Funded by NSF ($5.4M) in 2013 and grounded on Security Big Data Analytics, the Hacker Web and AZSecure SFS Fellowship programs will help address significant cybersecurity research and education challenges facing the US and internationally. Hacker Web: With a highly inter-disciplinary team, the Hacker Web project aims to answer the important questions about hacker behaviors, markets, community structure, communication contents, artifacts and cultural differences. The proposed integrated computational framework and the resulting analytical algorithms and techniques will allow researchers, policy makers, and industries to better understand the hacker community and its highly complex ecosystem and impacts. NSF SaTC (Secure and Trustworthy Cyberspace) is the premier program for advancing cybersecurity research in the US. The Hacker Web project will collaborate closely with the AZSecure SFS Program.
AZSecure SFS Fellowship: The AZSecure project will support 40 BS, MS and Ph.D. students in the next five years in advanced cybersecurity analytics and information assurance education and for future placement in major government agencies and industries. The award is one of the largest NSF SFS (Scholarship-for-Service, under SaTC) grants in the nation, along with other major institutions such as: CMU, UIUC, Georgia Tech, UT Austin, etc. It is also one of the very few awarded to the College of Management. The award builds upon the top-five MIS program at the UA/Eller College of Management and its highly successful NSA/DHS CAE-IAE (Center of Academic Excellence in Information Assurance Education) program in information security and analytics.
Cybersecurity is an important challenge in today's world, as corporations, governments, and individuals have increasingly become victims of cyber attacks and hacking. Such attacks exploit weaknesses in technical infrastructures and human behavior. Understanding the motivations and incentives of individuals and institutions, both as attackers and defenders, can aid in creating a more secure and trustworthy cyberspace. Developing “methods to model adversaries” is one of the critical but unfulfilled research needs recommended in the “Trustworthy Cyberspace” report by the National Science and Technology Council (2011). Demand for knowledge and tools to conduct cyber crime has grown so widespread that entire international virtual communities and black markets have spawned across the Internet to help facilitate trade between cyber criminals scattered in different parts of the world. Black market participants often offer expertise, snippets of code, or fully-developed applications in exchange for other virtual goods or financial gain.
Despite a high relevance to our society, cyber criminal communities and related activities have remained largely unexplored. Existing web social media content presents a rich opportunity for various research opportunities, as virtual communities often maintain large stores of useful data digestible through many forms of computational analyses. The discussions and interactions occurring on such communities allow high-impact, data-driven research; researchers are able to empirically test hypotheses and discover new, unprecedented phenomena. Online anonymity, multilingual challenges, hacker community culture, and the sheer volume of online messages contributed by the diverse cyber citizens all make cyber content analysis an essential yet strenuous research endeavor.
To address these challenges, we are motivated to develop an integrated and scalable computational social media collection and analytics framework in support of the cyber attacker community analysis. Our research team will address important social science research questions of relevance to hacker skills, community structure and ecosystem, contents and artifacts, and cultural differences. We will develop automated hacker forums and IRC (Internet Relay Chat) collection techniques for the international (U.S., Russian and Chinese) hacker communities. We will also deploy scalable honeypot platforms to collect malware in the wild and generate feature representation for malware attribution. The proposed integrated computational framework and the resulting algorithms and software will allow researchers and practitioners to: (1) detect, classify, measure and track the formation, development and spread of topics, ideas, and concepts in cyber attacker social media communication; (2) identify important and influential cyber criminals and their interests, intent, sentiment, and opinions in online discourses; and (3) induce and recognize hacker identities, online profiles/styles, communication genres, and interaction patterns. We will leverage our highly successful computational Dark Web research in terrorism informatics. In this SBE/TTP project, we will develop open source tools, a large longitudinal research testbed, and a web-based Hacker Research Portal in support of cyber attacker community investigation and research. These resources will be introduced to the inter-disciplinary community of social, computing, and cyber security researchers and practitioners.
The PI, Dr. Hsinchun Chen, is a leader in security informatics research, with his highly successful projects of COPLINK for crime data mining and Dark Web for open source terrorism social media analytics, both funded by NSF. Our research team consists of experts in hacker community research (Dr. Tom Holt, School of Criminal Justice, with current funding from National Institute of Justice), cybersecurity and autonomic computing research (Dr. Salim Hariri of Electrical and Computer Engineering Department, with current funding from NSF and Dept. of Defense) and hacker community sociology research (Dr. Ron Breiger of Sociology Department, with current funding from NSF and DOD). The primary intellectual merit of our research resides in: (a) methodological contributions to SBE by developing automated multilingual content analysis and social media analytics techniques and open source tools to assist SBE scholars in studying strategic communication in critical social media; (b) providing a rich, large-scale, longitudinal, open source collection of hacker community field data to support timely and data-driven SBE research exploration and hypothesis testing; (c) exploring hacker community structure and ecosystem across different international communities. The broader impacts of this research include: (a) transitioning research into practice (TTP) by leveraging our previous research to create a sustainable testbed supporting research modeling cyber security adversaries; (b) assisting researchers and practitioners in detecting interesting and important phenomena in strategic communication in cyber security related social media; (c) supporting analysts and decision makers in understanding the motivation, incentives, dynamics, ecosystems, and trends associated with the cyber attacker community.
