A methodology for large-scale identification of related accounts in underground forums

e-Archivo Repository

Show simple item record

dc.contributor.author Cabrero Holgueras, José
dc.contributor.author Pastrana Portillo, Sergio
dc.date.accessioned 2022-01-24T10:30:18Z
dc.date.available 2022-01-24T10:30:18Z
dc.date.issued 2021-12-01
dc.identifier.bibliographicCitation Cabrero Holgueras, J., Pastrana, S. (2021). A Methodology For Large-Scale Identification of Related Accounts in Underground Forums. Computers & Security, 111, 102489. https://doi.org/10.1016/j.cose.2021.102489
dc.identifier.issn 0167-4048
dc.identifier.uri http://hdl.handle.net/10016/33942
dc.description.abstract Underground forums allow users to interact with communities focused on illicit activities. They serve as an entry point for actors interested in deviant and criminal topics. Due to the pseudo-anonymity provided, they have become improvised marketplaces for trading illegal products and services, including those used to conduct cyberattacks. Thus, these forums are an important data source for threat intelligence analysts and law enforcement. The use of multiple accounts is forbidden in most forums since these are mostly used for malicious purposes. Still, this is a common practice. Being able to identify an actor or gang behind multiple accounts allows for proper attribution in online investigations, and also to design intervention mechanisms for illegal activities. Existing solutions for multi-account detection either require ground truth data to conduct supervised classification or use manual approaches. In this work, we propose a methodology for the large-scale identification of related accounts in underground forums. These accounts are similar according to the distinctive content posted, and thus are likely to belong to the same actor or group. The methodology applies to various domains and leverages distinctive artefacts and personal information left online by the users. We provide experimental results on a large dataset comprising more than 1.1M user accounts from 15 different forums. We show how this methodology, combined with existing approaches commonly used in social media forensics, can assist with and improve online investigations.
dc.description.sponsorship This work was partially supported by CERN openlab, the CERN Doctoral Student Programme, the Spanish grants ODIO (PID2019-111429RB-C21 and PID2019-111429RB) and the Region of Madrid grant CYNAMON-CM (P2018/TCS-4566), co-financed by European Structural Funds ESF and FEDER, and Excellence Program EPUC3M17
dc.format.extent 15
dc.language.iso eng
dc.publisher Elsevier
dc.rights © Elsevier, 2021
dc.rights Atribución-NoComercial-SinDerivadas 3.0 España
dc.rights.uri http://creativecommons.org/licenses/by-nc-nd/3.0/es/
dc.subject.other social media forensics
dc.subject.other undergroung forums
dc.subject.other large-scale measurement
dc.subject.other related accounts
dc.subject.other cybercrime
dc.title A methodology for large-scale identification of related accounts in underground forums
dc.type article
dc.subject.eciencia Informática
dc.identifier.doi https://doi.org/10.1016/j.cose.2021.102489
dc.rights.accessRights openAccess
dc.relation.projectID Comunidad de Madrid. S2018/TCS-4566
dc.relation.projectID Gobierno de España. PID2019-111429RB-C21
dc.type.version acceptedVersion
dc.identifier.publicationtitle COMPUTERS & SECURITY
dc.identifier.publicationvolume 111
dc.identifier.uxxi AR/0000028976
dc.contributor.funder Comunidad de Madrid
dc.contributor.funder European Commission
 Find Full text

Files in this item

*Click on file's image for preview. (Embargoed files's preview is not supported)


The following license files are associated with this item:

This item appears in the following Collection(s)

Show simple item record