{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,4]],"date-time":"2025-11-04T10:36:35Z","timestamp":1762252595479,"version":"3.41.2"},"reference-count":41,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2017,10,9]],"date-time":"2017-10-09T00:00:00Z","timestamp":1507507200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2017,10,9]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this study is to provide a framework to detect and prevent virtual property theft in virtual world environments. The issue of virtual property theft is a serious problem which has ramifications in both the real and virtual world. Virtual world users invest a considerable amount of time, effort and often money to collect virtual property, only to have them stolen by thieves. Many virtual property thefts go undetected and often only discovered after the incident has occurred.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>This paper presents the design of an autonomic detection framework to identify virtual property theft at two key stages: account intrusion and virtual property trades. Account intrusion is an unauthorized user attempting to gain access to an account and unauthorized virtual property trades are trading of items between two users which exhibit theft characteristics.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>Initial tests of this framework on a synthetic data set show an 80 per cent detection rate. This framework allows virtual world developers to tailor and extend it to suit their specific requirements. It provides an effective way of detecting virtual property theft while being low maintenance, user friendly and cost effective.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>To the author\u2019s knowledge, there is no detection framework, system or tool that works on virtual property theft detection in virtual world environments without access to authentic virtual world data or attack data (because of privacy issues and unwillingness of virtual world environments companies to collaborate). The topic of virtual property theft, lack of existing labelled data sets, user anonymity, size of virtual world environments data sets and privacy issues with virtual world companies and a number of other critical factors distinguish this paper from previous studies.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-11-2016-0087","type":"journal-article","created":{"date-parts":[[2017,8,21]],"date-time":"2017-08-21T19:14:54Z","timestamp":1503342894000},"page":"358-381","source":"Crossref","is-referenced-by-count":6,"title":["A cyber-threat analytic model for autonomous detection of virtual property theft"],"prefix":"10.1108","volume":"25","author":[{"given":"Nicholas","family":"Patterson","sequence":"first","affiliation":[]},{"given":"Michael","family":"Hobbs","sequence":"additional","affiliation":[]},{"given":"Tianqing","family":"Zhu","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"issue":"3","key":"key2020120605014623900_ref001","first-page":"227","article-title":"Observational study of behavior: sampling methods","volume":"49","year":"1974","journal-title":"Behaviour"},{"key":"key2020120605014623900_ref002","article-title":"Qualitative case study methodology: study design and implementation for novice researchers","volume":"13","year":"2008","journal-title":"The Qualitative Report"},{"volume-title":"World of Warcraft Community Site","year":"2004","author":"Blizzard.Entertainment","key":"key2020120605014623900_ref003"},{"year":"2013","key":"key2020120605014623900_ref004","article-title":"Computer hacker stole virtual property from online fantasy gamers to pay off REAL gambling debts"},{"year":"2013","key":"key2020120605014623900_ref005","article-title":"Teenager dragged to court for giving away a friend\u2019s VIRTUAL gold coins in an online fantasy game"},{"article-title":"SmartSiren: virus detection and alert for smartphones","volume-title":"Proceedings of the 5th International Conference on Mobile Systems, Applications and Services","year":"2007","key":"key2020120605014623900_ref006"},{"issue":"10","key":"key2020120605014623900_ref007","doi-asserted-by":"crossref","first-page":"13158","DOI":"10.1016\/j.eswa.2011.04.124","article-title":"Detecting fraud in online games of chance and lotteries","volume":"38","year":"2011","journal-title":"Expert Systems with Applications"},{"issue":"3","key":"key2020120605014623900_ref008","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1007\/BF00144021","article-title":"Between the subject and sociology: Alfred Schutz\u2019s phenomenology of the life-world","volume":"19","year":"1996","journal-title":"Human Studies"},{"year":"2014","key":"key2020120605014623900_ref009","article-title":"Gaming cyber thieves facing real prison time for \u2018virtual treasure\u2019 raids"},{"issue":"2-3","key":"key2020120605014623900_ref010","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/s10746-010-9146-9","article-title":"The phenomenological life-world analysis and the methodology of the social sciences","volume":"33","year":"2010","journal-title":"Human Studies"},{"article-title":"Methodological implications of phenomenological life-world analysis","volume-title":"Schutzian Phenomenology and Hermeneutic Traditions","year":"2014","key":"key2020120605014623900_ref011"},{"key":"key2020120605014623900_ref012","unstructured":"Feldmann, E. (2008), \u201cNetherlands teen sentenced for stealing virtual goods\u201d, available at: www.pcworld.com\/article\/152673\/netherlands_teen_sentenced_for_stealing_virtual_goods.html"},{"year":"2010","key":"key2020120605014623900_ref013","article-title":"Fraud detection in ERP systems using scenario matching"},{"volume-title":"Professional Online Game Virtual Currency Supplier and Buyer and Seller of Game Accounts","year":"2005","author":"Itembay","key":"key2020120605014623900_ref014"},{"volume-title":"WoW Hacker Group Mastermind Sentenced to Two Years in Chinese Prison","year":"2013","key":"key2020120605014623900_ref015"},{"key":"key2020120605014623900_ref016","article-title":"A comparative analysis of software protection schemes","volume":"12","year":"2015","journal-title":"The International Arab Journal of Information Technology"},{"key":"key2020120605014623900_ref017","unstructured":"Laboratory, M.L. (1998), \u201cDARPA intrusion detection evaluation data set\u201d, available at: www.ll.mit.edu\/ideval\/data\/"},{"volume-title":"A Synthetic Fraud Data Generation Methodology Information and Communications Security","year":"2002","key":"key2020120605014623900_ref018"},{"issue":"1","key":"key2020120605014623900_ref019","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1136\/emj.20.1.54","article-title":"Observational research methods: research design II: Cohort, cross sectional, and case-control studies","volume":"20","year":"2003","journal-title":"Emergency Medicine Journal"},{"key":"key2020120605014623900_ref020","unstructured":"Meeker, M. (2015), Annual Internet Trends Report, Kleiner Perkins Caufield & Byers (KPCB)."