A PROBABILISTIC GENERATIVE MODEL FOR MINING CYBER

CRIMINAL NETWORKS FROM ONLINE SOCIAL MEDIA

Illegal or immoral use of the computer or its resources is cyber crime. It includes
unauthorized access to private pages, stealing credit card information, piracy etc. As the cyber
crimes are increasing day by day, it's affecting the industry on a large scale. Existing Intrusion
Detection Systems (IDS), Intrusion Prevention Systems (IPS), and anti-malware system rely on
low level network traffic features on program code signatures to detect cyber attacks. However,
since hackers can constantly change their attack tactics by, it is extremely difficult for the
existing security solutions to detect cyber attacks.
Recent studies reveal that cyber criminals tend to transact cyber-attack tools via the "dark
markets" established in online social media. This gives opportunities for researchers to tap into
these cyber criminal communities. This paper mainly focuses on the development of a cyber
criminal network mining method which facilitates cyber crime forensics from online social
media. The proposed method is weakly supervised and is supported by a probabilistic generative
model enhanced by a context-sensitive Gibbs sampling algorithm. This helps to develop better
insights about cyber crime activities so that the ever increasing number of cyber crimes can be
prevented to a certain extend. The experimental results reveal that the proposed method
significantly outperforms the Latent Dirichlet Allocation (LDA) based method and the Support
Vector Machine (SVM) based method.
Background
According to cyber crime report released by HP in 2012, it's seen that organization
experiences an average of 102 successful cyber attacks every week and the annualized cost
incurred by there attack is 8.9 million per victim organization. The hackers usually keep loose,
but consistent associations with peers in an online environment to develop their technical
knowledge and skill. Such online platforms include, IRC (Internet Relay Chat), forums, blogs,
social networking websites etc. Evidences have shown that, there hackers often share cyber
attack knowledge and sometimes, even the tools (such as botnets) those aid the attack process.

Though law enforcement and security agencies utilize social network analysis and mining
techniques to uncover details of hackers, only little amount of work has been performed in the
automated discovery and analysis of cyber criminal networks.
System Model
Main intuition behind cyber criminal network discovery is that specific types of cyber
criminal relationships (e.g. exchange of tools) are extracted by a probabilistic generative model
to improve the cyber criminal relationship identification. Below figure illustrates the main steps

of cyber criminal network mining.