Examining Hacker Participation Length in Cybercriminal Internet-Relay-Chat Communities

Abstract To further cybersecurity, there is interest in studying online cybercriminal communities to learn more about emerging cyber threats. Literature documents the existence of many online Internet Relay Chat (IRC) cybercriminal communities where cybercriminals congregate and share hacking tools, malware, and more. However, many cybercriminal community participants appear unskilled and have fleeting interests, making it difficult to detect potential long-term or key participants. This is a challenge for researchers and practitioners to quickly identify cybercriminals that may provide credible threat intelligence. Thus, we propose a computational approach to analyze cybercriminals IRC communities in order to identify potential long-term and key participants. We use the extended Cox model to scrutinize cybercriminal IRC participation for better understanding of behaviors exhibited by cybercriminals of importance. Results indicate that key cybercriminals may be quickly identifiable by assessing the scale of their interaction and networks with other participants.

[1]  Hsinchun Chen,et al.  Time-to-Event Predictive Modeling for Chronic Conditions Using Electronic Health Records , 2014, IEEE Intelligent Systems.

[2]  Andrés Montoyo,et al.  Detecting implicit expressions of emotion in text: A comparative analysis , 2012, Decis. Support Syst..

[3]  Michael Yip,et al.  An Investigation into Chinese Cybercrime and the Applicability of Social Network Analysis , 2011 .

[4]  J. Ball,et al.  Statistics review 12: Survival analysis , 2004, Critical care.

[5]  Gerard J. van den Berg,et al.  Duration models: specification, identification and multiple durations , 2000 .

[6]  Indra Rajasingh,et al.  Investigating substructures in goal oriented online communities: Case study of Ubuntu IRC , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[7]  J. Kalbfleisch,et al.  The Statistical Analysis of Failure Time Data: Kalbfleisch/The Statistical , 2002 .

[8]  Hsinchun Chen,et al.  Time-to-Event Modeling for Predicting Hacker IRC Community Participant Trajectory , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[9]  L. J. Wei,et al.  Regression analysis of multivariate incomplete failure time data by modeling marginal distributions , 1989 .

[10]  Christian Platzer,et al.  Covertly Probing Underground Economy Marketplaces , 2010, DIMVA.

[11]  James Martin,et al.  Lost on the Silk Road: Online drug distribution and the ‘cryptomarket’ , 2014 .

[12]  Detmar W. Straub,et al.  Moving toward black hat research in information systems security: an editorial introduction to the special issue , 2010 .

[13]  Steve Jones Encyclopedia of new media : an essential reference to communication and technology , 2003 .

[14]  L. Freeman Centrality in social networks conceptual clarification , 1978 .

[15]  Laurence L. George,et al.  The Statistical Analysis of Failure Time Data , 2003, Technometrics.

[16]  Sanjay Goel Cyberwarfare: connecting the dots in cyber intelligence , 2011, CACM.

[17]  Victor A. Benjamin,et al.  Securing cyberspace: Identifying key actors in hacker communities , 2012, 2012 IEEE International Conference on Intelligence and Security Informatics.

[18]  Shu-Hui Chang,et al.  Nonparametric Estimation of a Recurrent Survival Function. , 1999, Journal of the American Statistical Association.

[19]  Mark Levene,et al.  How long do Wikipedia editors keep active? , 2012, WikiSym '12.

[20]  T. Holt,et al.  Exploring stolen data markets online: products and market forces , 2010 .

[21]  Guoying Zhang,et al.  Hacker Behavior, Network Effects, and the Security Software Market , 2012, J. Manag. Inf. Syst..

[22]  Hsinchun Chen,et al.  AZDrugMiner: An Information Extraction System for Mining Patient-Reported Adverse Drug Events in Online Patient Forums , 2013, ICSH.

[23]  Nigel Shadbolt,et al.  Why forums?: an empirical analysis into the facilitating factors of carding forums , 2013, WebSci.

[24]  Andrew B. Whinston,et al.  Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements , 2013, J. Manag. Inf. Syst..

[25]  Dmitri Nizovtsev,et al.  Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers , 2009, J. Manag. Inf. Syst..

[26]  Thomas J. Holt,et al.  Examining the social networks of malware writers and hackers , 2012 .

[27]  John M. Levine,et al.  To stay or leave?: the relationship of emotional and informational support to commitment in online health support groups , 2012, CSCW.

[28]  F. Schweitzer,et al.  Emotional persistence in online chatting communities , 2012, Scientific Reports.

[29]  Gunwoong Lee,et al.  Determinants of Mobile Apps' Success: Evidence from the App Store Market , 2014, J. Manag. Inf. Syst..

[30]  Stefan Savage,et al.  An analysis of underground forums , 2011, IMC '11.

[31]  Namkee Park,et al.  Understanding Online Community Participation: A Technology Acceptance Perspective , 2011 .

[32]  T. Holt Examining the Forces Shaping Cybercrime Markets Online , 2013 .

[33]  Hsinchun Chen,et al.  CyberGate: A Design Framework and System for Text Analysis of Computer-Mediated Communication , 2008, MIS Q..

[34]  D.,et al.  Regression Models and Life-Tables , 2022 .

[35]  Fei-Yue Wang,et al.  Understanding Crowd-Powered Search Groups: A Social Network Perspective , 2012, PloS one.

[36]  Jaziar Radianti A Study of a Social Behavior inside the Online Black Markets , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.