A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums

doi:10.1016/j.dss.2021.113651

Decision Support Systems

Volume 152, January 2022, 113651

https://doi.org/10.1016/j.dss.2021.113651 Get rights and content

Highlights

•
Novel text-mining based cyber-risk assessment and mitigation framework.
•
Identify hacker expertise using explicit and implicit features on online forums.
•
Expert hackers demonstrate leadership in online forums.
•
Compute financial impact for every {hacker expertise, attack-type} combination.
•
Prioritize hacker mitigation strategies.

Abstract

Online hacker communities are meeting spots for aspiring and seasoned cybercriminals where they engage in technical discussions, share exploits and relevant hacking tools to be used in launching cyber-attacks on business organizations. Sometimes, the affected organizations can detect these attacks in advance, with the help of cyber-threat intelligence derived from the explicit and implicit features of hacker communication in these forums. Herein, we proposed a novel text-mining based cyber-risk assessment and mitigation framework, which performs the following critical tasks. (i) Cyber-risk Assessment - to identify hacker expertise (i.e., newbie, beginner, intermediate, and advanced) using explicit and implicit features applying various classification algorithms. Among these features, cybersecurity keywords, sharing of attachments, and sentiments emerged as significant. Further, we found that expert hackers demonstrate leadership in the online forums that eventually serve as communities of practice. Consequently, novice hackers gradually develop their cyber-attack skills through prolonged observations, interactions, and external influences in this social learning process. (ii) Cyber-risk mitigation – computes financial impact for every {hacker expertise, attack-type} combination, and then by ranking them on a {likelihood, impact} decision-matrix to prioritize mitigation strategies in affected organizations. Through these novel recommendations, our framework can guide managers to decide on appropriate cybersecurity controls using an {expected loss, probability, attack-type, hacker expertise} metric against financial losses due to cyber-attacks.

Introduction

Cybercriminals have adversely impacted the global economy to billions of dollars of losses across various organizations in recent years. For instance, in December 2020, attackers conducted a large-scale breach across the users of Orion, a network monitoring product by SolarWinds. Organizations affected in the attack included top U.S. federal agencies such as the Department of Justice, U.S. Treasury, Homeland Security, and Fortune 500 companies such as Microsoft, Intel, Cisco and their own clients, as well as cybersecurity firm FireEye and many more.¹ Threat actors used a malware code named Sunburst and surreptitiously introduced it into the organizational networks as early as September 2019 but went undetected for over a year.² In another incident during January 2021, state-sponsored threat groups actively exploited four zero-day vulnerabilities in the Microsoft Exchange server, and deployed backdoors to launch widespread attacks. Some of the most targeted industries in this attack were government and military (23%), followed by manufacturing (15%), and banking and financial services (14%).³ These incidents suggest an ever-growing trend where the likelihood of cyber-attacks are increasing in recent years, and are continuing to have a significant negative economic impact on organizations.⁴ According to a recent World Economic Forum Report,⁵ organizations need to use “active defence” to survive in the age of advanced cyber-threats. Therefore, cyber-attacks require proactive intervention from governmental, non-governmental, and business organizations alike.

Globally, hacker communities, also known as “dark forums”, have become one-stop sites for cyber-criminals who exchange malicious technical knowledge, hacking tools and exploits before conducting cyber-attacks. These online “dark forums” are novel and promising sources of cyber-threat intelligence that firms and technology professionals can proactively scan to avert future cyber-attacks [6,46]. These forums originally belong to the “Dark Web”, which can be of four primary types: dark forums, internet chat boards, darknet markets, and carding shops. This study focuses on dark forums as virtual communities-of-practice where groups of people share a mutual concern - i.e., the pursuit of malicious technical knowledge [36,46]. Armstrong and Hagel [2] have defined virtual communities as computer-mediated platforms where they highlight member-generated content, leading to its mutually cognitive integration of the content. To elaborate, we present the message exchange mechanism for the Hackhound forum⁶ (Table 1), where hackers seek to expand their knowledge through continual interaction [20]. A beginner hacker is interested in acquiring knowledge: e.g., David87965 participated in Books from offensive sub-forum to gather technical information and Members' security to inquire about a possible breach.

