DocumentCode :
154247
Title :
Automatic Identification of Replicated Criminal Websites Using Combined Clustering
Author :
Drew, Jake ; Moore, Tyler
Author_Institution :
Comput. Sci. & Eng. Dept., Southern Methodist Univ., Dallas, TX, USA
fYear :
2014
fDate :
17-18 May 2014
Firstpage :
116
Lastpage :
123
Abstract :
To be successful, cyber criminals must figure out how to scale their scams. They duplicate content on new websites, often staying one step ahead of defenders that shut down past schemes. For some scams, such as phishing and counterfeit-goods shops, the duplicated content remains nearly identical. In others, such as advanced-fee fraud and online Ponzi schemes, the criminal must alter content so that it appears different in order to evade detection by victims and law enforcement. Nevertheless, similarities often remain, in terms of the website structure or content, since making truly unique copies does not scale well. In this paper, we present a novel combined clustering method that links together replicated scam websites, even when the criminal has taken steps to hide connections. We evaluate its performance against two collected datasets of scam websites: fake-escrow services and high-yield investment programs (HYIPs). We find that our method more accurately groups similar websites together than does existing general-purpose consensus clustering methods.
Keywords :
Web sites; pattern classification; security of data; Web site content; Web site structure; advanced-fee fraud scheme; combined clustering; cyber criminals; duplicated content; fake-escrow services; high-yield investment programs; online Ponzi scheme; replicated criminal Web sites; Clustering algorithms; Clustering methods; HTML; Indexes; Investment; Manuals; Sociology;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security and Privacy Workshops (SPW), 2014 IEEE
Conference_Location :
San Jose, CA
Type :
conf
DOI :
10.1109/SPW.2014.26
Filename :
6957294
Link To Document :
بازگشت