research-article

Understanding and Predicting Private Interactions in Underground Forums

Authors:

Carlos E. Rubio-Medrano,

Gail-Joon AhnAuthors Info & Claims

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

Pages 303 - 314

https://doi.org/10.1145/3292006.3300036

Published: 13 March 2019 Publication History

Abstract

The studies on underground forums and marketplaces have significantly advanced our understandings of cybercrime workflows and underground economies. Researchers of underground economies have conducted comprehensive studies on public interactions. However, little research focuses on private interactions. The lack of the investigation on private interactions may cause misunderstandings on underground economies, as users in underground forums and marketplaces tend to share the minimal amount of information in public interactions and resort to private messages for follow-up conversations. In this paper, we propose methods to investigate the underground private interactions and we analyze a recently leaked dataset from Nulled.io. We present analyses on the contents and purposes of private messages. In addition, we design machine learning-based models that only use the publicly available information to detect if two underground users privately communicate with each other. Finally, we perform adversarial analysis to evaluate the robustness of the detector to different types of attacks.

References

[1]

Sadia Afroz, Vaibhav Garg, Damon McCoy, and Rachel Greenstadt. 2013. Honor among thieves: A common's analysis of cybercrime economies. In eCrime Researchers Summit (eCRS) .

[2]

Sadia Afroz, Aylin Caliskan Islam, Ariel Stolerman, Rachel Greenstadt, and Damon McCoy. 2014. Doppelg"anger finder: Taking stylometry to the underground. In Proceedings of the IEEE Symposium on Security and Privacy .

Digital Library

[3]

Mohammad Al Hasan, Vineet Chaoji, Saeed Salem, and Mohammed Zaki. 2006. Link prediction using supervised learning. In SDM06: workshop on link analysis, counter-terrorism and security .

[4]

Mohammad Al Hasan and Mohammed J Zaki. 2011. A survey of link prediction in social networks. Social network data analytics .

[5]

Mostafa D Awheda and Howard M Schwartz. 2016. A fuzzy reinforcement learning algorithm using a predictor for pursuit-evasion games. In Proceedings of the IEEE International Systems Conference (SysCon) .

[6]

Fabricio Benevenuto, Gabriel Magno, Tiago Rodrigues, and Virgilio Almeida. 2010. Detecting spammers on twitter. In Collaboration, electronic messaging, anti-abuse and spam conference (CEAS) .

[7]

Fabr'icio Benevenuto, Tiago Rodrigues, Meeyoung Cha, and Virg'ilio Almeida. 2009. Characterizing user behavior in online social networks. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement (IMC) .

Digital Library

[8]

Moira Burke and Robert E Kraut. 2014. Growing closer on facebook: changes in tie strength through social network site use. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI) .

Digital Library

[9]

Yinzhi Cao and Junfeng Yang. 2015. Towards making systems forget with machine unlearning. In Proceedings of the IEEE Symposium on Security and Privacy .

Digital Library

[10]

Nitesh V Chawla. 2009. Data mining for imbalanced datasets: An overview. Data mining and knowledge discovery handbook .

[11]

Hsinchun Chen, Xin Li, and Zan Huang. 2005. Link prediction approach to collaborative filtering. In Proceedings of the ACM/IEEE-CS Joint Conference on Digital Libraries (JCDL) .

Digital Library

[12]

Lingwei Chen, Yanfang Ye, and Thirimachos Bourlai. 2017. Adversarial Machine Learning in Malware Detection: Arms Race between Evasion Attack and Defense. In Proceedings of the IEEE European Intelligence and Security Informatics Conference (EISIC) .

[13]

Nicolas Christin. 2013. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. In Proceedings of the International World Wide Web Conference (WWW) .

Digital Library

[14]

Aaron Clauset, Cristopher Moore, and Mark EJ Newman. 2008. Hierarchical structure and the prediction of missing links in networks. Nature (2008).

[15]

Jana Diesner and Kathleen M Carley. 2005. Revealing social structure from texts: meta-matrix text analysis as a novel method for network text analysis. Causal mapping for research in information technology .

[16]

Yuxiao Dong, Jie Tang, Sen Wu, Jilei Tian, Nitesh V Chawla, Jinghai Rao, and Huanhuan Cao. 2012. Link prediction and recommendation across heterogeneous social networks. In Proceedings of the IEEE International Conference on Data Mining (ICDM) .

