Dark Vendor Profilng

Abstract

Tor hidden services and anonymity tools alike provide an avenue for cyber criminals to conduct illegal activities online without fear of consequences. In particular, dark marketplaces are hidden services that enable the trade of paraphernalia such as drugs, weapons, malware, counterfeit identities, and pornography among other items of criminal nature. Several effective Dark Web analysis techniques have been proposed for Dark Web Forums and primarily focus on authorship analysis where the goal is one of two tasks: (a) user attribution, where a user is profiled and identified given an artifact they own, and (b) alias attribution, where pairs of users are identified to belong to the same individual. While these techniques may support dark web investigations and help to identify and locate perpetrators, existing automated techniques are predominately forum-based and stylometry-based, leaving non-textual artifacts, such as images, out of consideration due to the illicit nature of dark marketplace listings. Thus, new methodologies for adequate evidence collection and image handling in dark marketplaces are in demand. In this research, we collect stylometric, image, and attribute-based artifacts from 25 dark marketplaces and propose a machine learning based Dark Vendor Profiling methodology to achieve vendor attribution and alias attribution across dark marketplaces, thereby supporting investigative efforts in deanonymizing cyber criminals acting on the anonymous web.