Exploring key hackers and cybersecurity threats in Chinese hacker communities

Chinese hacker communities are of interest to cybersecurity researchers and investigators. When examining Chinese hacker communities, researchers and investigators face many challenges, including understanding the Chinese language, detecting variations in topic evolution, and identifying key hackers with their specialty areas. Therefore, we are motivated to develop a framework for analyzing key hackers and emerging threats in Chinese hacker communities. Specifically, we develop a set of topic models for extracting popular topics, tracking topic evolution, and identifying key hackers with their specialty topics. We applied our framework to 19 major Chinese hacker communities. As a result, we identified five major popular topics, including trading, fraud prevention & identification, calling for cooperation, casual chat, and monetizing. Moreover, we found several trends related to new communication channels, new stolen cards of interest, and new operating mechanism. Further, we also found the key hackers in each extracted area. Our work contributes to the cybersecurity literature by providing an advanced and scalable framework for analyzing Chinese hacker communities.

[1]  Hsinchun Chen,et al.  Descriptive Analytics: Examining Expert Hackers in Web Forums , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[2]  T. Holt,et al.  Exploring stolen data markets online: products and market forces , 2010 .

[3]  Cormac Herley,et al.  Nobody Sells Gold for the Price of Silver: Dishonesty, Uncertainty and the Underground Economy , 2009, WEIS.

[4]  Xijin Tang,et al.  Topics and trends of the on-line public concerns based on Tianya forum , 2014 .

[5]  Chengyu Song,et al.  Studying Malicious Websites and the Underground Economy on the Chinese Web , 2008, WEIS.

[6]  John D. Lafferty,et al.  Dynamic topic models , 2006, ICML.

[7]  Hsinchun Chen,et al.  Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops , 2015, 2015 IEEE International Conference on Intelligence and Security Informatics (ISI).

[8]  Victor A. Benjamin,et al.  Securing cyberspace: Identifying key actors in hacker communities , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[9]  Jaziar Radianti A Study of a Social Behavior inside the Online Black Markets , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[10]  Stefan Savage,et al.  An inquiry into the nature and causes of the wealth of internet miscreants , 2007, CCS '07.

[11]  Yong Lu,et al.  Social Network Analysis of a Criminal Hacker Community , 2010, J. Comput. Inf. Syst..

[12]  Stefan Savage,et al.  An analysis of underground forums , 2011, IMC '11.

[13]  Thomas J. Holt,et al.  Examining the social networks of malware writers and hackers , 2012 .

[14]  Jun Zhu,et al.  Scaling up Dynamic Topic Models , 2016, WWW.

[15]  Michael I. Jordan,et al.  Latent Dirichlet Allocation , 2001, J. Mach. Learn. Res..

[16]  Thomas L. Griffiths,et al.  The Author-Topic Model for Authors and Documents , 2004, UAI.