/Tor-Marketplace-Analysis

This repository hosts a comprehensive collection of code and analysis from our study on digital security in anonymous online marketplaces. It includes scripts for data collection, processing, and visualization, focusing on cyber threats, credential dynamics, and currency variations in dark web marketplaces.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Project README: Comprehensive Cybersecurity Data Analysis and Visualization Suite

Overview

This suite comprises three major projects dedicated to the analysis and visualization of cybersecurity data, focusing on malware networks, online account compromises, and infostealer malware logs. Each project provides a unique perspective on the digital threat landscape, offering detailed insights into malware economies and the value chain of infections and compromised access.

Projects Included:

  1. AccountAccessSet Analysis: Analyzes the trade of online accounts and private datasets in the Database Market within the Tor network.
  2. VictimAccessSet Analysis: Focuses on the Genesis Market's role in trading access to compromised online accounts.
  3. MalwareInfectionSet Analysis: Investigates infostealer malware logs made available online by various malware networks.

Dataset Origin

The datasets used in these projects are part of the study presented in the paper "Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access," published at the 12th International Workshop on Cyber Crime (IWCC 2023), part of the ARES Conference, by the ACM International Conference Proceedings Series.

Creators

  • Juha Nurmi
  • Mikko Niemelä
  • Billy Brumley

Dataset Overview

  • AccountAccessSet: Data from the Database Market, including online accounts and private datasets.
  • VictimAccessSet: Infostealer malware logs from the Genesis Market.
  • MalwareInfectionSet: Malware log dumps from 14 different malware networks.

Project Structure

Each project within this suite is housed in its directory, complete with specific scripts for data parsing, analysis, and visualization. The projects share a common goal but tackle different datasets and aspects of cybersecurity.

Common Features Across Projects:

  • Data Parsing and Database Management: Efficient handling of large datasets.
  • In-depth Data Analysis: Detailed examination of malware infections and compromised access.
  • Advanced Data Visualization: Graphical representations of complex data.
  • Ethical Data Handling: Adherence to ethical guidelines in data usage.

Usage

  • Navigate to individual project folders for specific instructions and scripts.
  • Run the appropriate scripts for data parsing, analysis, or visualization as per the project's focus.
  • Install necessary dependencies as listed in each project's README file.

Contributing

Contributions to enhance the projects are welcome. Please open an issue first to discuss what you would like to change.

PDF Reports

  • Detailed reports on the findings and analyses of each project are available in PDF format in the project base directory.

Disclaimer

All projects in this suite are for educational and research purposes only. The data is handled within the confines of ethical and legal standards.

Note: Individual project READMEs provide detailed information about each project's specific objectives, datasets, methodologies, and findings. The data sources have been curated and modeled under the Creative Commons Attribution 4.0 International License, omitting Personally Identifiable Information (PII).