Uma análise dos dados provenientes de vazamentos disponíveis para venda em marketplaces da dark web
Resumo
O uso de dados pessoais em sites tem aumentado gradualmente nos últimos anos, ampliando o número de incidentes de segurança cibernética que resultam em violações de dados. Uma consequência das violações é a disponibilização de dados vazados em marketplaces da dark web. Este estudo analisou anúncios divulgados em quatro marketplaces para apresentar o cenário atual de dados disponíveis para venda. A análise fez uso de extração de informações a partir da implementação de Named Entity Recognition (NER) para identificar as organizações em anúncios. Duas abordagens foram avaliadas: o XLM-RoBERTa e o NLTK. A análise identificou que "Interactive Media & Services" é o setor da indústria com o maior número de dados para venda.
Palavras-chave:
Segurança Cibernética, Dark Web, Mineração de Texto
Referências
Al-Ramahi, M., Alsmadi, I., and Davenport, J. (2020). Exploring hackers assets: Topics In ACM Int. Conf. Proceeding Ser., pages of interest as indicators of compromise. 38–41, New York, NY, USA. Association for Computing Machinery.
Bird, S., Klein, E., and Loper, E. (2009). Natural language processing with Python: analyzing text with the natural language toolkit. ”O’Reilly Media, Inc.”.
Das, A., Bonneau, J., Caesar, M., Borisov, N., and Wang, X. (2014). The tangled web of password reuse. In NDSS, volume 14, pages 23–26.
Devlin, J., Chang, M.-W., Lee, K., and Toutanova, K. (2018). Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805.
Dong, F., Yuan, S., Ou, H., and Liu, L. (2018). New cyber threat discovery from darknet marketplaces. In 2018 IEEE Conference on Big Data and Analytics (ICBDA), pages 62–67.
Fang, Y., Guo, Y., Huang, C., and Liu, L. (2019). Analyzing and identifying data breaches in underground forums. IEEE Access.
Feldman, R. et al. (2007). The text mining handbook: advanced approaches in analyzing unstructured data. Cambridge university press.
Fu, T., Abbasi, A., and Chen, H. (2010). A focused crawler for dark web forums. Journal of the American Society for Information Science and Technology.
Hrazdil, K. and Zhang, R. (2012). The importance of industry classication in estimating concentration ratios. Economics Letters, 114(2):224–227.
Huang, S.-Y. and Ban, T. (2019). A topic-based unsupervised learning approach for online In 2019 18th IEEE Int. Conf. Trust. Secur. Priv.
underground market exploration. Comput. Commun. IEEE Int. Conf. Big Data Sci. Eng., pages 208–215. IEEE.
Huang, S.-Y. and Chen, H. (2016). Exploring the online underground marketplaces thIn 2016 IEEE Conf. Intell. Secur.
rough topic-based social network and clustering. Informatics, pages 145–150. IEEE.
IBM (2019). 2018 cost of data breach study: Impact of business continuity management. Disponível em: https://www.ibm.com/. Acesso em: ago. 2019.
Jiang, R., Banchs, R. E., and Li, H. (2016). Evaluating and combining name entity recognition systems. In Proceedings of the Sixth Named Entity Workshop, pages 21–27.
Mendsaikhan, O., Hasegawa, H., Yamaguchi, Y., and Shimada, H. (2019). Identication In 2019 IEEE of cybersecurity specic content using the doc2vec language model. 43rd Annual Computer Software and Applications Conference (COMPSAC), volume 1.
Nadeau, D. and Sekine, S. (2007). A survey of named entity recognition and classication. Lingvisticae Investigationes.
Park, A. J., Frank, R., Mikhaylov, A., and Thomson, M. (2018). Hackers hedging bets: A cross-community analysis of three online hacking forums. In 2018 IEEE/ACM Int. Conf. Adv. Soc. Networks Anal. Min., pages 798–805. IEEE.
Samtani, S., Zhu, H., and Chen, H. (2020). Proactively identifying emerging hacker threats from the dark web. ACM Trans. Priv. Secur., 23(4):1–33.
Santos, J., Consoli, B., dos Santos, C., Terra, J., Collonini, S., and Vieira, R. (2019). Assessing the impact of contextual embeddings for portuguese named entity recognition. In 2019 8th Brazilian Conf. on Intelligent Systems (BRACIS), pages 437–442. IEEE.