Hacker Web Research Framework
We start by identifying several important categories of information necessary for cyber security investigation. Our research will focus on hacker community information (the actors) and honeypot information (malware output), to be supplemented by further malware analysis and selected emerging P2P network information. Then, data sources for each information category are identified and collected to assist in our hacker community analysis. We plan to develop automated techniques for collecting major U.S., Russian and Chinese hacker forums and IRC contents. We will also explore additional social media, P2P networks, and honeypot captures. In addition, manual collection methods will be deployed for emerging cyber security research and news and other security vectors based on our social science and security analysis research questions. Next, collected data is scrubbed and transformed for usage in various analyses. We will leverage our extensive experience in social media analytics for from our NSF funded Dark Web research (more on this later) for topics and sentiment, temporal extraction, and social networks. Additional hacker and malware signatures (e.g., programming languages used, attack targets, source code used) and other geopolitical information (e.g., locations) will be identified to assist in hacker community analysis. Lastly, numerous types of social science and security analyses will allow us to gain new perspectives and knowledge from the acquired data: hacker signature analysis (profile), cyber crime attribution (linking malware to actors), hacker community structure (and skills), and cultural metrics identification (for US, Russian, and Chinese groups). In addition, our research will help with time-event extraction, covert hacker community content collection, and vulnerability threat assessment.
The figure below illustrates the research framework:
This Scholarship-for-Service (SFS) program is funded by the National Science Foundation (#DUE-1303362). The AZSecure Cybersecurity Scholarship-for-Service (SFS) Program at the University of Arizona is aimed at recruiting from across the state, with particular emphasis on minority recruitment and retention. The ultimate goal is to help broaden representation in science and technology and increase interest in and technological competence for government service. The proposed program is budgeted to support 40 participants, and encompasses several important areas of activity, in addition to recruitment: eligibility verification and selection; student mentoring and development (including independent research study integrated into the program); coursework; assessment of student progress; internship and post-graduation placement assistance; and program assessment and evaluation. Each area is addressed in detail in the project description. Cybersecurity and Information Assurance are critical to ensuring the integrity and availability demands of a modern, globally-networked infrastructure. The growing need for and demands upon security professionals are highlighted by the Association for Computing Machinery (ACM) and the Association for Information Systems (AIS) information systems curriculum guidelines of May 2010 that specifically address these emerging needs. The biggest challenge facing employers is finding employees with the right security skills, including operations security, information security risk management, and security management practices (Goodwin 2010), thus proving the SFS program timely, relevant, and beneficial.
The MIS department has unique characteristics and faculty expertise which make it particularly suitable for managing a cybersecurity Scholarship for Service (SFS) program. The department is renowned for its consistent ranking in the top five MIS programs in the country (U.S. News and World Report) for over 20 years, an achievement matched only by MIT and Carnegie-Mellon. The PI, Dr. Hsinchun Chen, is McClelland Professor of Management Information Systems, and has over twenty years’ experience in educating and mentoring undergraduate and graduate students through the MIS program. As the Director of the Artificial Intelligence Lab, he also has over fifteen years’ experience as a successful PI for numerous security-related research projects funded by the National Science Foundation, National Institute of Justice, Department of Homeland Security, Department of Defense, and other agencies and entities. Dr. Mark Patton and Dr. Paulo Goes, co-PIs, are, like PI Chen, members of the department’s Information Assurance and Security Education Center and carry significant responsibility for the administration of and teaching in the current program. Our approach to managing the program is deliberately cross disciplinary and intended to support the broadest definition of cybersecurity, including information assurance, network security, trustworthy computing, risk management for IT, etc. In addition to faculty from MIS, Dr. Salim Hariri of the Electrical and Computer Engineering department will also serve as Co-PI. Dr. Hariri is Co-Director of the NSF Center for Autonomic Computing and brings a wealth of experience in cyber- and network security. Faculty members from Computer Science have also signed on as faculty mentors. Many of the SFS students will participate in the Hacker Web research.
