TY - GEN
T1 - Mining key-hackers on darkweb forums
AU - Marin, Ericsson
AU - Shakarian, Jana
AU - Shakarian, Paulo
N1 - Funding Information:
Some of the authors were supported by the Office of Naval Research (ONR) contract N00014-15-1-2742
Publisher Copyright:
© 2018 IEEE.
PY - 2018/5/25
Y1 - 2018/5/25
N2 - Recently, there is an interest in studying cyber crime from a hacker-centric perspective, whose insight is to locate key-hackers and use them to find credible threat intelligence. However, the great majority of users present in hacking environments seem to be unskilled or have fleeting interests, making the identification of key-hackers a complex problem. Moreover, as ground truth information is rare in this context, there is a lack of a method to validate the results. Thus, previous work neglected this validation step or had it done manually-by hiring qualified security specialists. In this work, we address the key-hacker identification problem including a systematic method based on reputation to validate the results. Particularly, we study how three different approaches-content, social network and seniority-based analysis-perform individually and combined to identify key-hackers on darkweb forums, aiming to confirm the following two hypotheses: 1) a hybridization of these approaches tends to produce better results when compared to the individual ones; 2) a model conceived to identify key-hackers in one forum can be generalized to other forums that lack a user reputation system or have a deficient one. We conduct our experiments using a carefully selected set of features, showing how an optimization metaheuristic obtains better performance when compared to machine learning algorithms that attempt to identify key-hackers.
AB - Recently, there is an interest in studying cyber crime from a hacker-centric perspective, whose insight is to locate key-hackers and use them to find credible threat intelligence. However, the great majority of users present in hacking environments seem to be unskilled or have fleeting interests, making the identification of key-hackers a complex problem. Moreover, as ground truth information is rare in this context, there is a lack of a method to validate the results. Thus, previous work neglected this validation step or had it done manually-by hiring qualified security specialists. In this work, we address the key-hacker identification problem including a systematic method based on reputation to validate the results. Particularly, we study how three different approaches-content, social network and seniority-based analysis-perform individually and combined to identify key-hackers on darkweb forums, aiming to confirm the following two hypotheses: 1) a hybridization of these approaches tends to produce better results when compared to the individual ones; 2) a model conceived to identify key-hackers in one forum can be generalized to other forums that lack a user reputation system or have a deficient one. We conduct our experiments using a carefully selected set of features, showing how an optimization metaheuristic obtains better performance when compared to machine learning algorithms that attempt to identify key-hackers.
KW - Cybersecurity
KW - Darkweb forums
KW - Key hackers
KW - Machine learning
KW - Optimization
KW - User reputation
UR - http://www.scopus.com/inward/record.url?scp=85048570527&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048570527&partnerID=8YFLogxK
U2 - 10.1109/ICDIS.2018.00018
DO - 10.1109/ICDIS.2018.00018
M3 - Conference contribution
AN - SCOPUS:85048570527
T3 - Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018
SP - 73
EP - 80
BT - Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 1st International Conference on Data Intelligence and Security, ICDIS 2018
Y2 - 8 April 2018 through 10 April 2018
ER -