Digital Library

[17]

Greg Durrett, Jonathan K Kummerfeld, Taylor Berg-Kirkpatrick, Rebecca S Portnoff, Sadia Afroz, Damon McCoy, Kirill Levchenko, and Vern Paxson. 2017. Identifying Products in Online Cybercrime Marketplaces: A Dataset for Fine-grained Domain Adaptation. arXiv preprint arXiv:1708.09609 (2017).

[18]

Nicole B Ellison, Charles Steinfield, and Cliff Lampe. 2007. The benefits of Facebook “friends:” Social capital and college students' use of online social network sites. Journal of computer-mediated communication (2007).

[19]

Jason Franklin, Adrian Perrig, Vern Paxson, and Stefan Savage. 2007. An inquiry into the nature and causes of the wealth of internet miscreants. In Proceedings of the ACM Conference on Computer and Communications Security (CCS) .

Digital Library

[20]

Shuang Hao, Kevin Borgolte, Nick Nikiforakis, Gianluca Stringhini, Manuel Egele, Michael Eubanks, Brian Krebs, and Giovanni Vigna. 2015. Drops for stuff: An analysis of reshipping mule scams. In Proceedings of the ACM Conference on Computer and Communications Security (CCS) .

Digital Library

[21]

Thorsten Holz, Markus Engelberth, and Felix Freiling. 2009. Learning more about the underground economy: A case-study of keyloggers and dropzones. In Proceedings of the European Symposium on Research in Computer Security (ESORICS) .

Digital Library

[22]

Xia Hu, Lei Tang, Jiliang Tang, and Huan Liu. 2013. Exploiting social relations for sentiment analysis in microblogging. In Proceedings of the ACM International Conference on Web Search and Data Mining (WSDM) .

Digital Library

[23]

Haruna Isah, Daniel Neagu, and Paul Trundle. 2015. Bipartite network model for inferring hidden ties in crime data. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) .

Digital Library

[24]

Aamera ZH Khan, Mohammad Atique, and VM Thakare. 2015. Combining lexicon-based and learning-based methods for Twitter sentiment analysis. International Journal of Electronics, Communication and Soft Computing Science & Engineering (IJECSCSE) (2015).

[25]

Haewoon Kwak, Changhyun Lee, Hosung Park, and Sue Moon. 2010. What is Twitter, a social network or a news media?. In Proceedings of the International World Wide Web Conference (WWW) .

Digital Library

[26]

Cliff AC Lampe, Nicole Ellison, and Charles Steinfield. 2007. A familiar face (book): profile elements as signals in an online social network. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI) .

Digital Library

[27]

David Liben-Nowell and Jon Kleinberg. 2007. The link-prediction problem for social networks. journal of the Association for Information Science and Technology (2007).

Digital Library

[28]

Kar Wai Lim, Changyou Chen, and Wray Buntine. 2016. Twitter-network topic model: A full Bayesian treatment for social network and text modeling. arXiv preprint arXiv:1609.06791 (2016).

[29]

Kuan-Yu Lin and Hsi-Peng Lu. 2011. Why people use social networking sites: An empirical study integrating network externalities and motivation theory. Computers in human behavior (2011).

Digital Library

[30]

Bing Liu and Lei Zhang. 2012. A survey of opinion mining and sentiment analysis. Mining text data .

[31]

Caroline Lo, Dan Frankowski, and Jure Leskovec. 2016. Understanding behaviors that lead to purchasing: A case study of pinterest. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD) .

Digital Library

[32]

Andrew McCallum, Andres Corrada-Emmanuel, and Xuerui Wang. 2005. Topic and Role Discovery in Social Networks. In Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI) .

Digital Library

[33]

Ajay Modi, Zhibo Sun, Anupam Panwar, Tejas Khairnar, Ziming Zhao, Adam Doupé, Gail-Joon Ahn, and Paul Black. 2016. Towards automated threat intelligence fusion. In Proceedings of the IEEE International Conference on Collaboration and Internet Computing (CIC) .

[34]

Meredith Ringel Morris, Jaime Teevan, and Katrina Panovich. 2010. What do people ask their social networks, and why?: a survey study of status message q&a behavior. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (CHI) .

Digital Library

[35]

Marti Motoyama, Damon McCoy, Kirill Levchenko, Stefan Savage, and Geoffrey M Voelker. 2011. An analysis of underground forums. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement (IMC) .

