Skin config


Victor Benjamin, Ph.D.



Hello!

I am currently serving as an Assistant Professor within the Department of Information Systems at Arizona State University. My research interests include machine learning, natural language processing, and cybersecurity. Below is a listing of some of my recent works and accomplishments; my CV contains more detailed information. I am always interested in new research collaborations and opportunities, so let me know if you have anything in mind!

Journal Publications

2016

Benjamin, V., Zhang, B., Nunamaker, J.F., and Chen, H. "Examining Hacker Participation Length within Cybercriminal IRC Communities." Journal of Management Information Systems. (2016).

Download Paper (Forthcoming)

Abstract: Cybersecurity has attracted the attention of many researchers in recent years. In particular, there is interest in studying online cybercriminal communities to learn more about emerging cyber threats. Literature documents the existence of many online Internet-Relay-Chat (IRC) cybercriminal communities where cybercriminals congregate and share hacking tools, malware, and more. However, many cybercriminal community participants appear unskilled and have fleeting interests, making it difficult to detect potential long-term or key participants. This is a challenge for researchers and practitioners to quickly identify cybercriminals that may provide credible threat intelligence. Thus, we propose a computational approach to analyze cybercriminals IRC communities in order to identify potential long-term and key participants. We use the extended Cox’s model to scrutinize cybercriminal IRC participation for better understanding of behaviors exhibited by cybercriminals of importance. Results indicate that key cybercriminals may be quickly identifiable by assessing the scale of their interaction and networks with other participants.

2014

Benjamin, V., Chung, W., Abbasi, A., Chuang, J., Larson, C.A., and Chen, H. "Evaluating Text Visualization for Authorship Analysis." Security Informatics. (2014).

Download Paper

Abstract: Methods and tools to conduct authorship analysis of web contents is of growing interest to researchers and practitioners in various security-focused disciplines, including cybersecurity, counter-terrorism, and other fields in which authorship of text may at times be uncertain or obfuscated. Here we demonstrate an automated approach for authorship analysis of web contents. Analysis is conducted through the use of machine learning methodologies, an expansive stylometric feature set, and a series of visualizations intended to help facilitate authorship analysis at the author, message, and feature levels. To operationalize this, we utilize a testbed containing 506,554 forum messages in English and Arabic, source from 14,901 authors that participated in an online web forum. A prototype portal system providing authorship comparisons and visualizations was then designed and constructed in order to support feasibility analysis and real world value of the automated authorship analysis approach. A preliminary user evaluation was performed to assess the efficacy of visualizations, with evaluation results demonstrating task performance accuracy and efficiency was improved through use of the portal.


Benjamin, V., Chen, H., and Zimbra, D. "Bridging the virtual and real: The relationship between web content, linkage, and geographical proximity of social movements." Journal of the Association for Information Science and Technology. (2014).

Download Paper

Abstract: As the Internet becomes ubiquitous, it has advanced to more closely represent aspects of the real world. Due to this trend, researchers in various disciplines have become interested in studying relationships between real-world phenomena and their virtual representations. One such area of emerging research seeks to study relationships between real-world and virtual activism of social movement organization (SMOs). In particular, SMOs holding extreme social perspectives are often studied due to their tendency to have robust virtual presences to circumvent real-world social barriers preventing information dissemination. However, many previous studies have been limited in scope because they utilize manual data-collection and analysis methods. They also often have failed to consider the real-world aspects of groups that partake in virtual activism. We utilize automated data-collection and analysis methods to identify significant relationships between aspects of SMO virtual communities and their respective real-world locations and ideological perspectives. Our results also demonstrate that the interconnectedness of SMO virtual communities is affected specifically by aspects of the real world. These observations provide insight into the behaviors of SMOs within virtual environments, suggesting that the virtual communities of SMOs are strongly affected by aspects of the real world.

Conference Publications

2015

Benjamin, V., and Chen, H. “Developing Understanding of Hacker Language through the use of Lexical Semantics." IEEE Intelligence and Security Informatics. (2015).

Download Paper

Abstract: The need for more research scrutinizing online hacker communities is a common suggestion in recent years. However, researchers and practitioners face many challenges when attempting to do so. In particular, they may encounter hacking-specific terms, concepts, tools, and other items that are unfamiliar and may be challenging to understand. For these reasons, we are motivated to develop an automated method for developing understanding of hacker language. We utilize the latest advancements in recurrent neural network language models (RNNLMs) to develop an unsupervised machine learning technique for learning hacker language. The selected RNNLM produces state-of-the-art word embeddings that are useful for understanding the relations between different hacker terms and concepts. We evaluate our work by testing the RNNLMs ability to learn relevant relations between known hacker terms. Results suggest that the latest work in RNNLMs can aid in modeling hacker language, providing promising direction for future research.


Best paper, runner-up: Benjamin, V., Li, W., Holt, T., and Chen H. "Exploring Threats and Vulnerabilities in Hacker Web Forums, IRC, and Carding Shops.” IEEE Intelligence and Security Informatics. (2015).

