A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums

Abstract Online hacker communities are meeting spots for aspiring and seasoned cybercriminals where they engage in technical discussions, share exploits and relevant hacking tools to be used in launching cyber-attacks on business organizations. Sometimes, the affected organizations can detect these attacks in advance, with the help of cyber-threat intelligence derived from the explicit and implicit features of hacker communication in these forums. Herein, we proposed a novel text-mining based cyber-risk assessment and mitigation framework, which performs the following critical tasks. (i) Cyber-risk Assessment - to identify hacker expertise (i.e., newbie, beginner, intermediate, and advanced) using explicit and implicit features applying various classification algorithms. Among these features, cybersecurity keywords, sharing of attachments, and sentiments emerged as significant. Further, we found that expert hackers demonstrate leadership in the online forums that eventually serve as communities of practice. Consequently, novice hackers gradually develop their cyber-attack skills through prolonged observations, interactions, and external influences in this social learning process. (ii) Cyber-risk mitigation – computes financial impact for every {hacker expertise, attack-type} combination, and then by ranking them on a {likelihood, impact} decision-matrix to prioritize mitigation strategies in affected organizations. Through these novel recommendations, our framework can guide managers to decide on appropriate cybersecurity controls using an {expected loss, probability, attack-type, hacker expertise} metric against financial losses due to cyber-attacks.