SaTC: CORE: Medium: Collaborative: Understanding and Discovering Illicit Online Business Through Automatic Analysis of Online Text Traces

SaTC：核心：媒介：协作：通过自动分析在线文本痕迹理解和发现非法在线业务

• 批准号: 1801365
• 负责人: Xiaojing Liao
• 金额: $ 43.02万
• 依托单位: College of William and Mary
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-09-01 至 2018-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801365&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Understanding

Unlawful online business often leaves behind human-readable text traces for interacting with its targets (e.g., defrauding victims, advertising illicit products to intended customers) or coordinating among the criminals involved. Such text content is valuable for detecting various types of cybercrimes and understanding how they happen, the perpetrator's strategies, capabilities and infrastructures and even the ecosystem of the underground business. Automatic discovery and analysis of such text traces, however, are challenging, due to their deceptive content that can easily blend into legitimate communication, and the criminal's extensive use of secret languages to hide their communication, even on public platforms (such as social media and forums). The project aims at systematically studying how to automatically discover such text traces and intelligently utilize them to fight against online crime. The research outcomes will contribute to more effective and timely control of online criminal activities, and the team's collaboration with industry also enables the team to get feedback and facilitate the transformation of new techniques to practical use. This project focuses on both criminals' communication with their targets and the underground communications among miscreants. To discover and understand illicit online activities, the research looks for any semantic inconsistency between text content and its context (such as advertisements for selling illegal drugs on an .edu domain) and for inappropriate operations being triggered (such as a malware download). Inconsistencies are captured by the Natural Language Processing (NLP) techniques customized to various security settings. Further, based upon crime-related content discovered, the project will study various machine learning techniques that support automatic extraction and analysis of threat intelligence and criminal activities. The techniques are evaluated using data collected from various sources (public datasets, underground forums and others), and the findings they make are validated through a process that involves manual labeling, communication with affected parties, and collaborations with industry partners. This work will help create in-depth knowledge about underground ecosystems and lead to more effective control of illicit operations of these online businesses.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

非法在线业务通常会留下人类可读的文本痕迹，用于与其目标进行交互（例如，欺骗受害者、向目标客户宣传非法产品）或在所涉及的犯罪分子之间进行协调。此类文本内容对于检测各种类型的网络犯罪并了解其发生方式、犯罪者的策略、能力和基础设施甚至地下业务的生态系统非常有价值。 然而，自动发现和分析此类文本痕迹具有挑战性，因为它们的欺骗性内容很容易融入合法通信中，而且犯罪分子广泛使用秘密语言来隐藏他们的通信，即使是在公共平台（例如社交媒体和社交媒体）上也是如此。论坛）。该项目旨在系统研究如何自动发现此类文本痕迹并智能利用它们来打击网络犯罪。研究成果将有助于更有效、及时地控制网络犯罪活动，团队与业界的合作也使团队能够获得反馈并促进新技术转化为实际应用。 该项目重点关注犯罪分子与其目标的通信以及不法分子之间的地下通信。为了发现和理解非法在线活动，该研究寻找文本内容与其上下文之间的任何语义不一致（例如在 .edu 域上销售非法药品的广告）以及触发的不当操作（例如恶意软件下载）。根据各种安全设置定制的自然语言处理 (NLP) 技术可以捕获不一致的情况。此外，根据发现的犯罪相关内容，该项目将研究各种机器学习技术，支持自动提取和分析威胁情报和犯罪活动。使用从各种来源（公共数据集、地下论坛等）收集的数据对这些技术进行评估，并通过涉及手动标记、与受影响方沟通以及与行业合作伙伴合作的过程来验证它们的发现。这项工作将有助于深入了解地下生态系统，并更有效地控制这些在线企业的非法运营。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查进行评估，被认为值得支持标准。

项目成果

Evil Under the Sun: Understanding and Discovering Attacks on Ethereum Decentralized Applications

• 发表时间: 2021
• 作者: Liya Su;Xinyue Shen;Xiangyu Du;Xiaojing Liao;Xiaofeng Wang;Luyi Xing;Baoxu Liu