Behavioural characteristics of cyber-criminals in online trading

Online trading companies are increasingly being subjected to fraudulent attacks on their website. Such cyber attacks use invented customer information and stolen credit cards to place advertisements to attempt to sell non-existent goods to regular users. Other fraudulent activity includes phishing (attempting to gain access to login and password information through emails purporting to come from the company) and clone sites, which are constructed around similar-looking URLs. By working with such a company, this research project will investigate two aspects of this activity. Firstly it will measure the amount of such cybercrime activity, the nature of this activity, whether it is increasing and whether patterns of activity can be determined. It will compare the ilevel of such behaviour i na single company with the results of the Commercial Victimisation Survey of the Home Office. Secondly, it will focus on those fraudulent criminals who register on the website, and seek to determine how their pattern of behaviour and information added by the cyber-offender differs from that of a regular user. The research will harvest weblogs, examining the webpage history and activities of both regular users and cyber -criminals and combining that with intelligent use of information collected during the registration process. Bayesian Network analysis and other behavioural mining techniques wil be used to build a prototype system with the intention of providing early detection of fraudulent behaviour. One part of this will seek to use sociodemographic information from user postcodes to identify dissonance between the value of goods being advertised and the classification of the postcode.

There will be four separate groups with whom we will generate impact.

First, the academic community currently has a dearth of research on cybercrime, and academics working in security, in fraud and in white-collar and organised crime are becoming interested in this topic. Impact will be generated through presentations at academic conferences and research journal publications.

Secondly, the non-academic partner and their customers will benefit from the research ideas generated through the proposed project, and the data analysis strategies used. It is anticipated that improved fraud detection will benefit these groups financially. Early detection of fraud will mean that car buyers will be less likely to view a fraudulent advert and therefore are less likely to fall victim to a cyber crime.

Thirdly, the improved fraud detection methodologies will be disseminated to other competitor companies running similar online trading businesses. This will be achieved through seminars which will include the Vehicle Safe Trading Advisory group. We will also present our work at WORLD CIS, a computer security and fraud conference.

Finally, we expect that government will also be interested in the results of our research. We have already been in contact with Samantha Dowling and Angela Scholes of the Cyber and Organised Crime Unit of the Home Office, and we will keep them informed of progress both through personal contact and through workshops. Improved estimation of cyber crime activity and increased knowledge of offender behaviour are both areas of considerable interest to the Home Office.