1,060 research outputs found
Leadership in Action: How Top Hackers Behave A Big-Data Approach with Text-Mining and Sentiment Analysis
This paper examines hacker behavior in dark forums and identifies its significant predictors in the light of leadership theory for communities of practice. We combine techniques from online forum features as well as text-mining and sentiment-analysis of messages. We create a multinomial logistic regression model to achieve role-based hacker classification and validate our model with actual hacker forum data. We identify total number of messages, number of threads, hacker keyword frequency, and sentiments as the most significant predictors of expert hacker behavior. We also demonstrate that while disseminating technical knowledge, the hacker community follows Pareto principle. As a recommendation for future research, we build a unique keyword lexicon of the most significant terms derived by tf-idf measure. Such investigation of hacker behavior is particularly relevant for organizations in proactive prevention of cyber-attacks. Foresight on online hacker behavior can help businesses save losses from breaches and additional costs of attack-preventive measures
Network analysis of a darknet marketplace: Identifying themes and key users of illicit networks
The global cost of cybercrime is estimated to reach $10 trillion by 2025. To perpetuate cybercrime, cybercriminals often use darknet markets, which are online platforms where cybercriminals sell, purchase, and trade stolen products and hacking tools. This study is a research in progress that focuses on analyzing darknet markets to identify key actors and understand their networks, interactions, and emergent themes. The study hopes to increase our understanding of the nature of criminal activities, add to the literature, and provide insights that may help stakeholders build tools for disrupting or preventing activities on the darknet
CrimeBB: Enabling cybercrime research on underground forums at scale
Underground forums allow criminals to interact, exchange knowledge, and trade in products and services. They also provide a pathway into cybercrime, tempting the curious to join those already motivated to obtain easy money. Analysing these forums enables us to better understand the behaviours of offenders and pathways into crime. Prior research has been valuable, but limited by a reliance on datasets that are incomplete or outdated. More complete data, going back many years, allows for comprehensive research into the evolution of forums and their users. We describe CrimeBot, a crawler designed around the particular challenges of capturing data from underground forums. CrimeBot is used to update and maintain CrimeBB, a dataset of more than 48m posts made from 1m accounts in 4 different operational forums over a decade. This dataset presents a new opportunity for large-scale and longitudinal analysis using up-to-date information. We illustrate the potential by presenting a case study using CrimeBB, which analyses which activities lead new actors into engagement with cybercrime. CrimeBB is available to other academic researchers under a legal agreement, designed to prevent misuse and provide safeguards for ethical research
Characterizing eve: Analysing cybercrime actors in a large underground forum
Underground forums contain many thousands of active users, but the vast majority will be involved, at most, in minor levels of deviance. The number who engage in serious criminal activity is small. That being said, underground forums have played a significant role in several recent high-profile cybercrime activities. In this work we apply data science approaches to understand criminal pathways and characterize key actors related to illegal activity in one of the largest and longest- running underground forums. We combine the results of a logistic regression model with k-means clustering and social network analysis, verifying the findings using topic analysis. We identify variables relating to forum activity that predict the likelihood a user will become an actor of interest to law enforcement, and would therefore benefit the most from intervention. This work provides the first step towards identifying ways to deter the involvement of young people away from a career in cybercrime.Alan Turing Institut
RIPEx: Extracting malicious IP addresses from security forums using cross-forum learning
Is it possible to extract malicious IP addresses reported in security forums
in an automatic way? This is the question at the heart of our work. We focus on
security forums, where security professionals and hackers share knowledge and
information, and often report misbehaving IP addresses. So far, there have only
been a few efforts to extract information from such security forums. We propose
RIPEx, a systematic approach to identify and label IP addresses in security
forums by utilizing a cross-forum learning method. In more detail, the
challenge is twofold: (a) identifying IP addresses from other numerical
entities, such as software version numbers, and (b) classifying the IP address
as benign or malicious. We propose an integrated solution that tackles both
these problems. A novelty of our approach is that it does not require training
data for each new forum. Our approach does knowledge transfer across forums: we
use a classifier from our source forums to identify seed information for
training a classifier on the target forum. We evaluate our method using data
collected from five security forums with a total of 31K users and 542K posts.
First, RIPEx can distinguish IP address from other numeric expressions with 95%
precision and above 93% recall on average. Second, RIPEx identifies malicious
IP addresses with an average precision of 88% and over 78% recall, using our
cross-forum learning. Our work is a first step towards harnessing the wealth of
useful information that can be found in security forums.Comment: 12 pages, Accepted in n 22nd Pacific-Asia Conference on Knowledge
Discovery and Data Mining (PAKDD), 201
Cyber Infrastructure Protection: Vol. II
View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nationâs cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nationâs mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp
- âŠ