In contrast, senior hackers are more interested in sharing knowledge. For instance, Hacker4Life shared a malicious worm in Black Worm Generator sub-forum. The Community of Practice Theory [51] supports these behavioural traits through social learning, where an individual's knowledge acquisition is dependent mainly on peers and mutual interactions among them [13]. Such knowledge-sharing behaviour can serve as explicit predictors of hacker expertise, where beginners posted messages at a rate of 520/159 = 3.271 per hacker versus 665/374 = 1.778 per newbie.

Again, analysts can examine message-exchange mechanisms in these dark forums to reveal implicit predictors of hacker expertise, such as the number of cyber-security keywords published by each hacker. For instance, “intermediate” hackers, Hacker4Life wrote “dark worm,” and BlackArray posted “improved security scanner,” which were technically more enriching than what “beginner” hacker googlefloober and David87965 wrote. Therefore, cyber-security analysts can detect hacker expertise using such meaningful combinations of explicit and implicit message-exchange features. Subsequently, firms can design mitigation strategies based on the hacker's level of knowledge (i.e. expertise) and type of attack he/she can inflict, thereby preventing future attacks. Such proactive IT risk management techniques are known as cyber-threat intelligence [5,6,34,45]. For instance, sensitive financial⁷ and personal information⁸ leaked from consumers is often available on darknet forums for sale. Credit-monitoring firms can proactively investigate these forums, extract similar information and possibly prevent large-scale data breaches in future. With this in mind, scholars and practitioners admit that a deeper understanding based on hackers' explicit and implicit message-exchange behaviour is required to determine their expertise. These are eventually needed to minimize the efficacy and extent of similar attacks in the future. Therefore, building from these current gaps and objectives of organization-level cyber-threat intelligence, we pose three research questions that are highly relevant for firms and cyber-security researchers:

•
RQ1: What are the determinants (both explicit and implicit) of the expertise of hackers {such as newbie, beginner, intermediate, or advanced} in dark forums?
•
RQ2: What is the likelihood of getting attacked by a hacker even after a successful cyber-threat intelligence analysis?
•
RQ3: What will be a firm's cyber-risk mitigation strategy {expected loss, probability} when faced with different types of attacks from these hackers for {attack-type, hacker expertise}?

We seek answers to these questions by proposing a two-stage framework, as shown in Fig. 1. In the first stage, we built a cyber-risk assessment module, using hacker-expertise as an input that we measured by (i) quantitative features, or explicit (by examining participation behaviour of the hackers within the dark forum), and (ii) qualitative features, which were implicit (by analyzing the content of communication made by hackers). This module provides us with the probability of correctly classifying hackers into various expertise levels: novice, beginner, intermediate, and advanced. In the second stage, we built a cyber-risk mitigation module, where (i) we apply this probability to compute the expected losses arising from major attack-types which these hackers could launch if they went undetected, (ii) built a risk-impact matrix using the {expected loss, probability, attack-type, hacker expertise} tuple, and (iii) proposed cyber-risk mitigation strategies using the risk-impact matrix. This study found that firms are most vulnerable to phishing attacks that compromise personal and financial information [3,15], followed by virus attacks launched by midway groups of hackers such as intermediate and beginners. Based on these findings, this study proposed actionable risk mitigation strategies.

The remainder of this paper is organized as follows. Section 2 presents an overview of existing studies and theoretical premises on hacker forums and the “dark side of information technology”. Section 3 explores the data and describes the methodology. Section 4 presents the modelling techniques. Section 5 presents the empirical results. Finally, section 6 discusses the research findings from the results, implications of this study, and concluding remarks.

Section snippets

Background work on Hacker forums and dark-side of information technology

Scholars have examined hacker forums as a part of the literature on the “dark side of information technology” [16,18]. These forums allow hackers to exchange messages, malicious codes and other technical assets [4,22,45,46]. Often, these discussions help in breaching the computer networks of organizations and cause financial losses [7,18,40]. Primarily, there are four categories of dark web platforms that researchers have examined to extract first-hand cyber-threat intelligence [6], namely: (i)

Variables used to build the cyber-risk assessment module

We collected hacker-forum data for the Hackhound Forum available with AZSecure Portal, Artificial Intelligence Lab at the University of Arizona. Before pre-processing, the dataset consisted of 4242 forum posts by 834 unique hackers from October 2012 to September 2015, on a diverse set of hacking topics collected in 2015. First, we categorized the determinants of a hacker's expertise in a Darknet forum into explicit and implicit features. These were further subdivided into (i) forum-usage (