Intellectual Merit: Our proposed program is intended to help address the great need for security training in the U.S. Our curriculum includes dedicated coursework and significant research with world-class faculty in security and risk management, operations security, information security risk management, and security management practices. Our proposed scholarship program will contribute to meaningful curriculum development that can serve as a model to other programs.
Broader Impacts: Our proposed scholarship program will successfully help address a burgeoning need for knowledgeable security specialists by providing a pool of carefully cultivated and highly trained personnel. The program will maintain a focus on minority recruiting, thus addressing a stated National Science Foundation aim to continually improve diversity in our science and technology sectors. Interested in Applying? See the MIS Department's AZSecure Cybersecurity Fellowship Program page (https://msmis.eller.arizona.edu/azsecure-cybersecurity-fellowship-program) for more information including eligibility criteria and instructions on how to apply.
We thank the following agencies and companies for providing research funding support: “Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics” (Hacker Web), PIs: H. Chen (MIS), S Hariri (ECE), R. Breiger (Sociology), T. Holt (Michigan State), SES-1314631, NSF Secure and Trustworthy Cyberspace (SaTC) Program, 9/1/2013-8/31/2016, $1.2M. “Cybersecurity Scholarship-for-Service at The University of Arizona” (AZSecure), PIs: H. Chen, P. Goes (MIS), S. Hariri (ECE), M. Patton (MIS), DUE-1303362, NSF Scholarship-for-Service (SFS) Program, 9/15/2013-8/31/2018, $4.2M.
- Hsinchun Chen, MIS
- Jay F. Nunamaker, MIS
- Paulo Goes, MIS
- Cathy Larson, MIS
- Mark Patton, MIS
- Lance Hoopes, MIS
- William Neumann, MIS
- Joe Valacich, MIS
- Matt Hashim, MIS
- Victor Benjamin, MIS
- Shiyu Hu, MIS
- Salim Hariri, ECE
- Youssif Al Nashif, ECE
- Rob Breiger, Sociology
- Saumya Debray, CS
- Christian Collberg, CS
- Beichuan Zhang, CS
- Tom Holt, Criminology, Michigan State University
- Ahmed Abbasi, University of Virginia
- H. Chen, “Dark Web: Exploring and Mining the Dark Side of the Web,” Springer, 2012.
- H. Chen, “Intelligence and Security Informatics for International Security: Information Sharing and Data Mining,” Springer, 2006.
- H. Chen, M. Dacier, et al., (Eds.), Proceedings the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, Paris, France, June 2009.
Journal and Conference Papers:
- S. Samtani, R. Chinn, H. Chen. Exploring Hacker Assets in Underground Forums. Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Baltimore, Maryland, May 2015.
- V. Benjamin and H. Chen. Developing Understanding of Hacker Language through the use of Lexical Semantics. Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Baltimore, Maryland, May 2015.
- V. Benjamin, W. Li, T. Holt, and H. Chen. Exploring Threats and Vulnerabilities in Hacker Web: Forums, IRC and Carding Shops. Proceedings of 2015 IEEE International Conference on Intelligence and Security Informatics, ISI 2015, Baltimore, Maryland, May 2015.
- M. Patton, E. Gross, R. Chinn, S. Forbis, L. Walker, and H. Chen, “Uninvited Connections: A Study of the Vulnerable Devices on the Internet of Things (IoT),” ISI 2014, Proceedings of 2014 IEEE International Conference on Intelligence and Security Informatics, The Netherlands, September 2014.
- V.A. Benjamin and H. Chen, "Time-to-event Modeling for Predicting Hacker Community Participant Trajectory," ISI 2014, Proceedings of 2014 IEEE International Conference on Intelligence and Security Informatics, The Netherlands, September 2014.
- Benjamin and H. Chen. Time-to-event Modeling for Predicting Hacker IRC Community Participant Trajectory. Proceedings of 2014 IEEE Joint International Conference on Intelligence and Security Informatics, JISIC 2014, The Hague, Netherlands, September 2014.
- A. Abbasi, W. Li, V. Benjamin, S. Hu, and H. Chen. Descriptive Analytics: Examining Expert Hackers in Web Forums. Proceedings of 2014 IEEE Joint International Conference on Intelligence and Security Informatics, JISIC 2014, The Hague, Netherlands, September 2014.
- W. Li and H. Chen. Identifying Top Sellers In Underground Economy Using Deep Learning-based Sentiment Analysis. Proceedings of 2014 IEEE Joint International Conference on Intelligence and Security Informatics, JISIC 2014, The Hague, Netherlands, September 2014.
