Botnet Business Models, Takedown Attempts, and the Darkweb Market: A Survey

Georgoulias, Dimitrios; Pedersen, Jens Myrup; Falch, Morten; Vasilomanolakis, Emmanouil

doi:10.1145/3575808

Cited by 10 publications

(9 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Cybercriminals often use anonymous communication networks to conceal their identities and carry out online crimes. Dark web marketplaces are a type of hidden service on the dark web; the trading volume in these marketplaces has been increasing in recent years [5,6]. The anonymity of the dark web makes it difficult to track the identities of the buyers and sellers in these transactions.…”

Section: Introductionmentioning

confidence: 99%

Multi-Identity Recognition of Darknet Vendors Based on Metric Learning

Wang,

Hu,

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

Dark web vendor identification can be seen as an authorship aliasing problem, aiming to determine whether different accounts on different markets belong to the same real-world vendor, in order to locate cybercriminals involved in dark web market transactions. Existing open-source datasets for dark web marketplaces are outdated and cannot simulate real-world situations, while data labeling methods are difficult and suffer from issues such as inaccurate labeling and limited cross-market research. The problem of identifying vendors’ multiple identities on the dark web involves a large number of categories and a limited number of samples, making it difficult to use traditional multiclass classification models. To address these issues, this paper proposes a metric learning-based method for dark web vendor identification, collecting product data from 21 currently active English dark web marketplaces and using a multi-dimensional feature extraction method based on product titles, descriptions, and images. Using pseudo-labeling technology combined with manual labeling improves data labeling accuracy compared to previous labeling methods. The proposed method uses a Siamese neural network with metric learning to learn the similarity between vendors and achieve the recognition of vendors’ multiple identities. This method achieved better performance with an average F1-score of 0.889 and an accuracy rate of 97.535% on the constructed dataset. The contributions of this paper lie in the proposed method for collecting and labeling data for dark web marketplaces and overcoming the limitations of traditional multiclass classifiers to achieve effective recognition of vendors’ multiple identities.

show abstract

Section: Introductionmentioning

confidence: 99%

Multi-Identity Recognition of Darknet Vendors Based on Metric Learning

Wang,

Hu,

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Proposing a solution is challenging due to several hardships. First, botnet programs are typically designed to be stealthy, operating as quietly as possible to evade detection [Koroniotis et al, 2019;Li et al, 2019;Alomari et al, 2023;Georgoulias et al, 2023] . The reason behind this is the regular cycle of botnets creation: cybercriminals begin by building a network of bots without attracting attention, and once it is large enough for their purposes [Lourenço and Marinos, 2020;Padhiar et al, 2023] , they direct the bots to initiate a coordinated and massive attack, such as a DDoS targeting a server [Li et al, 2023] .…”

Section: Efficient Detection Of Botnet Malwarementioning

confidence: 99%

“…It could be argued that the destination IP could be a useful feature since all the bots could connect to the same server to get instructions. Nevertheless, these servers tend to rapidly change their IPs to evade reputation filtering [AlAhmadi and Martinovic, 2018;Georgoulias et al, 2023] . This sets up for us the problem of creating a detection sys-tem that didn't use the IPs as a feature, while also proving that our approach performed better than the IP-user-models from the literature.…”

Section: Efficient Detection Of Botnet Malwarementioning

confidence: 99%

“…Podría argumentarse que la IP de destino podría ser una característica útil, ya que todos los bots podrían conectarse al mismo servidor para obtener instrucciones. Sin embargo, estos servidores tienden a cambiar rápidamente sus IP para eludir ser filtrados por mala reputación [AlAhmadi and Martinovic, 2018;Georgoulias et al, 2023] . Esto planteó el problema de crear un sistema de detección que no utilizara las IP como característica, al tiempo que demostró que nuestro enfoque funcionaba mejor que los modelos IP-usuario de la bibliografía.…”