Cyber-risk assessment: probability computation for detecting expert hackers

We applied classification algorithms to offer a baseline performance evaluation for our multi-class hacker taxonomy problem. Due to the ordinal nature of the operationalized variables, we used M1a: k-Nearest Neighbor (k−NN), M1b: CART (Classification and Regression Tree) [12], M1c: Ensemble Boosted Tree [12], M1d: Multinomial Logit, and M1e: Hierarchical Logit in MATLAB. The generalized form of detection probability (or classification accuracy) is: p(Y = j| X₁ = α₁, X₂ = α₂, …, X₁₄ = α₁₄) where X₁,

Results from the cyber-risk assessment module

Table 8 compares the model-building results from the six classification algorithms: the hierarchical logit classifier (M1e) performs best at 84.852% overall accuracy, followed by the multinomial logit (M1d) 83.025% accuracy. The CART-based decision tree (M1b) achieves an overall accuracy of 72.288%, the k-nearest neighbor algorithm (M1a) at 71.453%, and the boosted tree algorithm (M1c) performs at 81.146% overall accuracy. We compared our results with prior studies and found that none of then

Discussion of research findings from results

We discuss the research findings based on the results of the Hierarchical Logit Classifier presented in Table 10 and Eqs. (3), (4), (5). Among forum usage features, we find that days spent in the forum is insignificant in determining hacker expertise across all levels of expertise (β = − 0.081; β = − 0.008; β = − 0.047). Our findings coincide with Benjamin et al. [5,6] and Chen et al. [13], who analyzed knowledge contribution behaviour in an online knowledge exchange community. However,

Acknowledgements

The authors express their sincerest thanks to the anonymous referees for their constructive suggestions. The authors also thank the Editor-in-Chief of this journal, Professor James R. Marsden, for his overall inputs and support throughout the revision process.

Baidyanath Biswas is an Assistant Professor of MIS and Analytics Group at the International Management Institute Kolkata, India. His research has appeared in Decision Support Systems, Electronic Markets, Computers in Industrial Engineering, and the Journal of Enterprise Information Management. Baidyanath is also associated with top peer-reviewed international conferences, namely, HICSS and ICIS. He has a rich industry-experience of nine years working as a mainframe and DB2 database analyst at

References (53)

N. Azeez et al.
Adopting automated whitelist approach for detecting phishing attacks
Comp. Security
(2021)
B. Biswas et al.
Examining the determinants of the count of customer reviews in peer-to-peer home-sharing platforms using clustering and count regression techniques
Decis. Support. Syst.
(2020)
L. Chen et al.
Why do participants continue to contribute? Evaluation of usefulness voting and commenting motivational affordances within an online knowledge community
Decis. Support. Syst.
(2019)
L. Chen et al.
A linguistic signaling model of social support exchange in online health communities
Decis. Support. Syst.
(2020)
R. Chen et al.
An examination of the effect of recent phishing encounters on phishing susceptibility
Decis. Support. Syst.
(2020)
Y.H. Fang et al.
Leveraging sociability for trust building on social commerce sites
Electron. Commer. Res. Appl.
(2020)
E. Fersini et al.
Expressive signals in social media languages to improve polarity detection
Inf. Process. Manag.
(2016)
S.M. Horng et al.
How behaviors on social network sites and online social capital influence social commerce intentions
Inf. Manag.
(2020)
S. Jiang et al.
Analyzing firm-specific social media and market: a stakeholder-based event analysis framework
Decis. Support. Syst.
(2014)
J. Jin et al.
Why users contribute knowledge to online communities: an empirical study of an online social Q&a community
Inf. Manag.
(2015)

S.J. Kim et al.

The paradox of (dis) trust in sponsorship disclosure: the characteristics and effects of sponsored online consumer reviews

Decis. Support. Syst.

(2019)

H.C. Lin et al.

What motivates health information exchange in social media? The roles of the social cognitive theory and perceived interactivity

Inf. Manag.

(2018)

A. Mukhopadhyay et al.

Cyber-risk decision models: to insure IT or not?

Decis. Support. Syst.

(2013)

I. Park et al.

Disentangling the effects of efficacy-facilitating informational support on health resilience in online health communities based on phrase-level text analysis

Inf. Manag.

(2020)

M. Salehan et al.

Predicting the performance of online consumer reviews: a sentiment mining approach to big data analytics

Decis. Support. Syst.

(2016)

A. Vishwanath et al.

Cyber hygiene: the concept, its measure, and its initial tests

Decis. Support. Syst.

