Community Finding of Malware and Exploit Vendors on Darkweb Marketplaces

Many people involved in malicious cyber activity rely on online environments to improve their hacking skills and capabilities, among which, darkweb marketplaces are one of the most prevalent. Vendors advertise and sell their wares worldwide on those markets, generating communities of like-minded individuals focused on sub fields of hacking. As there is no direct communication between vendors in these environments, identifying the communities formed by them becomes challenging; especially with the absence of ground truth knowledge to validate the results. In this paper, we develop a method based on Machine Learning and Social Network Analysis (SNA) to identify and validate communities of malware and exploit vendors, using product offerings in 20 different marketplaces on the darkweb. To validate the viability of our approach, we cross-validate the community assignments of common individuals selling their products on two mutually exclusive sets of marketplaces, demonstrating how the multiplexity of social ties can be used to detect and validate communities of malware and exploit vendors.

[1]  Kurt Hornik,et al.  Spherical k-Means Clustering , 2012 .

[2]  Muhammad Abulaish,et al.  Identifying cliques in dark web forums - An agglomerative clustering approach , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[3]  Ahmad Diab,et al.  Darknet and deepnet mining for proactive cybersecurity threat intelligence , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[4]  Christopher C. Yang,et al.  Identifying Dark Web clusters with temporal coherence analysis , 2011, Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics.

[5]  M E J Newman,et al.  Modularity and community structure in networks. , 2006, Proceedings of the National Academy of Sciences of the United States of America.

[6]  L. Hubert,et al.  Comparing partitions , 1985 .

[7]  Duncan J. Watts,et al.  Six Degrees: The Science of a Connected Age , 2003 .

[8]  Sebastián A. Ríos,et al.  Topic-based social network analysis for virtual communities of interests in the Dark Web , 2010, ISI-KDD '10.

[9]  Ahmad Diab,et al.  Product offerings in malicious hacker markets , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[10]  Paulo Shakarian,et al.  Data Driven Game Theoretic Cyber Threat Mitigation , 2016, AAAI.

[11]  Jean-Loup Guillaume,et al.  Fast unfolding of communities in large networks , 2008, 0803.0476.