict future cyber threats through darkweb/deepweb discussions with hacking-related content. Our approach harnesses features derived from hacker social networks and from online sources of cybersecurity advisories. We address the problem of predicting the exploitability of software vulnerabilities to show that features computed from hacker social networks are important indicators of future cybersecurity incidents. We conduct a suite of experiments on real-world hacker and exploit data and demonstrate that social network data improves recall by about 19%, F1 score by about 6% while maintaining precision. We believe this is because social network structures related to certain exploit authors is indicative of their ability to write exploits that are subsequently employed in an attack.