Digital Library

[36]

Mor Naaman, Jeffrey Boase, and Chih-Hui Lai. 2010. Is it really about me?: message content in social awareness streams. In Proceedings of the ACM Conference on Computer Supported Cooperative Work (CSCW) .

Digital Library

[37]

Minh-Thap Nguyen and Ee-Peng Lim. 2014. On predicting religion labels in microblogging networks. In Proceedings of the ACM SIGIR Conference on Research & Development in Information Retrieval (SIGIR) .

Digital Library

[38]

Brendan O'Connor, Ramnath Balasubramanyan, Bryan R Routledge, Noah A Smith, et almbox. 2010. From tweets to polls: Linking text sentiment to public opinion time series. In Proceedings of the International AAAI Conference on Web and Social Media (ICWSM) .

[39]

Jaziar Radianti. 2010. A study of a social behavior inside the online black markets. In Proceedings of the International Conference on Emerging Security Information, Systems and Technologies (SECURWARE) .

Digital Library

[40]

Craig Ross, Emily S Orr, Mia Sisic, Jaime M Arseneault, Mary G Simmering, and R Robert Orr. 2009. Personality and motivations associated with Facebook use. Computers in human behavior (2009).

Digital Library

[41]

Salvatore Scellato, Anastasios Noulas, and Cecilia Mascolo. 2011. Exploiting place features in link prediction on location-based social networks. In Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD) .

Digital Library

[42]

Gwendolyn Seidman. 2013. Self-presentation and belonging on Facebook: How personality influences social media use and motivations. Personality and Individual Differences (2013).

[43]

Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna. 2011. The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns. LEET (2011).

Digital Library

[44]

Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, and Vern Paxson. 2013. Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. In Proceedings of the USENIX Security Symposium (USENIX) .

Digital Library

[45]

Dashun Wang, Dino Pedreschi, Chaoming Song, Fosca Giannotti, and Albert-Laszlo Barabasi. 2011. Human mobility, social ties, and link prediction. Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD) .

Digital Library

[46]

Ziming Zhao, Gail-Joon Ahn, Hongxin Hu, and Deepinder Mahi. 2012. SocialImpact: systematic analysis of underground social dynamics. In Proceedings of the European Symposium on Research in Computer Security (ESORICS) .

[47]

Ziming Zhao, Mukund Sankaran, Gail-Joon Ahn, Thomas J Holt, Yiming Jing, and Hongxin Hu. 2016. Mules, Seals, and Attacking Tools: Analyzing 12 Online Marketplaces. IEEE Security & Privacy (2016).

[48]

Juan Zheng, Zhimin He, and Zhe Lin. 2017. Hybrid adversarial sample crafting for black-box evasion attack. In Proceedings of the IEEE International Conference on Wavelet Analysis and Pattern Recognition (ICWAPR) .

[49]

Yilu Zhou, Edna Reid, Jialun Qin, Hsinchun Chen, and Guanpi Lai. 2005. US domestic extremist groups on the Web: link and content analysis. IEEE intelligent systems (2005).

Digital Library

Cited By

Hughes JPastrana SHutchings AAfroz SSamtani SLi WMarin E(2024)The Art of Cybercrime Community ResearchACM Computing Surveys10.1145/3639362Online publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1145/3639362
Zaeifi MKalantari FOest ASun ZAhn GShoshitaishvili YBao TWang RDoupé AVilela JSchulmann HLi N(2024)Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial EcosystemProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653266(55-65)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653266
Gnielka FReichel RBlokland ADaser Ade Boer MGannon CSchmidt ASchäfer THuikuri SStaciwa KLehmann R(2024)Missing the mark? Identifying child sexual abuse material forum structure and key-players based on public replies and private messaging networksHumanities and Social Sciences Communications10.1057/s41599-024-03954-x11:1Online publication date: 2-Nov-2024
https://doi.org/10.1057/s41599-024-03954-x
Show More Cited By

Index Terms

Understanding and Predicting Private Interactions in Underground Forums
1. Information systems
  1. World Wide Web
    1. Web mining
      1. Data extraction and integration
        Deep web
2. Security and privacy
  1. Software and application security
    1. Social network security and privacy

