Into the Deep Web
Understanding E-Commerce Fraud from Autonomous Chat with Cybercriminals
Peng Wang, Xiaojing Liao, Yue Qin, XiaoFeng Wang {pw7, xliao, qinyue, xw7}@indiana.eduin the Proceedings of Network and Distributed System Security Symposium (NDSS) 2020.Introduction
We designed and implemented the first chatbot, called Aubrey (AUtonomous chatBot foR intelligencE discoverY), for active threat intelligence gathering from e-commerce fraudsters.
Our approach leverages the question-driven conversation pattern of small-time workers, who seek jobs and/or attack resources from e-commerce fraudsters, to model the interaction process as a finite state machine (e.g., FSM), thereby enabling an autonomous conversation.
Our study shows that Aubrey is effective in e-commerce threat intelligence gathering, and helps expose a large amount of previously unknown, fraud-related artifacts. Our findings also bring new insights into the e-commerce fraud ecosystem. Such understanding and artifacts will help better defend against e-commerce fraudulent activities.
Architecture
FSMs for cybercriminals
Intelligence Collection
BibTex
@inproceedings{wang2020aubrey, title={Into the Deep Web: Understanding E-commerce Fraud from Autonomous Chat with Cybercriminals.}, author={Wang, Peng and Liao, Xiaojing and Qin, Yue and Wang, XiaoFeng}, booktitle={Proceedings of The Network and Distributed System Security Symposium}, year={2020}}Data & Code
Data and code can be viewed and downloaded here.