TY - GEN
T1 - Tools for automated analysis of cybercriminal markets
AU - Portnoff, Rebecca S.
AU - Kummerfeld, Jonathan K.
AU - Afroz, Sadia
AU - Berg-Kirkpatrick, Taylor
AU - Durrett, Greg
AU - McCoy, Damon
AU - Levchenko, Kirill
AU - Paxson, Vern
N1 - Funding Information:
This work was supported in part by the National Science Foundation under grants CNS-1237265 and CNS-1619620, by the Office of Naval Research under MURI grant N000140911081, by the Center for Long-Term Cybersecurity and by gifts from Google. We thank all the people that provided us with forum data for our analysis; in particular Scraping Hub and SRI for their assistance in collecting data for this study. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.
Publisher Copyright:
© 2017 International World Wide Web Conference Committee (IW3C2)
PY - 2017
Y1 - 2017
N2 - Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, and criminal services. These forums contain important resources for understanding cybercrime. However, the number of forums, their size, and the domain expertise required to understand the markets makes manual exploration of these forums unscalable. In this work, we propose an automated, top-down approach for analyzing underground forums. Our approach uses natural language processing and machine learning to automatically generate high-level information about underground forums, first identifying posts related to transactions, and then extracting products and prices. We also demonstrate, via a pair of case studies, how an analyst can use these automated approaches to investigate other categories of products and transactions. We use eight distinct forums to assess our tools: Antichat, Blackhat World, Carders, Darkode, Hack Forums, Hell, L33tCrew and Nulled. Our automated approach is fast and accurate, achieving over 80% accuracy in detecting post category, product, and prices.
AB - Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, and criminal services. These forums contain important resources for understanding cybercrime. However, the number of forums, their size, and the domain expertise required to understand the markets makes manual exploration of these forums unscalable. In this work, we propose an automated, top-down approach for analyzing underground forums. Our approach uses natural language processing and machine learning to automatically generate high-level information about underground forums, first identifying posts related to transactions, and then extracting products and prices. We also demonstrate, via a pair of case studies, how an analyst can use these automated approaches to investigate other categories of products and transactions. We use eight distinct forums to assess our tools: Antichat, Blackhat World, Carders, Darkode, Hack Forums, Hell, L33tCrew and Nulled. Our automated approach is fast and accurate, achieving over 80% accuracy in detecting post category, product, and prices.
KW - Cybercrime
KW - Machine learning/NLP
KW - Measurement
UR - http://www.scopus.com/inward/record.url?scp=85038638452&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85038638452&partnerID=8YFLogxK
U2 - 10.1145/3038912.3052600
DO - 10.1145/3038912.3052600
M3 - Conference contribution
AN - SCOPUS:85038638452
SN - 9781450349130
T3 - 26th International World Wide Web Conference, WWW 2017
SP - 657
EP - 666
BT - 26th International World Wide Web Conference, WWW 2017
PB - International World Wide Web Conferences Steering Committee
T2 - 26th International World Wide Web Conference, WWW 2017
Y2 - 3 April 2017 through 7 April 2017
ER -