TY - GEN
T1 - Exploring the Evolution of Exploit-Sharing Hackers
T2 - 19th Annual IEEE International Conference on Intelligence and Security Informatics, ISI 2021
AU - Otto, Kaeli
AU - Ampel, Benjamin
AU - Samtani, Sagar
AU - Zhu, Hongyi
AU - Chen, Hsinchun
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Cybercrime was estimated to cost the global economy 945 billion in 2020. Increasingly, law enforcement agencies are using social network analysis (SNA) to identify key hackers from Dark Web hacker forums for targeted investigations. However, past approaches have primarily focused on analyzing key hackers at a single point in time and use a hacker's structural features only. In this study, we propose a novel Hacker Evolution Identification Framework to identify how hackers evolve within hacker forums. The proposed framework has two novelties in its design. First, the framework captures features such as user statistics, node-level metrics, lexical measures, and post style, when representing each hacker with unsupervised graph embedding methods. Second, the framework incorporates mechanisms to align embedding spaces across multiple time-spells of data to facilitate analysis of how hackers evolve over time. Two experiments were conducted to assess the performance of prevailing graph embedding algorithms and nodal feature variations in the task of graph reconstruction in five time-spells. Results of our experiments indicate that Text-Associated Deep-Walk (TADW) with all of the proposed nodal features outperforms methods without nodal features in terms of Mean Average Precision in each time-spell. We illustrate the potential practical utility of the proposed framework with a case study on an English forum with 51,612 posts. The results produced by the framework in this case study identified key hackers posting piracy assets.
AB - Cybercrime was estimated to cost the global economy 945 billion in 2020. Increasingly, law enforcement agencies are using social network analysis (SNA) to identify key hackers from Dark Web hacker forums for targeted investigations. However, past approaches have primarily focused on analyzing key hackers at a single point in time and use a hacker's structural features only. In this study, we propose a novel Hacker Evolution Identification Framework to identify how hackers evolve within hacker forums. The proposed framework has two novelties in its design. First, the framework captures features such as user statistics, node-level metrics, lexical measures, and post style, when representing each hacker with unsupervised graph embedding methods. Second, the framework incorporates mechanisms to align embedding spaces across multiple time-spells of data to facilitate analysis of how hackers evolve over time. Two experiments were conducted to assess the performance of prevailing graph embedding algorithms and nodal feature variations in the task of graph reconstruction in five time-spells. Results of our experiments indicate that Text-Associated Deep-Walk (TADW) with all of the proposed nodal features outperforms methods without nodal features in terms of Mean Average Precision in each time-spell. We illustrate the potential practical utility of the proposed framework with a case study on an English forum with 51,612 posts. The results produced by the framework in this case study identified key hackers posting piracy assets.
KW - Hacker forums
KW - hacker evolution
KW - social network analysis
KW - unsupervised graph embedding
UR - http://www.scopus.com/inward/record.url?scp=85123498152&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85123498152&partnerID=8YFLogxK
U2 - 10.1109/ISI53945.2021.9624846
DO - 10.1109/ISI53945.2021.9624846
M3 - Conference contribution
AN - SCOPUS:85123498152
T3 - Proceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
BT - Proceedings - 2021 IEEE International Conference on Intelligence and Security Informatics, ISI 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 2 November 2021 through 3 November 2021
ER -