Finding Malicious Cyber Discussions in Social Media

Abstract

Today's analysts manually examine social media networks to find discussions concerning planned cyber attacks, attacker techniques and tools, and potential victims. Applying modern machine learning approaches, Lincoln Laboratory has demonstrated the ability to automatically discover such discussions from Stack Exchange, Reddit, and Twitter posts written in English. Criminal hackers often use social media networks to discuss cyber attacks, share strategies and tools, and identify potential victims for targeted attacks. Analysts examining these discussions can forward information about malicious activity to provide system administrators with an advance warning about attacker capabilities and intent. As described in the February 2016 Federal Cybersecurity Research and Development Strategic Plan [1], system administrators must deter, protect networks from, and detect cyber attacks and then adapt after successful attacks (Figure 1). To enable system administrators to be more successful at these four tasks, advance warnings let system administrators focus on specific attack component types, time intervals, and targets. For example, prior to the anticipated cyber attacks on Israeli government websites by the hacking group Anonymous , government analysts were monitoring hackers on Facebook and in private chat rooms. As a result, system administrators were prepared to counter distributed denial-of-service attacks and defacement of government websites. Israel temporarily suspended some international traffic to these sites and advised employees to not open emails for five days. Teams were available to respond to successful attacks and repair or restore web-sites. Because of Israel's careful preparation, this cyber assault only succeeded in bringing down a few websites for a short period of time [2]. Monitoring social media networks is a valuable method for discovering malicious cyber discussions, but analysts currently lack the automation capabilities needed.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 11, 2015
Accession Number
AD1034416

Entities

People

  • Alyssa C. Mensch
  • David J. Weller-fahy
  • Giselle Zeno
  • Joseph Jr P Campbell
  • Richard P. Lippmann
  • William M. Campbell

Organizations

  • MIT Lincoln Laboratory

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computational Science
  • Cyberattacks
  • Cybersecurity
  • Denial Of Service Attack
  • Detection
  • False Alarms
  • Information Science
  • Machine Learning
  • Neural Networks
  • Online Communications
  • Probabilistic Models
  • Probability
  • Social Media
  • Social Networking Services
  • Social Networks
  • Supervised Machine Learning
  • Warning Systems

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • AI & ML - DoD AI Strategy
  • Cyber