Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance

Governing cyber security through networks : an analysis of cyber security coordination in Belgium

While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance

Network analysis of a darknet marketplace: Identifying themes and key users of illicit networks

The global cost of cybercrime is estimated to reach $10 trillion by 2025. To perpetuate cybercrime, cybercriminals often use darknet markets, which are online platforms where cybercriminals sell, purchase, and trade stolen products and hacking tools. This study is a research in progress that focuses on analyzing darknet markets to identify key actors and understand their networks, interactions, and emergent themes. The study hopes to increase our understanding of the nature of criminal activities, add to the literature, and provide insights that may help stakeholders build tools for disrupting or preventing activities on the darknet

Leadership in Action: How Top Hackers Behave A Big-Data Approach with Text-Mining and Sentiment Analysis

This paper examines hacker behavior in dark forums and identifies its significant predictors in the light of leadership theory for communities of practice. We combine techniques from online forum features as well as text-mining and sentiment-analysis of messages. We create a multinomial logistic regression model to achieve role-based hacker classification and validate our model with actual hacker forum data. We identify total number of messages, number of threads, hacker keyword frequency, and sentiments as the most significant predictors of expert hacker behavior. We also demonstrate that while disseminating technical knowledge, the hacker community follows Pareto principle. As a recommendation for future research, we build a unique keyword lexicon of the most significant terms derived by tf-idf measure. Such investigation of hacker behavior is particularly relevant for organizations in proactive prevention of cyber-attacks. Foresight on online hacker behavior can help businesses save losses from breaches and additional costs of attack-preventive measures

Detecting Poisoning Attacks on Hierarchical Malware Classification Systems

Anti-virus software based on unsupervised hierarchical clustering (HC) of malware samples has been shown to be vulnerable to poisoning attacks. In this kind of attack, a malicious player degrades anti-virus performance by submitting to the database samples specifically designed to collapse the classification hierarchy utilized by the anti-virus (and constructed through HC) or otherwise deform it in a way that would render it useless. Though each poisoning attack needs to be tailored to the particular HC scheme deployed, existing research seems to indicate that no particular HC method by itself is immune. We present results on applying a new notion of entropy for combinatorial dendrograms to the problem of controlling the influx of samples into the data base and deflecting poisoning attacks. In a nutshell, effective and tractable measures of change in hierarchy complexity are derived from the above, enabling on-the-fly flagging and rejection of potentially damaging samples. The information-theoretic underpinnings of these measures ensure their indifference to which particular poisoning algorithm is being used by the attacker, rendering them particularly attractive in this setting

Indicadores reticulares para la detección de abonados telefónicos potencialmente relevantes en el marco de investigaciones judiciales

En el marco de las investigaciones judiciales, resulta habitual la utilización de datos de telecomunicaciones como fuente de información preliminar y/o probatoria sobre grupos de criminalidad compleja. Los agentes judiciales, en gran medida, están acostumbrados a la recolección de datos telefónicos, pero no así a su procesamiento y análisis. Esta situación se agrava más día a día con la explosión de grandes volúmenes de información. Para dar respuesta a esta dificultad, y dentro de una dependencia judicial abocada al desarrollo de pericias interdisciplinarias para el apoyo a la investigación penal, se conformó un equipo al cual pertenezco que realiza procedimientos de preparación y consolidación de la información a través de bases de datos relacionales y los analiza posteriormente mediante el análisis de redes sociales (ARS). Dado que una de las características específicas de las redes criminales está dada por el hecho que los actores dentro de un grupo criminal procuran no dejar rastros de sus interacciones, la utilización de indicadores reticulares provee de trazabilidad, eficiencia y rigurosidad, todos ellos valores que no se pueden obviar por ser relevantes en el proceso penal. En ese sentido, los algoritmos de centralidad parecen vincularse de forma específica con determinados roles dentro de una organización criminal. La centralidad de grado es el indicador más intuitivo y se correlaciona con aquellos actores más visibles para el accionar judicial. La centralidad de intermediación, al ser una medida dependiente de la estructura global de la red, resulta ya más difícil de elucidar para el operador judicial, brindando información de potencial interés. Por último, la conjunción de ambos brinda el índice de centralidad combinada cuyo objetivo es detectar “jugadores claves”, es decir, aquellos nodos con pocos vínculos, pero de mayor calidad, arrojando los resultados más interesantes por contraintuitivos y, por ende, la más provechosa fuente de información para la investigación penal.GT69. Antropología aplicada y modelos complejos: expandiendo la frontera metodológica.Universidad Nacional de La Plat