Section: Motivaciónunclassified

“….1.1 Deteccion eficiente de malware botnet Este trabajo se centra en el problema de detectar el tráfico de red generado por un bot, es decir, un programa malicioso instalado en el dispositivo de la víctima sin su consentimiento y normalmente también sin su conocimiento[Padhiar et al, 2023;Garcia et al, 2014] . Proponer una solución es un reto debido a varias dificultades.En primer lugar, los programas bot suelen estar diseñados para ser sigilosos, operando lo más silenciosamente posible para evadir la detección[Koroniotis et al, 2019;Li et al, 2019; Alomari et al, 2023;Georgoulias et al, 2023] . El motivo puede encontrarse en el ciclo habitual de creación de redes de bots: los ciberdelincuentes empiezan por crear una red de bots sin llamar la atención y, una vez que es lo suficientemente grande para sus fines[Lourenço and Marinos, 2020;Padhiar et al, 2023] , dirigen los bots en un ataque coordinado y masivo, por ejemplo un DDoS dirigido a un servidor[Li et al, 2023] .…”

unclassified

See 2 more Smart Citations

Botnet activity spotting with artificial intelligence: efficient bot malware detection and social bot identification

Velasco Mata

View full text Add to dashboard Cite

In the cybercrime scope, botnets are networks of bots, automated entities that follow instructions from a cybercriminal. The capacity of these networks to operate en masse has made them one of the most popular tools to carry out malicious activities, from spam distribution to distributed denial-of-service (DDoS) attacks. This has made botnets one of the online threats with the most significant presence, causing billionaire losses to the global economy. The motivation of this PhD Thesis is to research and propose bot detection techniques. Specifically, it is focused on two types of bots: malware bots, i.e., virus programs that can be installed in the victims' devices without their notice; and social bots, i.e., fake accounts in Social Networks that try to masquerade as real humans to deceive regular users.de número de muestras. La propuesta de detector de bots sociales aprovecha BERTopic, un predictor de temas basado en BERT, para clasificar los tuits de los usuarios en 102 categorías. La información resultante se divide en ventanas de tiempo de 15 minutos para caracterizar la actividad de los usuarios y se utiliza para predecir si son bots o humanos mediante el clasificador propuesto: un ensamblado de siete redes neuronales basadas en LSTM. Este sistema obtuvo una precisión de 0,755 y un valor F1 de 0,777 % en el nuevo conjunto de datos.

show abstract

Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies

Asadi,

Jamali,

Heidari

et al. 2024

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Botnets have emerged as a significant internet security threat, comprising networks of compromised computers under the control of command and control (C&C) servers. These malevolent entities enable a range of malicious activities, from denial of service (DoS) attacks to spam distribution and phishing. Each bot operates as a malicious binary code on vulnerable hosts, granting remote control to attackers who can harness the combined processing power of these compromised hosts for synchronized, highly destructive attacks while maintaining anonymity. This survey explores botnets and their evolution, covering aspects such as their life cycles, C&C models, botnet communication protocols, detection methods, the unique environments botnets operate in, and strategies to evade detection tools. It analyzes research challenges and future directions related to botnets, with a particular focus on evasion and detection techniques, including methods like encryption and the use of covert channels for detection and the reinforcement of botnets. By reviewing existing research, the survey provides a comprehensive overview of botnets, from their origins to their evolving tactics, and evaluates how botnets evade detection and how to counteract their activities. Its primary goal is to inform the research community about the changing landscape of botnets and the challenges in combating these threats, offering guidance on addressing security concerns effectively through the highlighting of evasion and detection methods. The survey concludes by presenting future research directions, including using encryption and covert channels for detection and strategies to strengthen botnets. This aims to guide researchers in developing more robust security measures to combat botnets effectively.

show abstract

Botnet Business Models, Takedown Attempts, and the Darkweb Market: A Survey

Cited by 10 publications

References 46 publications

Multi-Identity Recognition of Darknet Vendors Based on Metric Learning

Multi-Identity Recognition of Darknet Vendors Based on Metric Learning

Botnet activity spotting with artificial intelligence: efficient bot malware detection and social bot identification

Botnets Unveiled: A Comprehensive Survey on Evolving Threats and Defense Strategies

Contact Info

Product

Resources

About