Sapienza, A., Ernala, S. K., Bessi, A., Lerman, K., and Ferrara, E. (2018). Discover: Mining online chatter for emerging cyber threats. In Web Conf. 2018 Companion World Wide Web Conf. WWW 2018, pages 983–990. Association for Computing Machinery.
Bird, S., Klein, E., and Loper, E. (2009). Natural language processing with Python: analyzing text with the natural language toolkit. ”O’Reilly Media, Inc.”.
Das, A., Bonneau, J., Caesar, M., Borisov, N., and Wang, X. (2014). The tangled web of password reuse. In NDSS, volume 14, pages 23–26.
Devlin, J., Chang, M.-W., Lee, K., and Toutanova, K. (2018). Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805.
Dong, F., Yuan, S., Ou, H., and Liu, L. (2018). New cyber threat discovery from darknet marketplaces. In 2018 IEEE Conference on Big Data and Analytics (ICBDA), pages 62–67.
Fang, Y., Guo, Y., Huang, C., and Liu, L. (2019). Analyzing and identifying data breaches in underground forums. IEEE Access.
Feldman, R. et al. (2007). The text mining handbook: advanced approaches in analyzing unstructured data. Cambridge university press.
Fu, T., Abbasi, A., and Chen, H. (2010). A focused crawler for dark web forums. Journal of the American Society for Information Science and Technology.
Hrazdil, K. and Zhang, R. (2012). The importance of industry classication in estimating concentration ratios. Economics Letters, 114(2):224–227.
Huang, S.-Y. and Ban, T. (2019). A topic-based unsupervised learning approach for online In 2019 18th IEEE Int. Conf. Trust. Secur. Priv.
underground market exploration. Comput. Commun. IEEE Int. Conf. Big Data Sci. Eng., pages 208–215. IEEE.
Huang, S.-Y. and Chen, H. (2016). Exploring the online underground marketplaces thIn 2016 IEEE Conf. Intell. Secur.
rough topic-based social network and clustering. Informatics, pages 145–150. IEEE.
IBM (2019). 2018 cost of data breach study: Impact of business continuity management. Disponível em: https://www.ibm.com/. Acesso em: ago. 2019.
Jiang, R., Banchs, R. E., and Li, H. (2016). Evaluating and combining name entity recognition systems. In Proceedings of the Sixth Named Entity Workshop, pages 21–27.
Mendsaikhan, O., Hasegawa, H., Yamaguchi, Y., and Shimada, H. (2019). Identication In 2019 IEEE of cybersecurity specic content using the doc2vec language model. 43rd Annual Computer Software and Applications Conference (COMPSAC), volume 1.
Nadeau, D. and Sekine, S. (2007). A survey of named entity recognition and classication. Lingvisticae Investigationes.
Park, A. J., Frank, R., Mikhaylov, A., and Thomson, M. (2018). Hackers hedging bets: A cross-community analysis of three online hacking forums. In 2018 IEEE/ACM Int. Conf. Adv. Soc. Networks Anal. Min., pages 798–805. IEEE.
Samtani, S., Zhu, H., and Chen, H. (2020). Proactively identifying emerging hacker threats from the dark web. ACM Trans. Priv. Secur., 23(4):1–33.
Santos, J., Consoli, B., dos Santos, C., Terra, J., Collonini, S., and Vieira, R. (2019). Assessing the impact of contextual embeddings for portuguese named entity recognition. In 2019 8th Brazilian Conf. on Intelligent Systems (BRACIS), pages 437–442. IEEE.
Sapienza, A., Ernala, S. K., Bessi, A., Lerman, K., and Ferrara, E. (2018). Discover: Mining online chatter for emerging cyber threats. In Web Conf. 2018 Companion World Wide Web Conf. WWW 2018, pages 983–990. Association for Computing Machinery.
Publicado
04/10/2021
Como Citar
LOPES, Kelvin; IGNACZAK, Luciano.
Uma análise dos dados provenientes de vazamentos disponíveis para venda em marketplaces da dark web. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 164-177.
DOI: https://doi.org/10.5753/sbseg_estendido.2021.17350.
