Early Warnings of Cyber Threats in Online Discussions
This addresses the need for early warning systems in cybersecurity to help organizations prepare for attacks like DDoS and data breaches, though it appears incremental as it builds on existing monitoring approaches.
The paper tackles the problem of detecting imminent cyber threats by introducing a system that monitors darkweb and social media communications, generating alerts with 84% relevance to current or imminent threats during a test period.
We introduce a system for automatically generating warnings of imminent or current cyber-threats. Our system leverages the communication of malicious actors on the darkweb, as well as activity of cyber security experts on social media platforms like Twitter. In a time period between September, 2016 and January, 2017, our method generated 661 alerts of which about 84% were relevant to current or imminent cyber-threats. In the paper, we first illustrate the rationale and workflow of our system, then we measure its performance. Our analysis is enriched by two case studies: the first shows how the method could predict DDoS attacks, and how it would have allowed organizations to prepare for the Mirai attacks that caused widespread disruption in October 2016. Second, we discuss the method's timely identification of various instances of data breaches.