METHOD OF MARKETPLACE LEGITIMATE USER AND ATTACKER PROFILING
DOI:
https://doi.org/10.28925/2663-4023.2021.14.5067Keywords:
marketplace, user profile, user model, decision tree, behavior profilingAbstract
The number and complexity of cybercrime are constantly growing. New types of attacks and competition are emerging. The number of systems is growing faster than new cybersecurity professionals are learning, making it increasingly difficult to track users' actions in real-time manually. E-commerce is incredibly active. Not all retailers have enough resources to maintain their online stores, so they are forced to work with intermediaries. Unique trading platforms increasingly perform the role of intermediaries with their electronic catalogs (showcases), payment and logistics services, quality control - marketplaces. The article considers the problem of protecting the personal data of marketplace users. The article aims to develop a mathematical behavior model to increase the protection of the user's data to counter fraud (antifraud). Profiling can be built in two directions: profiling a legitimate user and an attacker (profitability and scoring issues are beyond the scope of this study). User profiling is based on typical behavior, amounts, and quantities of goods, the speed of filling the electronic cart, the number of refusals and returns, etc. A proprietary model for profiling user behavior based on the Python programming language and the Scikit-learn library using the method of random forest, linear regression, and decision tree was proposed, metrics were used using an error matrix, and algorithms were evaluated. As a result of comparing the evaluation of these algorithms of three methods, the linear regression method showed the best results: A is 98.60%, P is 0.01%, R is 0.54%, F is 0.33%. 2% of violators have been correctly identified, which positively affects the protection of personal data.
Downloads
References
Zachek, O., Dmytryk, Y. (2020). Application of Profiling to Combat Cyber Crime. Social Legal Studios 10(4), 94–100. doi:10.32518/2617-4162-2020-4-94-100.
Kirwan, G., Power, A. (2012). The Psychology of Cyber Crime. Advances in Digital Crime, Forensics, and Cyber Terrorism. doi:10.4018/978-1-61350-350-8.
Shinder, D., Tittel, E. (2002). Scene of the Cybercrime—Computer Forensics Handbook, 1st ed. Syngress Publishing.
Warikoo, A. (2014). Proposed Methodology for Cyber Criminal Profiling. Information Security Journal: A Global Perspective 23(4-6), 172–178. doi:10.1080/19393555.2014.931491.
Georgiev, V. (2019). Profiling Human Roles in Cybercrime. Information & Security: An International Journal 43(2), 145–160. doi:10.11610/isij.4313.
Turney, B. E. (2012). Criminal Profiling: An Introduction to Behavior Evidence Analysis. Fourth Edition (Elsevier, Oxford).
Conclusion. (1999). Geographic Profiling. doi:10.1201/9781420048780.ch12.
Muller, D. A. (2000). Criminal Profiling. Homicide Studies 4(3), 234–264. doi:10.1177/1088767900004003003.
Herndon, J. S., Kocsis, R. N. (2006). Criminal Profiling: Principles and Practice. Journal of Police and Criminal Psychology 22(1), 57–58. doi:10.1007/s11896-007-9005-4.
Rimestad, S. (2015). Seksualitāte un sociāla kontrole Latvijā 1914–1939, INETA LIPŠA, Rīga, Zinātne, 2014. ISBN 978-9984-879-65-9. Journal of Baltic Studies 46(3), 416–419. doi:10.1080/01629778.2015.1073921.
Kipane, A. (2019). Meaning of Profiling of Cybercriminals in the Security Context. SHS Web of Conferences. Vol. 68. P. 01009. URL: https://doi.org/10.1051/shsconf/20196801009.
Kshetri N. (2010). The Global Cybercrime Industry: Economic, institutional and Strategic Perspectives. Heidelberg : Springer, 2010. isbn:9783642115219.
Forests of Randomized Trees. https://scikit-learn.org/stable/modules/ensemble.html#
forests-of-randomized-trees.
Labintcev, E. (2017). Metrics in Machine Learning Problems. https://habr.com/ru/
company/ods/blog/328372/.
Robinson, S. K-Nearest Neighbors Algorithm in Python and Scikit-Learn. https://stackabuse.com/k-nearest-neighbors-algorithm-in-python-and-scikit-learn/.
Installing Scikit-Learn. https://scikit-learn.org/stable/install.html.
Geetha, P., Naikodi, C., Suresh, L. (2020). K-Anonymization based Temporal Attack Risk Detection using machine learning paradigms. Journal of Circuits, Systems and Computers. doi:10.1142/S021812662150050X.
Protection of Personal Data. (2016). Security and Privacy in the Digital Era, 29–38. doi:10.1002/9781119347750.ch2.