Download Paper

Abstract: The ability to accurately identify “reply-to” relations in online discussions has important implications for various social media analytics applications. However, accurately identifying such interactions remains a challenge, with existing methods providing inadequate performance. In this study, we propose a novel method for modeling social media interactions. The proposed method leverages several empirical insights about online interaction patterns, coupled with a robust machine learning algorithm, for enhanced classification of social media interactions. Furthermore, the proposed method also facilitates the creation of more accurate social media networks. As topological information derived from online communication continues to play an integral role in various social media analytics application areas , the results of our work have important implications.


Chung, W., He, S., Zeng, D., and Benjamin, V. "Emotion Extraction and Entrainment in Social Media: The Case of U.S. Immigration and Border Security.” IEEE Intelligence and Security Informatics. (2015).

Download Paper

Abstract: Emotion plays an important role in shaping public policy and business decisions. The growth of social media has allowed people to express their emotion publicly in an unprecedented manner. Textual content and user linkages fostered by social media networks can be used to examine emotion types, intensity, and contagion. However, research into how emotion evolves and entrains in social media that influence security issues is scarce. In this research, we developed an approach to analyzing emotion expressed in political social media. We compared two methods of emotion analysis to identify influential users and to trace their contagion effects on public emotion, and report preliminary findings of analyzing the emotion of 105,304 users who posted 189,012 tweets on the U.S. immigration and border security issues in November 2014. The results provide strong implication for understanding social actions and for collecting social intelligence for security informatics. This research should contribute to helping decision makers and security personnel to use public emotion effectively to develop appropriate strategies.

2014

Benjamin, V., and Chen, H. “Time-to-event Modeling for Predicting Hacker Community IRC Participant Trajectory." IEEE Intelligence and Security Informatics. (2014).

Download Paper

Abstract: Over the past decade, a growing amount of critical infrastructure has begun to rely on computer and information technologies in order to meet increasingly complex demands. As a result, researchers and practitioners have taken an increased interest in advancing current cybersecurity capabilities. In particular, research on the human element behind cybercrime would offer new knowledge on securing cyberspace against those with malicious intent. Past work documents the existence of many hacker communities with participants sharing various cybercriminal assets and knowledge. However, participants vary in expertise, with some possessing only passing curiosity while others are capable cybercriminals. Here we develop a time-to-event based approach for assessing the relationship between various participation behaviors and participation length among hacker Internet Relay Chat (IRC) community participants. Using both the Kaplan-Meier model and Cox’s model, we are able to develop predictions on individuals’ participation lengths based on a series of message content and social network features. Results indicate that participation volume, discussion of pertinent topics, and social interconnectedness are all important at varying levels for identifying participants within hacker communities that have potential to become adept cybercriminals.


Abbasi, A., Li, W., Hu, S., Benjamin, V., Chen H. “Modeling Interactions in Web Forums.” In the 6th ASE International Conference on Social Computing, Stanford, May 27-31, 2014.

Download Paper

Abstract: The ability to accurately identify “reply-to” relations in online discussions has important implications for various social media analytics applications. However, accurately identifying such interactions remains a challenge, with existing methods providing inadequate performance. In this study, we propose a novel method for modeling social media interactions. The proposed method leverages several empirical insights about online interaction patterns, coupled with a robust machine learning algorithm, for enhanced classification of social media interactions. Furthermore, the proposed method also facilitates the creation of more accurate social media networks. As topological information derived from online communication continues to play an integral role in various social media analytics application areas , the results of our work have important implications.


Abbasi, A., Li, W., Benjamin, V., Hu, S., Chen H. "Descriptive Analytics: Investigating Expert Hackers in Web Forums." IEEE Intelligence and Security Informatics. (2014).

Download Paper

Abstract: In recent years, understanding the people behind cybercrime from a hacker centric perspective has drawn increased attention. Preliminary exploration of online hacker social dynamics has found that hackers extensively exchange information with others in hacker communities, including vulnerabilities, hacking tools, stolen data, etc. However, there is a lack of research that explores automated identification and characterization of expert hackers within hacker communities. In this research, we identify expert hackers and characterize their specialties by devising a scalable and generalizable framework leveraging two categories of features to analyze hacker forum content. The framework contains two parts: text analytics and key hacker identification and analysis. In the text analytics portion of this research, we employ an interaction coherence analysis (ICA) framework, to extract interactions among the users in hacker communities, providing topological features. In Expert Identification & Analysis, we characterize each hacker through content features extracted with lexicon matching, as well as structural features from ICA component. Results reveal an interaction network among key actors of the studied hacker community. Our project contributes to both social media analytics and cybersecurity research as we provide a complete analytical framework to analyze the key hackers from both interaction network perspective and discussion content perspective. This framework can benefit cybersecurity researchers and practitioners by offering an inclusive angle for analyzing hacker social dynamics.


Chadha, K., Benjamin, V., Al-Nashif, Y., Haririm S., Chen, H. "Automated and Scalable Infrastructure for Hacker IRC Collection." International Conference on Cloud and Autonomic Computing (CAC). (2014).

