Abstract

The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

Original languageEnglish (US)
Title of host publicationCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages303-314
Number of pages12
ISBN (Electronic)9781450360999
DOIs
StatePublished - Mar 13 2019
Event9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 - Richardson, United States
Duration: Mar 25 2019Mar 27 2019

Publication series

NameCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

Conference

Conference9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
CountryUnited States
CityRichardson
Period3/25/193/27/19

Fingerprint

Learning systems
Detectors

Keywords

  • Private interaction analysis
  • Private interaction detection
  • Underground forums

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Software

Cite this

Sun, Z., Rubio-Medrano, C. E., Zhao, Z., Bao, T., Doupe, A., & Ahn, G-J. (2019). Understanding and detecting private interactions in underground forums. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (pp. 303-314). (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3292006.3300036

Understanding and detecting private interactions in underground forums. / Sun, Zhibo; Rubio-Medrano, Carlos E.; Zhao, Ziming; Bao, Tiffany; Doupe, Adam; Ahn, Gail-Joon.

CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2019. p. 303-314 (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sun, Z, Rubio-Medrano, CE, Zhao, Z, Bao, T, Doupe, A & Ahn, G-J 2019, Understanding and detecting private interactions in underground forums. in CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 303-314, 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019, Richardson, United States, 3/25/19. https://doi.org/10.1145/3292006.3300036
Sun Z, Rubio-Medrano CE, Zhao Z, Bao T, Doupe A, Ahn G-J. Understanding and detecting private interactions in underground forums. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2019. p. 303-314. (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). https://doi.org/10.1145/3292006.3300036
Sun, Zhibo ; Rubio-Medrano, Carlos E. ; Zhao, Ziming ; Bao, Tiffany ; Doupe, Adam ; Ahn, Gail-Joon. / Understanding and detecting private interactions in underground forums. CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2019. pp. 303-314 (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy).
@inproceedings{ad4746d8ff6e4a5ea3124011daeb255d,
title = "Understanding and detecting private interactions in underground forums",
abstract = "The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.",
keywords = "Private interaction analysis, Private interaction detection, Underground forums",
author = "Zhibo Sun and Rubio-Medrano, {Carlos E.} and Ziming Zhao and Tiffany Bao and Adam Doupe and Gail-Joon Ahn",
year = "2019",
month = "3",
day = "13",
doi = "10.1145/3292006.3300036",
language = "English (US)",
series = "CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy",
publisher = "Association for Computing Machinery, Inc",
pages = "303--314",
booktitle = "CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy",

}

TY - GEN

T1 - Understanding and detecting private interactions in underground forums

AU - Sun, Zhibo

AU - Rubio-Medrano, Carlos E.

AU - Zhao, Ziming

AU - Bao, Tiffany

AU - Doupe, Adam

AU - Ahn, Gail-Joon

PY - 2019/3/13

Y1 - 2019/3/13

N2 - The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

AB - The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

KW - Private interaction analysis

KW - Private interaction detection

KW - Underground forums

UR - http://www.scopus.com/inward/record.url?scp=85063861796&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063861796&partnerID=8YFLogxK

U2 - 10.1145/3292006.3300036

DO - 10.1145/3292006.3300036

M3 - Conference contribution

T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

SP - 303

EP - 314

BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

ER -