CHIN-LAUNG LEIYang, Wei ChiehWei ChiehYangMENG-HAN TSAIWang, Ming HungMing HungWang2019-09-092019-09-092019-01-01978981139189718650929https://scholars.lib.ntu.edu.tw/handle/123456789/424335© Springer Nature Singapore Pte Ltd. 2019. As the emerging threats of cybercriminals in recent years, how to efficiently and economically identify stealthy activities and attacks to avoid sensitive information leakage has been an important issue. However, due to business confidentiality and a lack of trust among information sharing, such valuable information is not exchanged transparently and not well utilized so far. In this study, we propose a hybrid method for internal threat identification. Our method leverages external open-source intelligence and applies it to internal network activities to uncover potential hacking campaigns among the network. We present the method consisting of collecting external intelligence, detecting internal infections, and identifying threats. We conduct our experiment under a tier-1 network in Taiwan. From the results, our method successfully identifies a number of famous hacking groups which are underneath threats in the large-scale network.Advanced persistent threat | Malicious domain names | Open source intelligence | Sinkhole server[SDGs]SDG16conference paper10.1007/978-981-13-9190-3_682-s2.0-85069687715https://api.elsevier.com/content/abstract/scopus_id/85069687715