Cybercrime threat intelligence: A systematic multi-vocal literature review

摘要

Significant cybersecurity and threat intelligence analysts agree that online criminal activity is increasing exponentially. To offer an overview of the techniques and indicators to perform cyber crime detection by means of more complex machine- and deep-learning investigations as well as similar threat intelligence and engineering activities over multiple analysis levels (i.e., surface, deep, and darknets), we systematically analyze state of the art in such techniques. First, to aid the engineering and management of such intelligence solutions. We provide (ⅰ) a taxonomy of existing methods mapped to (ⅱ) an overview of detectable criminal activities as well as (ⅲ) an overview of the indicators and risk parameters that can be used for such detection. Second, to find the major engineering and management challenges and variables to be addressed. We apply a Topic Modelling Analysis to identify and analyze the most relevant threat concepts both in Surface and in Deep-, Dark-Web. Third, we identify gaps and challenges, defining a roadmap. Practitioners value and conclusions. The analysis mentioned above effectively provided a photograph of the scientific and practice gaps among the Surface Web and the Deep-, Dark-Web cybercrime and threat engineering and management. More specifically, our systematic literature review shows: (ⅰ) the dimensions of risk assessment techniques today available for the aforementioned areas-addressing these is vital for Law-enforcement agencies to combat cybercrime and cyber threats effectively; (ⅱ) what website features should be used in order to identify a cyber threat or attack- researchers and non-governmental organizations in support of Law Enforcement Agencies (LEAs) should cover these features with appropriate technologies to aid in the investigative processes; (ⅲ) what (limited) degree of anonymity is possible when crawling in Deep-, Dark-Web-researchers should strive to fill this gap with more and more advanced degrees of anonymity to grant protection to LEAs during their investigations.