Automated Analysis of Underground Marketplaces

Cyber crime, such as theft of credentials or credit card fraud has emerged as a new type of crime in recent years. Cyber criminals usually attack Internet services to steal sensitive data and operate in crowded online underground marketplaces. Crime investigators and digital forensics are trying to detect and analyze these marketplaces. However, due to the lack of efficient and reliable methods to detect underground marketplaces, investigators have to analyze those channels manually. This is a complex and time-consuming task that is associated with high financial costs. In this work, we demonstrate how machine-learning algorithms can be efficiently used to automatically determine whether a communication channel is used as an underground marketplace. Our approach includes specific design features related to the context domain of cyber crime and can be used to reliably detect and observe marketplaces of the underground economy. The manual effort is significantly reduced, leading to lower financial costs, less time required and higher efficiency. We implemented a prototype that classified 51,3 million messagesamples correctly which implicates that machine learning can be efficiently used for a forensic analysis of underground marketplaces.