TY - JOUR
T1 - Cybercrime threat intelligence
T2 - A systematic multi-vocal literature review
AU - Cascavilla, Giuseppe
AU - Tamburri, Damian A.
AU - van den Heuvel, Willem Jan
N1 - .
PY - 2021/6
Y1 - 2021/6
N2 - Significant cybersecurity and threat intelligence analysts agree that online criminal activity is increasing exponentially. To offer an overview of the techniques and indicators to perform cyber crime detection by means of more complex machine- and deep-learning investigations as well as similar threat intelligence and engineering activities over multiple analysis levels (i.e., surface, deep, and darknets), we systematically analyze state of the art in such techniques. First, to aid the engineering and management of such intelligence solutions. We provide (i) a taxonomy of existing methods mapped to (ii) an overview of detectable criminal activities as well as (iii) an overview of the indicators and risk parameters that can be used for such detection. Second, to find the major engineering and management challenges and variables to be addressed. We apply a Topic Modelling Analysis to identify and analyze the most relevant threat concepts both in Surface and in Deep-, Dark-Web. Third, we identify gaps and challenges, defining a roadmap. Practitioners value and conclusions. The analysis mentioned above effectively provided a photograph of the scientific and practice gaps among the Surface Web and the Deep-, Dark-Web cybercrime and threat engineering and management. More specifically, our systematic literature review shows: (i) the dimensions of risk assessment techniques today available for the aforementioned areas—addressing these is vital for Law-enforcement agencies to combat cybercrime and cyber threats effectively; (ii) what website features should be used in order to identify a cyber threat or attack—researchers and non-governmental organizations in support of Law Enforcement Agencies (LEAs) should cover these features with appropriate technologies to aid in the investigative processes; (iii) what (limited) degree of anonymity is possible when crawling in Deep-, Dark-Web—researchers should strive to fill this gap with more and more advanced degrees of anonymity to grant protection to LEAs during their investigations.
AB - Significant cybersecurity and threat intelligence analysts agree that online criminal activity is increasing exponentially. To offer an overview of the techniques and indicators to perform cyber crime detection by means of more complex machine- and deep-learning investigations as well as similar threat intelligence and engineering activities over multiple analysis levels (i.e., surface, deep, and darknets), we systematically analyze state of the art in such techniques. First, to aid the engineering and management of such intelligence solutions. We provide (i) a taxonomy of existing methods mapped to (ii) an overview of detectable criminal activities as well as (iii) an overview of the indicators and risk parameters that can be used for such detection. Second, to find the major engineering and management challenges and variables to be addressed. We apply a Topic Modelling Analysis to identify and analyze the most relevant threat concepts both in Surface and in Deep-, Dark-Web. Third, we identify gaps and challenges, defining a roadmap. Practitioners value and conclusions. The analysis mentioned above effectively provided a photograph of the scientific and practice gaps among the Surface Web and the Deep-, Dark-Web cybercrime and threat engineering and management. More specifically, our systematic literature review shows: (i) the dimensions of risk assessment techniques today available for the aforementioned areas—addressing these is vital for Law-enforcement agencies to combat cybercrime and cyber threats effectively; (ii) what website features should be used in order to identify a cyber threat or attack—researchers and non-governmental organizations in support of Law Enforcement Agencies (LEAs) should cover these features with appropriate technologies to aid in the investigative processes; (iii) what (limited) degree of anonymity is possible when crawling in Deep-, Dark-Web—researchers should strive to fill this gap with more and more advanced degrees of anonymity to grant protection to LEAs during their investigations.
KW - Cyber threat intelligence
KW - Cybersecurity
KW - Dark web
KW - Deep web
KW - Surface web
KW - Topic modelling
UR - http://www.scopus.com/inward/record.url?scp=85102247065&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2021.102258
DO - 10.1016/j.cose.2021.102258
M3 - Review article
AN - SCOPUS:85102247065
SN - 0167-4048
VL - 105
JO - Computers and Security
JF - Computers and Security
M1 - 102258
ER -