Understanding and detecting private interactions in underground forums

Zhibo Sun; Carlos E. Rubio-Medrano; Ziming Zhao; Tiffany Bao; Adam Doupe; Gail-Joon Ahn

doi:10.1145/3292006.3300036

Understanding and detecting private interactions in underground forums

Zhibo Sun, Carlos E. Rubio-Medrano, Ziming Zhao, Tiffany Bao, Adam Doupe, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Scopus citations

Abstract

The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

Original language	English (US)
Title of host publication	CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	303-314
Number of pages	12
ISBN (Electronic)	9781450360999
DOIs	https://doi.org/10.1145/3292006.3300036
State	Published - Mar 13 2019
Event	9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 - Richardson, United States Duration: Mar 25 2019 → Mar 27 2019

Publication series

Name	CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

Conference

Conference	9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
Country/Territory	United States
City	Richardson
Period	3/25/19 → 3/27/19

Keywords

Private interaction analysis
Private interaction detection
Underground forums

ASJC Scopus subject areas

Information Systems
Computer Science Applications
Software

Access to Document

10.1145/3292006.3300036

Cite this

Sun, Z., Rubio-Medrano, C. E., Zhao, Z., Bao, T., Doupe, A., & Ahn, G.-J. (2019). Understanding and detecting private interactions in underground forums. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (pp. 303-314). (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/3292006.3300036

Understanding and detecting private interactions in underground forums. / Sun, Zhibo; Rubio-Medrano, Carlos E.; Zhao, Ziming et al.
CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2019. p. 303-314 (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sun, Z, Rubio-Medrano, CE, Zhao, Z, Bao, T, Doupe, A & Ahn, G-J 2019, Understanding and detecting private interactions in underground forums. in CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 303-314, 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019, Richardson, United States, 3/25/19. https://doi.org/10.1145/3292006.3300036

Sun Z, Rubio-Medrano CE, Zhao Z, Bao T, Doupe A , Ahn GJ. Understanding and detecting private interactions in underground forums. In CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2019. p. 303-314. (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3292006.3300036

Sun, Zhibo ; Rubio-Medrano, Carlos E. ; Zhao, Ziming et al. / Understanding and detecting private interactions in underground forums. CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2019. pp. 303-314 (CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy).

@inproceedings{ad4746d8ff6e4a5ea3124011daeb255d,

title = "Understanding and detecting private interactions in underground forums",

abstract = "The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.",

keywords = "Private interaction analysis, Private interaction detection, Underground forums",

author = "Zhibo Sun and Rubio-Medrano, {Carlos E.} and Ziming Zhao and Tiffany Bao and Adam Doupe and Gail-Joon Ahn",

note = "Publisher Copyright: {\textcopyright} 2019 Copyright held by the owner/author(s).; 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 ; Conference date: 25-03-2019 Through 27-03-2019",

year = "2019",

month = mar,

day = "13",

doi = "10.1145/3292006.3300036",

language = "English (US)",

series = "CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "303--314",

booktitle = "CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy",

}

TY - GEN

T1 - Understanding and detecting private interactions in underground forums

AU - Sun, Zhibo

AU - Rubio-Medrano, Carlos E.

AU - Zhao, Ziming

AU - Bao, Tiffany

AU - Doupe, Adam

AU - Ahn, Gail-Joon

PY - 2019/3/13

Y1 - 2019/3/13

N2 - The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

AB - The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

KW - Private interaction analysis

KW - Private interaction detection

KW - Underground forums

UR - http://www.scopus.com/inward/record.url?scp=85063861796&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063861796&partnerID=8YFLogxK

U2 - 10.1145/3292006.3300036

DO - 10.1145/3292006.3300036

M3 - Conference contribution

AN - SCOPUS:85063861796

T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

SP - 303

EP - 314

BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

T2 - 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019

Y2 - 25 March 2019 through 27 March 2019

ER -

Understanding and detecting private interactions in underground forums

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this