Crowdsourcing Cybersecurity: Cyber Attack Detection using Social Media
This addresses cybersecurity monitoring for organizations by providing a novel detection method, though it is incremental in its query expansion strategy.
The paper tackled the problem of detecting cyber-attacks by using social media as a crowdsourced sensor, and the result was an unsupervised approach that consistently identified events like DDOS attacks and data breaches, outperforming existing methods.
Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDOS) attacks, data breaches, and account hijacking) in an unsupervised manner using just a limited fixed set of seed event triggers. A new query expansion strategy based on convolutional kernels and dependency parses helps model reporting structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.