(2020)

J. Wu et al.

How to increase customer repeated bookings in the short-term room rental market? A large-scale granular data investigation

Decis. Support. Syst.

(2021)

K. Xie et al.

Value co-creation between firms and customers: the role of big data-based cooperative assets

Inf. Manag.

(2016)

X. Yang et al.

Modeling relationships between retail prices and consumer reviews: a machine discovery approach and comprehensive evaluations

Decis. Support. Syst.

(2021)

H. Akman et al.

Co-creating value in online innovation communities

Eur. J. Mark.

(2019)

A. Armstrong et al.

Net Gain: Expanding Markets through Virtual Communities

(1997)

V. Benjamin et al.

Securing cyberspace: identifying key actors in hacker communities

V. Benjamin et al.

Examining Hacker participation length in cybercriminal internet-relay-chat communities

J. Manag. Inf. Syst.

(2016)

V. Benjamin et al.

DICE-E: a framework for conducting Darknet identification, collection, evaluation with ethics

MIS Q.

(2019)

B. Biswas et al.

G-RAM framework for software risk assessment and mitigation strategies in organizations

J. Enterp. Inf. Manag.

(2018)

B. Biswas et al.

“Leadership in action: how top hackers behave” a big-data approach with text-mining and sentiment analysis

Cited by (30)

