TY - GEN
T1 - Early warnings of cyber threats in online discussions
AU - Sapienza, Anna
AU - Bessi, Alessandro
AU - Damodaran, Saranya
AU - Shakarian, Paulo
AU - Lerman, Kristina
AU - Ferrara, Emilio
N1 - Funding Information:
VII. ACKNOWLEDGMENTS The authors are supported by the Office of the Director of National Intelligence (ODNI) and the Intelligence Advanced Research Projects Activity (IARPA) via the Air Force Research Laboratory (AFRL) contract number FA8750-16-C-0112. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. Disclaimer: The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of ODNI, IARPA, AFRL, or the U.S. Government.
Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/15
Y1 - 2017/12/15
N2 - We introduce a system for automatically generating warnings of imminent or current cyber-threats. Our system leverages the communication of malicious actors on the darkweb, as well as activity of cyber security experts on social media platforms like Twitter. In a time period between September, 2016 and January, 2017, our method generated 661 alerts of which about 84% were relevant to current or imminent cyber-threats. In the paper, we first illustrate the rationale and workflow of our system, then we measure its performance. Our analysis is enriched by two case studies: the first shows how the method could predict DDoS attacks, and how it would have allowed organizations to prepare for the Mirai attacks that caused widespread disruption in October 2016. Second, we discuss the method's timely identification of various instances of data breaches.
AB - We introduce a system for automatically generating warnings of imminent or current cyber-threats. Our system leverages the communication of malicious actors on the darkweb, as well as activity of cyber security experts on social media platforms like Twitter. In a time period between September, 2016 and January, 2017, our method generated 661 alerts of which about 84% were relevant to current or imminent cyber-threats. In the paper, we first illustrate the rationale and workflow of our system, then we measure its performance. Our analysis is enriched by two case studies: the first shows how the method could predict DDoS attacks, and how it would have allowed organizations to prepare for the Mirai attacks that caused widespread disruption in October 2016. Second, we discuss the method's timely identification of various instances of data breaches.
UR - http://www.scopus.com/inward/record.url?scp=85044081894&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85044081894&partnerID=8YFLogxK
U2 - 10.1109/ICDMW.2017.94
DO - 10.1109/ICDMW.2017.94
M3 - Conference contribution
AN - SCOPUS:85044081894
T3 - IEEE International Conference on Data Mining Workshops, ICDMW
SP - 667
EP - 674
BT - Proceeding - 17th IEEE International Conference on Data Mining Workshops, ICDMW 2017
A2 - Gottumukkala, Raju
A2 - Karypis, George
A2 - Raghavan, Vijay
A2 - Wu, Xindong
A2 - Miele, Lucio
A2 - Aluru, Srinivas
A2 - Ning, Xia
A2 - Dong, Guozhu
PB - IEEE Computer Society
T2 - 17th IEEE International Conference on Data Mining Workshops, ICDMW 2017
Y2 - 18 November 2017 through 21 November 2017
ER -