Finding Malicious Cyber Discussions in Social Media

Finding Malicious Cyber Discussions in Social Media

Today's analysts manually examine social media networks to find discussions concerning planned cyber attacks, attacker techniques and tools, and potential victims. Applying modern machine learning approaches, Lincoln Laboratory has demonstrated the ability to automatically discover such discuss...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Campbell,Joseph Jr P, Mensch,Alyssa C, Zeno,Giselle, Campbell,William M, Lippmann,Richard P, Weller-Fahy,David J
Format: Report
Sprache:eng
Schlagworte:
automation
Computer Systems Management and Standards
CONOPS(concepts of operations)
cyberattacks
Cybernetics
detection
hackers
HLT(human language technology) machine learning classifiers
Information Science
machine learning
metadata analysis
NATURAL LANGUAGE PROCESSING SOFTWARE
social media networks
social networking services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Today's analysts manually examine social media networks to find discussions concerning planned cyber attacks, attacker techniques and tools, and potential victims. Applying modern machine learning approaches, Lincoln Laboratory has demonstrated the ability to automatically discover such discussions from Stack Exchange, Reddit, and Twitter posts written in English. Criminal hackers often use social media networks to discuss cyber attacks, share strategies and tools, and identify potential victims for targeted attacks. Analysts examining these discussions can forward information about malicious activity to provide system administrators with an advance warning about attacker capabilities and intent. As described in the February 2016 Federal Cybersecurity Research and Development Strategic Plan [1], system administrators must deter, protect networks from, and detect cyber attacks and then adapt after successful attacks (Figure 1). To enable system administrators to be more successful at these four tasks, advance warnings let system administrators focus on specific attack component types, time intervals, and targets. For example, prior to the anticipated cyber attacks on Israeli government websites by the hacking group Anonymous , government analysts were monitoring hackers on Facebook and in private chat rooms. As a result, system administrators were prepared to counter distributed denial-of-service attacks and defacement of government websites. Israel temporarily suspended some international traffic to these sites and advised employees to not open emails for five days. Teams were available to respond to successful attacks and repair or restore web-sites. Because of Israel's careful preparation, this cyber assault only succeeded in bringing down a few websites for a short period of time [2]. Monitoring social media networks is a valuable method for discovering malicious cyber discussions, but analysts currently lack the automation capabilities needed. MIT LL Journal , 22, 1, 01 Jan 0001, 01 Jan 0001, Published in the Massachusetts Institute of Technology Lincoln Laboratory Journal, v22 n1, 2016.