“AMoC: A Multifaceted Machine Learning-Based Toolkit for Analysing Cybercriminal Communities on the Darknet”, 2021-12-15 ():
There is an increasing demand for expert analysis of cybercriminal communities. Cybercrime is continually becoming more complex due to the rapid development of digital technologies, on the one hand, in new types of criminal activity, such as hacking, distributing malware and DDoS attacks, and on the other hand, in digitised forms of more traditional crimes, such as email scams, phishing, identity theft, and cryptographically secured black markets. Tackling this broad array of behavior requires tool support for multi-disciplinary investigations, and a connecting framework that can adjust flexibly to changes in the populations being studied.
In this work, we present AMoC, a multi-faceted machine learning toolkit that combines structured queries, anomaly detection, social network analysis, topic modeling and accounts recognition to enable comprehensive analysis of cybercriminal communities and users.
The toolkit enables the extraction of findings regarding the motivations, behavior and characteristics of offenders, and how cybercriminal communities react to interventions such as arrests and take-downs.
In our demonstration, the toolkit is deployed to analyse over 150,000 accounts from 35 underground marketplaces.
…For the analysis presented in this study, we made use of over 2.5 million posts drawn from over 150,000 accounts from 35 cybercriminal communities, drawn from the DNM Corpus: a large dataset collected 2013–22015. All the DNMs have English language as their main medium of communication. In particular, we targeted discussion fora within this collection, which acted as support areas for underground marketplaces dealing in a number of different illicit goods. Communities ranged from successfully established markets with thousands of accounts (though not all were always active posters) to small sites that never moved beyond a handful of initial accounts.