Significant cybersecurity and threat intelligence analysts agree that online criminal activity is increasing exponentially. To offer an overview of the techniques and indicators to perform cyber crime detection by means of more complex machine- and deep-learning investigations as well as similar threat intelligence and engineering activities over multiple analysis levels (i.e., surface, deep, and darknets), we systematically analyze state of the art in such techniques. First, to aid the engineering and management of such intelligence solutions. We provide (i) a taxonomy of existing methods mapped to (ii) an overview of detectable criminal activities as well as (iii) an overview of the indicators and risk parameters that can be used for such detection. Second, to find the major engineering and management challenges and variables to be addressed. We apply a Topic Modelling Analysis to identify and analyze the most relevant threat concepts both in Surface and in Deep-, Dark-Web. Third, we identify gaps and challenges, defining a roadmap. Practitioners value and conclusions. The analysis mentioned above effectively provided a photograph of the scientific and practice gaps among the Surface Web and the Deep-, Dark-Web cybercrime and threat engineering and management. More specifically, our systematic literature review shows: (i) the dimensions of risk assessment techniques today available for the aforementioned areas—addressing these is vital for Law-enforcement agencies to combat cybercrime and cyber threats effectively; (ii) what website features should be used in order to identify a cyber threat or attack—researchers and non-governmental organizations in support of Law Enforcement Agencies (LEAs) should cover these features with appropriate technologies to aid in the investigative processes; (iii) what (limited) degree of anonymity is possible when crawling in Deep-, Dark-Web—researchers should strive to fill this gap with more and more advanced degrees of anonymity to grant protection to LEAs during their investigations.

重要的网络安全和威胁情报分析家一致认为，在线犯罪活动呈指数增长。通过更复杂的机器和深度学习调查以及在多个分析级别（即表面，深度和暗网）的类似威胁情报和工程活动，概述用于执行网络犯罪检测的技术和指标，我们系统地分析了此类技术的最新发展。首先，协助此类智能解决方案的工程和管理。我们提供（i）映射到（ii）可检测到的犯罪活动的概述以及（iii）现有方法的分类法可用于此类检测的指标和风险参数的概述。第二，找到主要的工程和管理挑战以及需要解决的变量。我们应用主题建模分析来识别和分析Surface和Deep-Dark-Web中最相关的威胁概念。第三，我们确定差距和挑战，并确定路线图。从业者的价值和结论。上面提到的分析有效地描述了Surface Web与深，暗Web网络犯罪以及威胁工程和管理之间在科学和实践上的差距。更具体地说，我们的系统文献综述显示：（i）前述区域目前可用的风险评估技术的规模-解决这些问题对于执法机构有效打击网络犯罪和网络威胁至关重要；（ii）应该使用哪些网站功能来识别网络威胁或攻击-支持执法机构（LEA）的研究人员和非政府组织应使用适当的技术来覆盖这些功能，以帮助进行调查；（iii）在Deep-Dark-Dark-Web中进行爬网时，匿名程度可能是（有限的）程度，研究人员应努力用越来越高的匿名程度填补这一空白，以便在调查过程中为LEA提供保护。