Home

With the advent of the dark web, adversarial communities have been quietly and covertly industrializing their activities at a pace that traditional reactive responses struggle to keep up with. Highly secure and anonymous platforms now enable malicious actors to exchange ideas, techniques, and resources, and to buy and sell illicit goods at a global scale. This has created an evolving offensive "production pipeline" that often remains invisible until threats materialize, forcing organizations to react only after harm has already occurred. The CALSys Lab explores how artificial intelligence, machine learning, and social network analysis can be used to anticipate, assess, and prioritize emerging threats before they fully manifest, advancing research in AI for Threat Intelligence (ATI). A key source of early threat signals in our work is the dark web, where discussions, transactions, and coordination related to emerging threats often appear well in advance of observable incidents. By analyzing data from underground platforms—including dark web forums and marketplaces—together with public security and incident datasets, we develop predictive models that support proactive and forward-looking decision-making under uncertainty.

Current application domains include:

• Cyber-Threat Intelligence (CTI): modeling malicious hacker ecosystems to anticipate vulnerability exploitation, adversarial adoption, and the spread of emerging cyber threats.

• Drug-Threat Intelligence (DTI): modeling illicit market activity and related data to anticipate drug-trafficking patterns and drug-related criminal activity.

Directed by Dr. Ericsson Marin, the CALSys Lab advances an ATI framework designed to generalize across adversarial domains, enabling a shift from reactive threat response to proactive, predictive intelligence, with potential future extensions to settings such as terrorism-related activity. Visit the lab’s active projects to learn more about ongoing research.