Download Paper

Abstract: Cyber security is an important challenge in today’s world, as a growing amount of critical infrastructure has begun to rely on information technologies in order to meet increasingly complex demands. Traditional research in the cyber security domain has largely focused on improving security built directly into computing and networking systems. Conversely, little work has explored the human element behind cybercrime. . As a result, researchers and practitioners have taken an increased interest in advancing current cyber security capabilities by more closely examining hacker communities. However, hacker community data collection can often pose challenges that slow down or halt research progress. In this study, we design and implement a system that operationalizes the automated collection of hacker IRC contents. We detail challenges in data collection, as well as methods to circumvent such issues. We also summarize potential direction for future work, including the adoption of traditional analyses techniques to IRC data.

2013

Best paper, runner-up: Benjamin, Victor, Wingyan Chung, Ahmed Abbasi, Joshua Chuang, Catherine A. Larson, and Hsinchun Chen. "Evaluating text visualization: An experiment in authorship analysis." In Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on, pp. 16-20. IEEE, 2013.

Download Paper

Abstract: Analyzing authorship of online texts is an important analysis task in security-related areas such as cybercrime investigation and counter-terrorism, and in any field of endeavor in which authorship may be uncertain or obfuscated. This paper presents an automated approach for authorship analysis using machine learning methods, a robust stylometric feature set, and a series of visualizations designed to facilitate analysis at the feature, author, and message levels. A testbed consisting of 506,554 forum messages, in English and Arabic, from 14,901 authors was first constructed. A prototype portal system was then developed to support feasibility analysis of the approach. A preliminary evaluation to assess the efficacy of the text visualizations was conducted. The evaluation showed that task performance with the visualization functions was more accurate and more efficient than task performance without the visualizations.


Benjamin, Victor A. and Hsinchun Chen. "Machine learning for attack vector identification in malicious source code." In Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on, pp. 21-23. IEEE, 2013.

Download Paper

Abstract: As computers and information technologies become ubiquitous throughout society, the security of our networks and information technologies is a growing concern. As a result, many researchers have become interested in the security domain. Among them, there is growing interest in observing hacker communities for early detection of developing security threats and trends. Research in this area has often reported hackers openly sharing cybercriminal assets and knowledge with one another. In particular, the sharing of raw malware source code files has been documented in past work. Unfortunately, malware code documentation appears often times to be missing, incomplete, or written in a language foreign to researchers. Thus, analysis of such source files embedded within hacker communities has been limited. Here we utilize a subset of popular machine learning methodologies for the automated analysis of malware source code files. Specifically, we explore genetic algorithms to resolve questions related to feature selection within the context of malware analysis. Next, we utilize two common classification algorithms to test selected features for identification of malware attack vectors. Results suggest promising direction in utilizing such techniques to help with the automated analysis of malware source code.

2012

Benjamin, Victor and Hsinchun Chen. "Securing cyberspace: Identifying key actors in hacker communities." Intelligence and Security Informatics (ISI) 2012. 24-29. (2012).

Download Paper

Abstract: As the computer becomes more ubiquitous throughout society, the security of networks and information technologies is a growing concern. Recent research has found hackers making use of social media platforms to form communities where sharing of knowledge and tools that enable cybercriminal activity is common. However, past studies often report only generalized community behaviors and do not scrutinize individual members; in particular, current research has yet to explore the mechanisms in which some hackers become key actors within their communities. Here we explore two major hacker communities from the United States and China in order to identify potential cues for determining key actors. The relationships between various hacker posting behaviors and reputation are observed through the use of ordinary least squares regression. Results suggest that the hackers who contribute to the cognitive advance of their community are generally considered the most reputable and trustworthy among their peers. Conversely, the tenure of hackers and their discussion quality were not significantly correlated with reputation. Results are consistent across both forums, indicating the presence of a common hacker culture that spans multiple geopolitical regions.

Honors

Best Paper Runner-up
IEEE Conference on Intelligence and Security Informatics, 2015
Best Paper Runner-up
IEEE Conference on Intelligence and Security Informatics, 2013
NSF Award
National Science Foundation Research Experiences for Undergraduates (REU) Grant Awardee

Teaching

Summer 2014

MIS 111 - Computers and the Internetworked Society

Mon-Thurs 9:00am - 10:45am, McClelland Hall 123

Course Website: Eller Blackboard

This course introduces students to concepts of computer technology and the impacts of the Internet on social, organizational, personal and ethical issues. Students develop a sufficient understanding of computers and other issues to form critical opinions about them, as well as acquire and hone skills to recognize and evaluate their role in interacting with the Internet.

Service

Reviewer
ACM Transactions on Management Information Systems
Reviewer
INFORMS Journal on Computing
Reviewer
Journal of the American Society for Information Science and Technology
Reviewer
Communications of the International Information Management Association
Reviewer
International Conference on Information Systems

Contact


You can contact me at Victor.Benjamin@asu.edu