Prioritising national healthcare service issues from free text feedback – A computational text analysis & predictive modelling approach
2024, Decision Support Systems
Patient experience surveys have become a key source of evidence for supporting decision-making and continuous quality improvement within healthcare services. To harness free-text feedback collected as part of these surveys for additional insights, text analytics methods are increasingly employed when the data collected is not amenable to traditional qualitative analysis due to volume. However, while text analytics techniques offer good predictive capabilities, they have limited explanatory features often required in formal decision-making contexts, such as programme monitoring or evaluation. To overcome these limitations, this study integrates computational text and predictive modelling as part of a Computational Grounded Theory method to determine the effect of quality gaps in care dimensions and their prioritisation from free-text feedback. The feedback was collected as part of a national survey to support decisions on continuous improvement in Maternity Services in Ireland. Our approach enables (1) operationalising the service quality lexicon in the context of maternity care to explain the effect of quality gaps in care dimensions on overall satisfaction from free-text comments; and (2) extending the service quality lexicon with two organisational and political decision-making concepts: “Salience” and “Valence”, for prioritising perceived quality gaps. These methodological affordances enable the extension of service quality theory to explicitly support the prioritisation of improvement decisions which before now required additional decision frameworks. Results show that tangibles-, process-, and reliability-related care issues have the highest importance in our study context. We also find that hospital contexts partly determine the relative importance of gaps in care dimensions.
Detecting fake reviewers from the social context with a graph neural network method
2024, Decision Support Systems
With the development of mobile Web technologies, people can easily seek advice from social media before making purchases or decisions. Some companies employ expert writers to fabricate reviews or use automated techniques to improve the appeal of their products or services, or to undermine the credibility of their rivals. This obstructs the detection of fake reviews and reviewers. This paper proposes a novel graph neural network-based framework for detecting spammers, who originate fake reviews in discussion forums to capture information from different social network combinations in various subgraphs. These subgraphs include a complete social context graph, homogeneous user–user subgraph, and heterogeneous user–post subgraph. A novel two-stage architecture with focal loss was designed to create a training model. This model can be applied to solve the issue of imbalance data classification. The proposed framework was applied to evaluate a ground truth dataset collected from an actual fraudulent review event on a discussion forum. The experimental results show that this aggregate social context representation method can be effectively applied to detect fake reviewers.
A framework for cyber-risk insurance against ransomware: A mixed-method approach
2024, International Journal of Information Management
Hackers follow a standard cyber kill chain process and install ransomware payloads using phishing emails on firms belonging to critical industry, resulting in huge losses in revenue, reputation, and customer churn. This study uses a mixed-method explanatory approach to mitigate ransomware attacks. We present the quantitative Ransomware Risk Management Model (R2M2) based on protection motivation theory (PMT). The Ransomware Risk Assessment module based on the threat appraisal component of PMT and the National Institute of Standards and Technology (NIST) guidelines can help the chief information security officer (CISO) to assess the risk using predictive analytics techniques. The Ransomware Risk Quantification module uses collective risk modeling to compute the severity of a ransomware attack on an organization. The Ransomware Risk Mitigation module helps the CISO to minimize the probability and impact of a ransomware attack on their organization by (i) investing in perimeter security technologies and training to ensure prepare, deter, detect, restrain, recover, and review mitigation strategies, (ii) adopting the National Institue of Standards and Technology (NIST) Cybersecurity Framework to ensure business resilience, and (iii) mitigating the residual risk by investing in cyber-risk insurance. We validated the proposed method using a qualitative study by interviewing participants form firms affected by ransomware, managed security service providers, security consultants, and cyber-risk insurers.
A hybrid framework using explainable AI (XAI) in cyber-risk management for defence and recovery against phishing attacks
2024, Decision Support Systems
Phishing and social engineering contribute to various cyber incidents such as data breaches and ransomware attacks, financial frauds, and denial of service attacks. Often, phishers discuss these attack vectors in dark forums. Further, the probability of phishing attacks and the subsequent loss suffered by the firm are highly correlated. In this context, we propose a hybrid framework using explainable AI techniques to assess cyber-risks generated from correlated phishing attacks. The first phase computes the probability of expert phishers within a community of similar attackers with varying expertise. The second phase calculates the probability of phishing attacks upon a firm even after it has invested in IT security and adopted regulatory steps. The third phase categorises phishing and genuine URLs using various machine-learning-based classifiers. Next, it estimates the joint distribution of phishing attacks using an exponential-beta distribution and quantifies the expected loss using Archimedean Copula. Finally, we offer recommendations for firms through the computation of optimal investments in cyber-insurance versus IT security. First, based on the risk attitude of a firm, it can use this explainable-AI (XAI) framework to optimally invest in building security into its enterprise architecture and plan for cyber-risk mitigation strategies. Second, we identify a long-tail phenomenon demonstrated by the losses suffered during most cyber-attacks, which are not one-off incidents and are correlated. Third, contrary to the belief that cyber-insurance markets are ineffective, it can guide financial firms to design realistic cyber-insurance products.
Developing a contextual model of poverty prediction using data science and analytics – The case of Shelby County
2024, Decision Support Systems
This study builds on the existing poverty literature and leverages data from disparate sources including both big data sources such as satellite images and traditional data sources such as the federal, state, and local agencies to develop a context-specific poverty prediction model using design science. We examine whether and to what extent infrastructure development as measured from the satellite images as well as spatial spillovers helps predict the poverty rate of a given census tract. We also develop and implement a Vector Autoregression (VAR) based ensemble model that combines predictions from daytime and nighttime imaging with adjacent tracts' poverty rates and other economic and demographic factors identified in prior literature. Our results show that daytime imaging and spatial network features have significant predictive value and that a combination of these features gives the best predictive power. In addition, we find that the skewness of poverty rates among adjacent census tracts, not the average, is a significant predictor showing the importance of distribution of poverty around a region. Our work has major implications for researchers using deep learning and network analysis for policy development and decision making.
A text analytics model for agricultural knowledge discovery and sustainable food production: A case study from Oklahoma Panhandle
2023, Decision Analytics Journal
With recent increases in the use of social media in agricultural communities, many farmers are showing more and more interest in participating in social media and sharing different aspects of their profession with peers and policymakers. However, researchers have not explored this valuable data source well enough to help improve agribusiness decision-making. This study aims to investigate the potential capability and richness of social media for agricultural knowledge discovery, which can help monitor, detect, and predict critical agricultural events and activities and develop more sustainable food production and agricultural economy. This research utilizes text-mining tools and techniques to collect, process, and mine unstructured textual data from Twitter. Then, it examines the agreement between the retrieved information from tweets and that from the current monitoring systems and common cultural practices. Our findings illustrate that social media data can effectively provide information regarding the commencement and duration of significant cultural activities This study also examines the classification performance of several popular sentiment analysis tools on the farmer’s tweets and provides suggestions for future research on domain-specific sentiment lexicons for agricultural purposes.

View all citing articles on Scopus

Arunabha Mukhopadhyay is a Professor of Information Technology & Systems Area at Indian Institute of Management Lucknow (IIM Lucknow). He has obtained his Ph.D. and Post Graduate Diploma in Business Management (PGDBM) from the Indian Institute of Management Calcutta (IIM Calcutta), in the area of Management Information Systems. He was awarded the Infosys scholarship during his Ph.D. He has published in various referred journals and conferences including Decision Support Systems (DSS) Information Systems Frontier (ISF), Journal of Global Information Technology Management (JGITM), JIPS, International Journal of Information Systems and Change Management (IJISCM), Decision, IIMB Review, Hawaii International Conference on System Sciences (HICSS), Americas Conference on Information Systems (AMCIS), Pre-International Conference On Information Systems (ICIS) workshops, etc. He is the recipient of the Best Teacher in Information Technology Management in 2013 and 2011, by Star-DNA group B-School Award and 19th Dewang Mehta Business School Award, in India, respectively.