Recommendations

An analysis of underground forums
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Underground forums, where participants exchange information on abusive tactics and engage in the sale of illegal goods and services, are a form of online social network (OSN). However, unlike traditional OSNs such as Facebook, in underground forums the ...
Understanding environmental factors associated with cyanobacterial bloom
EMS '07: Proceedings of the Third IASTED International Conference on Environmental Modelling and Simulation

Occurrences of cyanobacterial abundance and their consequence in toxin produced by the bloom-forming cyanobacterium Microcystis aeruginosa were studied based on the data collected from 2003 to 2005 in the Wingecarribee reservoir, New South Wales, ...
Utilization of Oil Shale Retorting Technology and Underground Overview
CDCIEM '11: Proceedings of the 2011 International Conference on Computer Distributed Control and Intelligent Environmental Monitoring

The paper analyzes the world's oil shale development and status of underground dry distillation technology and, through case studies proved the advantages of underground dry distillation technology. Global oil shale resource-rich, many countries in the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

March 2019

373 pages

ISBN:9781450360999

DOI:10.1145/3292006

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Bhavani Thuraisingham
University of Texas at Dallas, USA
,
Program Chairs:
Murat Kantarcioglu
University of Texas at Dallas, USA
,
Ram Krishnan
University of Texas at San Antonio, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Center for Cybersecurity and Digital Forensics at Arizona State University
U.S. Army Research Laboratory

Conference

CODASPY '19

Sponsor:

SIGSAC

CODASPY '19: Ninth ACM Conference on Data and Application Security and Privacy

March 25 - 27, 2019

Texas, Richardson, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
530
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)3

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hughes JPastrana SHutchings AAfroz SSamtani SLi WMarin E(2024)The Art of Cybercrime Community ResearchACM Computing Surveys10.1145/3639362Online publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1145/3639362
Zaeifi MKalantari FOest ASun ZAhn GShoshitaishvili YBao TWang RDoupé AVilela JSchulmann HLi N(2024)Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial EcosystemProceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy10.1145/3626232.3653266(55-65)Online publication date: 19-Jun-2024
https://dl.acm.org/doi/10.1145/3626232.3653266
Gnielka FReichel RBlokland ADaser Ade Boer MGannon CSchmidt ASchäfer THuikuri SStaciwa KLehmann R(2024)Missing the mark? Identifying child sexual abuse material forum structure and key-players based on public replies and private messaging networksHumanities and Social Sciences Communications10.1057/s41599-024-03954-x11:1Online publication date: 2-Nov-2024
https://doi.org/10.1057/s41599-024-03954-x
Di Tizio GSiu GHutchings AMassacci F(2023)A Graph-Based Stratified Sampling Methodology for the Analysis of (Underground) ForumsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.330442418(5473-5483)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3304424
Burroughs JTereszkowski-Kaminski MSuarez-Tangil G(2023)Visualizing Cyber-Threats in Underground Forums2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00032(244-258)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00032
Tazi FShrestha SDe La Cruz JDas S(2022)SoK: An Evaluation of the Secure End User Experience on the Dark Net through Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20200182:2(329-357)Online publication date: 27-May-2022
https://doi.org/10.3390/jcp2020018
Pete IHughes JCaines AVu AGupta HHutchings AAnderson RButtery P(2022)PostCog: A tool for interdisciplinary research into underground forums at scale2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW55150.2022.00016(93-104)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSPW55150.2022.00016
Zhang POest ACho HSun ZJohnson RWardman BSarker SKapravelos ABao TWang RShoshitaishvili YDoupé AAhn G(2021)CrawlPhish: Large-scale Analysis of Client-side Cloaking Techniques in Phishing2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00021(1109-1124)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00021
Vu AHughes JPete ICollier BChua YShumailov IHutchings A(2020)Turning Up the DialProceedings of the ACM Internet Measurement Conference10.1145/3419394.3423636(551-566)Online publication date: 27-Oct-2020
https://dl.acm.org/doi/10.1145/3419394.3423636
Bitaab MCho HOest AZhang PSun ZPourmohamad RKim DBao TWang RShoshitaishvili YDoupe AAhn G(2020)Scam Pandemic: How Attackers Exploit Public Fear through Phishing2020 APWG Symposium on Electronic Crime Research (eCrime)10.1109/eCrime51433.2020.9493260(1-10)Online publication date: 16-Nov-2020
https://doi.org/10.1109/eCrime51433.2020.9493260

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents