Illegal or immoral use of the computer or its resources is cyber crime. It includes unauthorized access to private pages, stealing credit card information, piracy etc. As the cyber crimes are increasing day by day, it's affecting the industry on a large scale. Existing Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and anti-malware system rely on low level network traffic features on program code signatures to detect cyber attacks. However, since hackers can constantly change their attack tactics by, it is extremely difficult for the existing security solutions to detect cyber attacks.
Recent studies reveal that cyber criminals tend to transact cyber-attack tools via the "dark markets" established in online social media. This gives opportunities for researchers to tap into these cyber criminal communities. This paper mainly focuses on the development of a cyber criminal network mining method which facilitates cyber crime forensics from online social media. The proposed method is weakly supervised and is supported by a probabilistic generative model enhanced by a context-sensitive Gibbs sampling algorithm. This helps to develop better insights about cyber crime activities so that the ever increasing number of cyber crimes can be prevented to a certain extend. The experimental results reveal that the proposed method significantly outperforms the Latent Dirichlet Allocation (LDA) based method and the Support Vector Machine (SVM) based method.
According to cyber crime report released by HP in 2012, it's seen that organization experiences an average of 102 successful cyber attacks every week and the annualized cost incurred by there attack is 8.9 million per victim organization. The hackers usually keep loose, but consistent associations with peers in an online environment to develop their technical knowledge and skill. Such online platforms include, IRC (Internet Relay Chat), forums, blogs, social networking websites etc. Evidences have shown that, there hackers often share cyber attack knowledge and sometimes, even the tools (such as botnets) those aid the attack process. Though law enforcement and security agencies utilize social network analysis and mining techniques to uncover details of hackers, only little amount of work has been performed in the automated discovery and analysis of cyber criminal networks.
Main intuition behind cyber criminal network discovery is that specific types of cyber criminal relationships (e.g. exchange of tools) are extracted by a probabilistic generative model to improve the cyber criminal relationship identification. Below figure illustrates the main steps of cyber criminal network mining.
For more information on implementation details, algorithms used and comparison with base line systems , refer the PDF (seminar report) attached below.