Tools for automated analysis of cybercriminal markets

Rebecca S. Portnoff, Jonathan K. Kummerfeld, Sadia Afroz, Taylor Berg-Kirkpatrick, Greg Durrett, Damon McCoy, Kirill Levchenko, Vern Paxson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Underground forums are widely used by criminals to buy and sell a host of stolen items, datasets, resources, and criminal services. These forums contain important resources for understanding cybercrime. However, the number of forums, their size, and the domain expertise required to understand the markets makes manual exploration of these forums unscalable. In this work, we propose an automated, top-down approach for analyzing underground forums. Our approach uses natural language processing and machine learning to automatically generate high-level information about underground forums, first identifying posts related to transactions, and then extracting products and prices. We also demonstrate, via a pair of case studies, how an analyst can use these automated approaches to investigate other categories of products and transactions. We use eight distinct forums to assess our tools: Antichat, Blackhat World, Carders, Darkode, Hack Forums, Hell, L33tCrew and Nulled. Our automated approach is fast and accurate, achieving over 80% accuracy in detecting post category, product, and prices.

Original languageEnglish (US)
Title of host publication26th International World Wide Web Conference, WWW 2017
PublisherInternational World Wide Web Conferences Steering Committee
Pages657-666
Number of pages10
ISBN (Print)9781450349130
DOIs
StatePublished - 2017
Externally publishedYes
Event26th International World Wide Web Conference, WWW 2017 - Perth, Australia
Duration: Apr 3 2017Apr 7 2017

Publication series

Name26th International World Wide Web Conference, WWW 2017

Other

Other26th International World Wide Web Conference, WWW 2017
Country/TerritoryAustralia
CityPerth
Period4/3/174/7/17

Keywords

  • Cybercrime
  • Machine learning/NLP
  • Measurement

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Tools for automated analysis of cybercriminal markets'. Together they form a unique fingerprint.

Cite this