Automatically Identifying Cyber-criminals

Greetings from the Australian National University in Canberra where Dr Robert Layton, Research Associate, Internet Commerce Security Laboratory (ICSL), University of Ballarat, is discussing how to automatically identify cyber-criminals. He uses artificial intelligence software to compare document created on-line for Phishing. The software can identify which documents are from the same criminal gangs, so that those gangs can be targeted. Also the software can be used to monitor on-line chat rooms where illicit good are bought and sold, to identify those involved. Also the source code of malware can be subject to analysis to see if it has a common author.

Robert pointed out that response to such activities by authorities has to be prompt. It is possible to contact the host provider where an illegal activity is identified and ask for it to be "taken down". But the criminal can ear a significant amount of money in the hours or days this takes.

While  Robert was discussing identifying criminal activities, the same techniques would be applicable in defending from attack in cyber-warfare.  One of the major problems in cyber-warfare is knowing who is attacking you. An attacker can disguise a coordinated attack as a series of apparently unconnected non-state sponsored criminal acts. In this way the attacker can avoid retaliation, on-line or by kinetic means (that is by using conventional military force). If the attacker can be identified then they can be targeted using a cyber-attack, electronic warfare or using a bomb, missile or special forces raid.

ANU CECS SEMINAR SERIES

Indirect Attribution of Cybercrime

Dr Robert Layton, Research Associate (ICSL, University of Ballarat )

CECS SEMINAR SERIES

DATE: 2013-05-30
TIME: 15:00:00 - 16:00:00
LOCATION: CSIT Seminar Room, N101
CONTACT: peter.christen@anu.edu.au

ABSTRACT:
In this talk, Robert will be discussing some of the issues relating to indirect attribution of cybercrime, and how authorship analysis provides techniques to overcome issues of traceability on the internet. Further, he will discuss the state-of-the-art in authorship analysis, as applied to written documents. Finally, he will discuss some of the clues that are appearing within these techniques for attribution studies in non-written documents and how this relates to some other techniques in machine learning.
BIO:
Dr. Robert Layton is a researcher at the Internet Commerce Security Laboratory (ICSL) at the University of Ballarat. His research investigates authorship analysis methods, particularly in unsupervised applications to cybercrime. He completed his PhD in 2011, investigating an application of these techniques to phishing webpages, in order to determine the size and scope of the operations behind them. He is now continuing his research at the ICSL, working with industry partners Westpac, Australian Federal Police and IBM. Current projects include the application of the techniques to alias-matching in IRC rooms and online reviews.