Crowdsourcing Cybersecurity: Cyber Attack Detection using Social Media

TL;DR

This paper presents a novel method for detecting various cyber-attacks by analyzing social media data, specifically Twitter, using unsupervised learning and advanced query expansion techniques.

Contribution

It introduces an unsupervised approach leveraging social media as a crowdsourced sensor for cyber-attack detection, with a new query expansion strategy based on convolutional kernels and dependency parses.

Findings

Outperforms existing methods in detecting cyber-attacks from social media data

Successfully identifies a broad range of cyber-attacks including DDoS, data breaches, and account hijacking

Demonstrates effectiveness through large-scale Twitter analysis

Abstract

Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDOS) attacks, data breaches, and account hijacking) in an unsupervised manner using just a limited fixed set of seed event triggers. A new query expansion strategy based on convolutional kernels and dependency parses helps model reporting structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.