Journal article Open Access

Cybercrime threat intelligence: A systematic multi-vocal literature review

Giuseppe Cascavilla; Damian Tamburri; Willem-JanVan Den Heuvel

MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="">
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">Cyber threat intelligence; ; CybersecurityDark web; Deep web; Surface web; Topic modelling</subfield>
  <controlfield tag="005">20210312122723.0</controlfield>
  <datafield tag="500" ind1=" " ind2=" ">
    <subfield code="a">grant "PRoTECT" under grant Nno. 815356</subfield>
  <controlfield tag="001">4600794</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Eindhoven University of Technology, Jheronimus Academy of Data Science</subfield>
    <subfield code="a">Damian Tamburri</subfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Tilburg University, Jheronimus Academy of Data Science</subfield>
    <subfield code="a">Willem-JanVan Den Heuvel</subfield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">4186273</subfield>
    <subfield code="z">md5:8f0c6d2b22be7460add339f16567938f</subfield>
    <subfield code="u"></subfield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2021-03-12</subfield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-787061</subfield>
    <subfield code="o"></subfield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Eindhoven University of Technology, Jheronimus Academy of Data Science</subfield>
    <subfield code="a">Giuseppe Cascavilla</subfield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Cybercrime threat intelligence: A systematic multi-vocal literature review</subfield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-787061</subfield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">787061</subfield>
    <subfield code="a">Advanced tools for fighting oNline Illegal TrAfficking</subfield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u"></subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2"></subfield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Significant cybersecurity and threat intelligence analysts agree that online criminal activity is increasing exponentially. To offer an overview of the techniques and indicators to perform cybercrime detection by means of more complex machine- and deep-learning investigations as well as similar threat intelligence and engineering activities over multiple analysis levels (i.e., surface, deep, and darknets), we systematically analyze state of the art in such techniques. First, to aid the engineering and management of such intelligence solutions. We provide&amp;nbsp;&lt;em&gt;(i)&lt;/em&gt;&amp;nbsp;a taxonomy of existing methods mapped to&amp;nbsp;&lt;em&gt;(ii)&lt;/em&gt;&amp;nbsp;an overview of detectable criminal activities as well as&amp;nbsp;&lt;em&gt;(iii)&lt;/em&gt;&amp;nbsp;an overview of the indicators and risk parameters that can be used for such detection. Second, to find the major engineering and management challenges and variables to be addressed. We apply a Topic Modelling Analysis to identify and analyze the most relevant threat concepts both in Surface and in Deep-, Dark-Web. Third, we identify gaps and challenges, defining a roadmap.&amp;nbsp;&lt;em&gt;Practitioners value and conclusions.&lt;/em&gt;&amp;nbsp;The analysis mentioned above effectively provided a photograph of the scientific and practice gaps among the Surface Web and the Deep-, Dark-Web&amp;nbsp;&lt;a href=""&gt;cybercrime&lt;/a&gt;&amp;nbsp;and threat engineering and management. More specifically, our systematic literature review shows:&amp;nbsp;&lt;em&gt;(i)&lt;/em&gt;&amp;nbsp;the dimensions of risk assessment techniques today available for the aforementioned areas&amp;mdash;addressing these is vital for Law-enforcement agencies to combat cybercrime and cyber threats effectively;&amp;nbsp;&lt;em&gt;(ii)&lt;/em&gt;&amp;nbsp;what website features should be used in order to identify a cyber threat or attack&amp;mdash;researchers and non-governmental organizations in support of Law Enforcement Agencies (LEAs) should cover these features with appropriate technologies to aid in the investigative processes;&amp;nbsp;&lt;em&gt;(iii)&lt;/em&gt;&amp;nbsp;what (limited) degree of anonymity is possible when crawling in Deep-, Dark-Web&amp;mdash;researchers should strive to fill this gap with more and more advanced degrees of anonymity to grant protection to LEAs during their investigations&lt;/p&gt;

  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.1016/j.cose.2021.102258</subfield>
    <subfield code="2">doi</subfield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">article</subfield>
Views 32
Downloads 41
Data volume 171.6 MB
Unique views 31
Unique downloads 36


Cite as