},{"volume-title":"A Model for the Semantics of Attack Signatures in Misuse Detection Systems Information Security","year":"2004","key":"key2020120605014623900_ref021"},{"key":"key2020120605014623900_ref022","unstructured":"Opensim (2016a), \u201cOpenSimulator\u201d, available at: http:\/\/opensimulator.org\/wiki\/Main_Page"},{"key":"key2020120605014623900_ref023","unstructured":"Opensim (2016b), \u201cOpenSimulator database documentation\u201d, available at: http:\/\/opensimulator.org\/wiki\/Database:Documentation"},{"article-title":"A multidiscipline approach to governing virtual property theft in virtual worlds","volume-title":"What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience","year":"2010","key":"key2020120605014623900_ref024"},{"article-title":"Virtual world security inspection","volume-title":"ATIS 2011: Proceedings of the 2nd Applications and Techniques in Information Security Workshop, School of Information Systems, Deakin University, Melbourne","year":"2011","key":"key2020120605014623900_ref025"},{"article-title":"A comprehensive survey of data mining-based fraud detection research","volume-title":"Intelligent Computation Technology and Automation (ICICTA)","year":"2010","key":"key2020120605014623900_ref026"},{"volume-title":"PlayerAuctions \u2013 Play, Trade, Dominate","year":"2009","author":"Playerauctions","key":"key2020120605014623900_ref027"},{"article-title":"Fraud detection for voice over IP services on next-generation networks information security theory and practices","volume-title":"Security and Privacy of Pervasive Systems and Smart Devices","year":"2010","key":"key2020120605014623900_ref028"},{"issue":"7","key":"key2020120605014623900_ref029","first-page":"1373","article-title":"IDAMN: an intrusion detection architecture for mobile networks","volume":"15","year":"2006","journal-title":"IEEE Journal on Selected Areas in Communications"},{"issue":"1","key":"key2020120605014623900_ref030","article-title":"A partial test and development of Delone and Mclean\u2019s model of IS success","volume":"4","year":"1996","journal-title":"Australasian Journal of Information Systems"},{"year":"2012","key":"key2020120605014623900_ref031","article-title":"Millions of gamers hacked as attack on Blizzard\u2019s Battle.net reveals their email addresses"},{"key":"key2020120605014623900_ref032","unstructured":"Skatteverket (2008), \u201cVirtual worlds \u2013 value added tax\u201d, available at: www.skatteverket.se\/rattsinformation\/stallningstaganden\/2008\/stallningstaganden2008\/2008041013119697108111.5.3a7aab801183dd6bfd3800017115.html"},{"issue":"1","key":"key2020120605014623900_ref033","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1109\/TDSC.2007.70228","article-title":"Credit card fraud detection using hidden Markov model","volume":"5","year":"2008","journal-title":"Ieee Transactions on Dependable and Secure Computing"},{"article-title":"Probabilistic alert correlation","volume-title":"Recent Advances in Intrusion Detection","year":"2001","key":"key2020120605014623900_ref034"},{"issue":"3","key":"key2020120605014623900_ref035","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TDSC.2004.21","article-title":"Comprehensive approach to intrusion detection alert correlation","volume":"1","year":"2004","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"key2020120605014623900_ref036","first-page":"23","article-title":"Network-based dictionary attack detection","volume-title":"International Conference on Future Networks","year":"2009"},{"article-title":"Using a simple MMORPG to teach multi-user, client-server database development","volume-title":"2nd Annual Microsoft Academic Days Conference on Game Development","year":"2007","key":"key2020120605014623900_ref037"},{"issue":"6","key":"key2020120605014623900_ref038","doi-asserted-by":"crossref","first-page":"1012","DOI":"10.1016\/j.jcss.2014.12.014","article-title":"Malware behavioural detection and vaccine development by using a support vector model classifier","volume":"81","year":"2015","journal-title":"Journal of Computer and System Sciences"},{"key":"key2020120605014623900_ref039","unstructured":"Watters, A. (2010), \u201cNumber of virtual world users breaks 1 billion, roughly half under age 15\u201d, available at: www.readwriteweb.com\/archives\/number_of_virtual_world_users_breaks_the_1_billion.php"},{"issue":"4","key":"key2020120605014623900_ref040","doi-asserted-by":"crossref","first-page":"430","DOI":"10.1108\/13685201211266015","article-title":"Characterising and predicting cyber attacks using the cyber attacker model profile (CAMP)","volume":"15","year":"2012","journal-title":"Journal of Money Laundering Control"},{"issue":"5","key":"key2020120605014623900_ref041","doi-asserted-by":"crossref","first-page":"763","DOI":"10.1111\/j.1472-4642.2008.00482.x","article-title":"Effects of sample size on the performance of species distribution models","volume":"14","year":"2008","journal-title":"Diversity and Distributions"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-11-2016-0087\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-11-2016-0087\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:18Z","timestamp":1753406598000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/25\/4\/358-381\/201138"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,9]]},"references-count":41,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,10,9]]}},"alternative-id":["10.1108\/ICS-11-2016-0087"],"URL":"https:\/\/doi.org\/10.1108\/ics-11-2016-0087","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2017,10,9]]}}}