Sudip Bhattacharjee is a Professor in the School of Business, University of Connecticut. He currently serves as Senior Research Fellow, US Census Bureau. Previously, he served as Chief, Center for Big Data Research and Applications, US Census Bureau. He is a Visiting Faculty at EMLYON Business School, France, and Indian School of Business. He was a Visiting Professor at GE Global Research Center, USA. He has previously served as the Assistant Dept. Head of Operations and Information Management, and as the Executive Director of MBA Programs, both in the School of Business, University of Connecticut. His research interests include data driven IT and operations management and policy, information systems economics, energy informatics, digital goods and markets, and closed loop supply chains. His research has appeared in premier journals such as Management Science, INFORMS Journal on Computing, Journal of Business, Journal of Law and Economics, ACM Transactions, Journal of Management Information Systems, IEEE Transactions, and other leading peer-reviewed publications. He serves or has served as Associate Editor for Information Systems Research (for 5 years), Special Issue Editor for ACM Transactions on Management Information Systems, guest AE for MIS Quarterly and Decision Sciences Journal.

Ajay Kumar is an Assistant Professor at the AIM Research Center on Artificial Intellegence in Value Creation, EMLYON Business School in France. His research and teaching interests are in data and text mining, decision support systems, business intelligence and enterprise modelling. He has been Postdoctoral Fellow at Massachusetts Institute of Technology and Harvard Business School. He has published several research papers in reputed journals, including International Journal of Production Economics, Industrial Marketing Management, Telematics & Informatics, Technological Forecasting & Social Change, Annals of Operation Research, International Journal of Production Research, etc.

Dursun Delen is the holder of Spears and Patterson Endowed Chairs in Business Analytics, Director of Research for the Center for Health Systems Innovation, and Regents Professor of Management Science and Information Systems in the Spears School of Business at Oklahoma State University. He authored/co-authored 100+ journal and 40+ peer-reviewed conference proceeding articles. His research has appeared in major journals including Decision Sciences, Journal of Production Operations Management, Decision Support Systems, Communications of the ACM, Computers and Operations Research, Computers in Industry, Artificial Intelligence in Medicine, International Journal of Medical Informatics, Expert Systems, among others. He has recently published ten books/textbooks in the broad area of Business Intelligence and Business Analytics. He is often invited to national and international conferences and symposiums for keynote addresses, and companies and government agencies for consultancy/education projects on Analytics related topics. He is currently serving as the editor-in-chief, senior editor, associate editor, and editorial board member of more than a dozen academic journals.

View full text

A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums

Highlights

Abstract

Introduction

Section snippets

Background work on Hacker forums and dark-side of information technology

Variables used to build the cyber-risk assessment module

Cyber-risk assessment: probability computation for detecting expert hackers

Results from the cyber-risk assessment module

Discussion of research findings from results

Acknowledgements

Comp. Security

Decis. Support. Syst.

Decis. Support. Syst.

Decis. Support. Syst.

Decis. Support. Syst.

Electron. Commer. Res. Appl.

Inf. Process. Manag.

Inf. Manag.

Decis. Support. Syst.

Inf. Manag.

Decis. Support. Syst.

Inf. Manag.

Decis. Support. Syst.

Inf. Manag.

Decis. Support. Syst.

Decis. Support. Syst.

Decis. Support. Syst.

Inf. Manag.

Decis. Support. Syst.

Co-creating value in online innovation communities

Eur. J. Mark.

Net Gain: Expanding Markets through Virtual Communities

Securing cyberspace: identifying key actors in hacker communities

Examining Hacker participation length in cybercriminal internet-relay-chat communities

J. Manag. Inf. Syst.

DICE-E: a framework for conducting Darknet identification, collection, evaluation with ethics

MIS Q.

G-RAM framework for software risk assessment and mitigation strategies in organizations

J. Enterp. Inf. Manag.

“Leadership in action: how top hackers behave” a big-data approach with text-mining and sentiment analysis