Determining the Scale of Impact from Denial-of-Service Attacks in Real Time Using Twitter
This addresses the need for timely feedback on DoS attack impacts for online services, though it is incremental with limitations like event assumption and trade-offs in precision and recall.
The paper tackles the problem of measuring the impact of Denial-of-Service attacks in real-time by developing a weakly-supervised model using Twitter data, achieving comparable precision to supervised methods and generalization across entities in the same industry.
Denial of Service (DoS) attacks are common in on-line and mobile services such as Twitter, Facebook and banking. As the scale and frequency of Distributed Denial of Service (DDoS) attacks increase, there is an urgent need for determining the impact of the attack. Two central challenges of the task are to get feedback from a large number of users and to get it in a timely manner. In this paper, we present a weakly-supervised model that does not need annotated data to measure the impact of DoS issues by applying Latent Dirichlet Allocation and symmetric Kullback-Leibler divergence on tweets. There is a limitation to the weakly-supervised module. It assumes that the event detected in a time window is a DoS attack event. This will become less of a problem, when more non-attack events twitter got collected and become less likely to be identified as a new event. Another way to remove that limitation, an optional classification layer, trained on manually annotated DoS attack tweets, to filter out non-attack tweets can be used to increase precision at the expense of recall. Experimental results show that we can learn weakly-supervised models that can achieve comparable precision to supervised ones and can be generalized across entities in the same industry.