TY - GEN
T1 - Understanding and detecting private interactions in underground forums
AU - Sun, Zhibo
AU - Rubio-Medrano, Carlos E.
AU - Zhao, Ziming
AU - Bao, Tiffany
AU - Doupe, Adam
AU - Ahn, Gail-Joon
N1 - Publisher Copyright:
© 2019 Copyright held by the owner/author(s).
PY - 2019/3/13
Y1 - 2019/3/13
N2 - The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.
AB - The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.
KW - Private interaction analysis
KW - Private interaction detection
KW - Underground forums
UR - http://www.scopus.com/inward/record.url?scp=85063861796&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85063861796&partnerID=8YFLogxK
U2 - 10.1145/3292006.3300036
DO - 10.1145/3292006.3300036
M3 - Conference contribution
AN - SCOPUS:85063861796
T3 - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
SP - 303
EP - 314
BT - CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery, Inc
T2 - 9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
Y2 - 25 March 2019 through 27 March 2019
ER -