SaTC: CORE: Medium: Collaborative: Understanding and Discovering Illicit Online Business Through Automatic Analysis of Online Text Traces

SaTC：核心：媒介：协作：通过自动分析在线文本痕迹理解和发现非法在线业务

• 批准号: 1801432
• 负责人: XiaoFeng Wang
• 金额: $ 46.97万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-09-01 至 2024-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801432&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Understanding

Unlawful online business often leaves behind human-readable text traces for interacting with its targets (e.g., defrauding victims, advertising illicit products to intended customers) or coordinating among the criminals involved. Such text content is valuable for detecting various types of cybercrimes and understanding how they happen, the perpetrator's strategies, capabilities and infrastructures and even the ecosystem of the underground business. Automatic discovery and analysis of such text traces, however, are challenging, due to their deceptive content that can easily blend into legitimate communication, and the criminals' extensive use of secret languages to hide their communication, even on public platforms (such as social media and forums). The project aims at systematically studying how to automatically discover such text traces and intelligently utilize them to fight against online crime. The research outcomes will contribute to more effective and timely control of online criminal activities, and the team's collaboration with industry also enables the team to get feedback and facilitate the transformation of new techniques to practical use. This project focuses on both criminals' communication with their targets and the underground communications among miscreants. To discover and understand illicit online activities, the research looks for any semantic inconsistency between text content and its context (such as advertisements for selling illegal drugs on an .edu domain) and for inappropriate operations being triggered (such as a malware download). Inconsistencies are captured by the Natural Language Processing (NLP) techniques customized to various security settings. Further, based upon crime-related content discovered, the project will study various machine learning techniques that support automatic extraction and analysis of threat intelligence and criminal activities. The techniques are evaluated using data collected from various sources (public datasets, underground forums and others), and the findings they make are validated through a process that involves manual labeling, communication with affected parties, and collaborations with industry partners. This work will help create in-depth knowledge about underground ecosystems and lead to more effective control of illicit operations of these online businesses.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

非法网上交易往往留下人类可读的文本痕迹，以便与其目标进行互动(例如，诈骗受害者、向目标客户宣传非法产品)或在所涉犯罪分子之间进行协调。这类文本内容对于侦测各种类型的网络犯罪、了解它们是如何发生的、犯罪者的战略、能力和基础设施，甚至地下业务的生态系统都是有价值的。然而，自动发现和分析这类文本痕迹具有挑战性，因为它们的欺骗性内容很容易融入合法交流，而且犯罪分子广泛使用秘密语言来隐藏他们的交流，甚至在公共平台(如社交媒体和论坛)上也是如此。该项目旨在系统地研究如何自动发现此类文本痕迹，并智能地利用它们打击在线犯罪。研究成果将有助于更有效、更及时地控制网络犯罪活动，该团队与业界的合作也使该团队能够获得反馈，并促进新技术向实际应用的转化。这个项目既关注罪犯与目标的沟通，也关注流氓之间的地下沟通。为了发现和理解非法在线活动，该研究寻找文本内容与其上下文之间的任何语义不一致(如在.edu域名上销售非法药物的广告)，以及是否触发了不适当的操作(如恶意软件下载)。不一致通过针对各种安全设置定制的自然语言处理(NLP)技术来捕获。此外，根据发现的与犯罪有关的内容，该项目将研究各种机器学习技术，以支持威胁情报和犯罪活动的自动提取和分析。这些技术使用从各种来源(公共数据集、地下论坛和其他来源)收集的数据进行评估，并通过一个涉及手动标记、与受影响各方沟通以及与行业合作伙伴合作的过程来验证他们的发现。这项工作将有助于建立关于地下生态系统的深入知识，并导致更有效地控制这些在线业务的非法运营。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Your Phone is My Proxy: Detecting and Understanding Mobile Proxy Networks

• DOI: 10.14722/ndss.2021.24008
• 发表时间: 2021
• 期刊: Proceedings 2021 Network and Distributed System Security Symposium
• 作者: Xianghang Mi;Siyuan Tang;Zhengyi Li;Xiaojing Liao;Feng Qian;Xiaofeng Wang

Understanding iOS-based crowdturfing through hidden UI analysis

通过隐藏的 UI 分析了解基于 iOS 的众包

• DOI: 10.5555/3361338.3361391
• 发表时间: 2019
• 期刊: SEC'19: Proceedings of the 28th USENIX Conference on Security Symposium
• 作者: Lee, Y;Wang, X;Lee, K;Liao, X;Wang, X;Mi, X.
• 通讯作者: Mi, X.

Stealthy Porn: Understanding Real-World Adversarial Images for Illicit Online Promotion

• DOI: 10.1109/sp.2019.00032
• 发表时间: 2019-05
• 期刊: 2019 IEEE Symposium on Security and Privacy (SP)
• 作者: Kan Yuan;Di Tang;Xiaojing Liao;Xiaofeng Wang;Xuan Feng;Yi Chen;Menghan Sun;Haoran Lu;Kehuan Zhang

Demystifying Local Business Search Poisoning for Illicit Drug Promotion

• DOI: 10.14722/ndss.2022.24284
• 发表时间: 2022
• 期刊: Proceedings 2022 Network and Distributed System Security Symposium
• 作者: Peng Wang;Zilong Lin;Xiaojing Liao;Xiaofeng Wang

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis

• 发表时间: 2019
• 作者: Xuan Feng;Xiaojing Liao;Xiaofeng Wang;Haining Wang;Qiang Li;Kai-Ts'ung Yang;Hongsong Zhu;Limin Sun