Social Media Monitoring for IoT Cyber-Threats

TL;DR

This paper presents a real-time social media monitoring system that detects IoT cyber-threats from Twitter, evaluates multiple machine learning classifiers, and releases datasets to support further research in IoT security.

Contribution

It introduces a novel social media monitoring system for IoT cyber-threat detection and provides a comprehensive evaluation of machine learning classifiers for this task.

Findings

Best classifier identified for threat detection

System effectively detects trending vulnerabilities

Public datasets support reproducibility and further research

Abstract

The rapid development of IoT applications and their use in various fields of everyday life has resulted in an escalated number of different possible cyber-threats, and has consequently raised the need of securing IoT devices. Collecting Cyber-Threat Intelligence (e.g., zero-day vulnerabilities or trending exploits) from various online sources and utilizing it to proactively secure IoT systems or prepare mitigation scenarios has proven to be a promising direction. In this work, we focus on social media monitoring and investigate real-time Cyber-Threat Intelligence detection from the Twitter stream. Initially, we compare and extensively evaluate six different machine-learning based classification alternatives trained with vulnerability descriptions and tested with real-world data from the Twitter stream to identify the best-fitting solution. Subsequently, based on our findings, we propose a novel social media monitoring system tailored to the IoT domain; the system allows users to identify recent/trending vulnerabilities and exploits on IoT devices. Finally, to aid research on the field and support the reproducibility of our results we publicly release all annotated datasets created during this process.