Conference proceeding
Understanding and Detecting Private Interactions in Underground Forums
PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19), pp 303-314
01 Jan 2019
Abstract
The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations.
In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.
Metrics
Details
- Title
- Understanding and Detecting Private Interactions in Underground Forums
- Creators
- Zhibo Sun - Arizona State UniversityCarlos E. Rubio-Medrano - Arizona State UniversityZiming Zhao - Rochester Institute of TechnologyTiffany Bao - Arizona State UniversityAdam Doupe - Arizona State UniversityGail-Joon Ahn - Samsung (United States)ACM
- Publication Details
- PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19), pp 303-314
- Publisher
- Assoc Computing Machinery
- Number of pages
- 12
- Grant note
- Center for Cybersecurity and Digital Forensics at Arizona State University U.S. Army Research Laboratory; United States Department of Defense; US Army Research Laboratory (ARL)
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Web of Science ID
- WOS:000470891000031
- Scopus ID
- 2-s2.0-85063861796
- Other Identifier
- 991021871293304721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- Web of Science research areas
- Computer Science, Information Systems