- V. Benjamin and H. Chen, “Machine Learning for Attack Vector identification in Malicious Source Code,” Proceedings of 2013 IEEE International Conference on Intelligence and Security Informatics, ISI 2013, Seattle, Washington, June 2013.
- V. Benjamin and H. Chen, “Securing Cyberspace: Identifying Key Actors in Hacker Communities,” Proceedings of 2012 IEEE International Conference on Intelligence and Security Informatics, ISI 2012, Washington, DC, June 2012.
- D. Zimbra and H. Chen, “Scalable Sentiment Classification across Multiple Dark Web Forums,” IEEE International Conference on Intelligence and Security Informatics, ISI 2012, Washington, DC, June 2012.
- T. J. Fu, A. Abbasi, and H. Chen, “A Focused Crawler for Dark Web Forums,” Journal of the American Society for Information Science and Technology, Volume 61, Number 6, Pages 1213-1231, 2010.
- A. Abbasi and H. Chen, “A Comparison of Tools for Detecting Fake Websites,” IEEE Computer, Volume 42, Number 10, Pages 78-86, October 2009.
- A. Abbasi and H. Chen, “A Comparison of Fraud Cues and Classification Methods for Fake Escrow Website Detection,” Information Technology and Management, Volume 10, Number 2, Pages 83-101, 2009.
- C. Mielke and H. Chen, “Botnets, and the CyberCriminal Underground,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
- T. Fu and H. Chen, “Analysis of Cyberactivism: A Case Study of Online Free Tibet Activities,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
- H. Chen, “Cyber Terrorism in Web 2.0: An Exploratory Study of International Jihadist Groups,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
- A. Abbasi and H. Chen, “Writeprints: A Stylometric Approach to Identify-Level Identification and Similarity Detection in Cyberspace,” ACM Transactions on Information Systems, Volume 26, Number 2, Pages 7:1-7:29, 2008.
- A. Abbasi, H. Chen, and A. Salem, “Sentiment Analysis in Multiple Languages: Feature Selection for Opinion Classification in Web Forums,” ACM Transactions on Information Systems, Volume 26, Number 3, Pages 12:1-12:34, 2008.
- A. Abbasi, H. Chen, S. Thoms, and T. J. Fu, “Affect Analysis of Web Forums and Blogs using Correlation Ensembles,” IEEE Transactions on Knowledge and Data Engineering, Volume 20, Number 9, Pages 1168-1180, September 2008.
- A. Abbasi and H. Chen, “CyberGate: A System and Design for Text Analysis of Computer Mediated Communications,” MIS Quarterly, Volume 32, Number 4, Pages 811-837, December 2008.
- H. Chen, “Sentiment and Affect Analysis of Dark Web Forums: Measuring Radicalization on the Internet,” Proceedings of 2008 IEEE International Conference on Intelligence and Security Informatics, ISI 2008, Taipei, Taiwan, June 2008.
- T. Fu, A. Abbasi and H. Chen, “Interaction Coherence for Dark Web Forums,” Proceedings of 2007 IEEE Intelligence and Security Informatics, ISI 2007, New Brunswick, NJ, May 2007.
- A. Abbasi and H. Chen, “Affect Intensity Analysis of Dark Web Forums,” Proceedings of 2007 IEEE Intelligence and Security Informatics, ISI 2007, New Brunswick, NJ, May 2007T.
- S. Raghu and H. Chen, “Cyberinfrastructure for Homeland Security: Advances in Information Sharing, Data Mining, and Collaboration Systems,” Decision Support Systems, Volume 43, Number 4, Pages 1321-1323, 2007.
- W. Chung, H. Chen, W. Chang, and S. Chou, “Fighting Cybercrime: A Review and the Taiwan Experience,” Decision Support Systems, special issue on Intelligence and Security Informatics, forthcoming, Volume 41, Number 3, Pages 669-682, March 2006.
- R. Zheng, Y. Qin, Z. Huang, and H. Chen, “Authorship Analysis in Cybercrime Investigation,” Proceedings of the 1st NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, Tucson, Arizona, June 2003, Lecture Notes in Computer Science (LNCS 2665), Springer-Verlag.
- R. Chang, W. Chung and H. Chen, “An International Perspective on Fighting Cybercrime,” Proceedings of the 1st NSF/NIJ Symposium on Intelligence and Security Informatics, ISI 2003, Tucson, Arizona, June 2003, Lecture Notes in Computer Science (LNCS 2665), Springer-Verlag.
Abstract image of cybersecurity on AI Lab home page slider courtesy Shutterstock.