Semi-Supervised Cyber Threat Identification in Dark Net Markets: A Transductive and Deep Learning Approach

Mohammadreza Ebrahimi, Jay F. Nunamaker, Hsinchun Chen

Research output: Contribution to journalArticlepeer-review

2 Scopus citations

Abstract

Dark Net Marketplaces (DNMs), online selling platforms on the dark web, constitute a major component of the underground economy. Due to the anonymity and increasing accessibility of these platforms, they are rich sources of cyber threats such as hacking tools, data breaches, and personal account information. As the number of products offered on DNMs increases, researchers have begun to develop automated machine learning-based threat identification approaches. A major challenge in adopting such an approach is that the task typically requires manually labeled training data, which is expensive and impractical. We propose a novel semi-supervised labeling technique for leveraging unlabeled data based on the lexical and structural characteristics of DNMs using transductive learning. Empirical results show that the proposed approach leads to an approximately 3-5% increase in classification performance measured by F1-score, while increasing both precision and recall. To further improve the identification performance, we adopt Long Short-Term Memory (LSTM) as a deep learning structure on top of the proposed labeling method. The results are evaluated against a large collection of 79K product listings obtained from the most popular DNMs. Our method outperforms the state-of-the-art methods in threat identification and is considered as an important step toward lowering the human supervision cost in realizing automated threat detection within cyber threat intelligence organizations.

Original languageEnglish (US)
Pages (from-to)694-722
Number of pages29
JournalJournal of Management Information Systems
Volume37
Issue number3
DOIs
StatePublished - Jul 2 2020

Keywords

  • Dark net marketplaces
  • cyber threats
  • deep learning
  • long short-term memory
  • semi-supervised labeling
  • threat detection
  • transductive learning

ASJC Scopus subject areas

  • Management Information Systems
  • Computer Science Applications
  • Management Science and Operations Research
  • Information Systems and Management

Fingerprint Dive into the research topics of 'Semi-Supervised Cyber Threat Identification in Dark Net Markets: A Transductive and Deep Learning Approach'. Together they form a unique fingerprint.

Cite this