Skip to content ↓ | Skip to navigation ↓

A group of researchers from Arizona State University has created a system that gathers data from underground marketplaces and hacking forums to identify emerging cyber threats.

Using search engines and hidden websites on the Tor network, the researchers found 27 different marketplaces and 21 discussion forums populated by malicious hackers.

The students’ operational system automatically collects information from these sites and uses various data mining and machine learning techniques to classify the collected data.

“Currently, this system collects – on average – 305 high-quality cyber threat warnings each week,” the students explained in their research paper.

“These threat warnings include information on newly developed malware and exploits that have not yet been deployed in a cyber-attack.”


The study revealed that over a 4-week period, 16 zero-day exploits were added to underground marketplaces.

Among the zero-day exploits discovered was one targeting a vulnerability in Android WebView, which affects devices running on Android 4.3 Jelly Bean or earlier versions. In 2015, this comprised of more than 60% of Android devices, leading hackers to set an asking price of 40 Bitcoin or roughly $24,100 for the zero-day exploit.

“Detection of these zero-day exploits at an earlier stage can help organizations avoid an attack on their system or minimize the damage,” said the researchers.

In this case, for instance, the researchers noted an organization may decide to prioritize patching, updating or replacing certain systems using the Android operating system.

The students said they’re providing their findings to security professionals in hopes of supporting their strategic defense planning and identifying what zero-day exploits are being developed by hackers, as well as what vulnerabilities are targeted by the latest exploits.

The students said they are currently in the process of transitioning their operational system to a commercial partner.

Read the full research paper here: Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence (PDF).