Accession Number : AD1034416


Title :   Finding Malicious Cyber Discussions in Social Media


Descriptive Note : Journal Article


Corporate Author : MIT Lincoln Laboratory Lexington United States


Personal Author(s) : Campbell,Joseph Jr P ; Mensch,Alyssa C ; Zeno,Giselle ; Campbell,William M ; Lippmann,Richard P ; Weller-Fahy,David J


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1034416.pdf


Report Date : 11 Dec 2015


Pagination or Media Count : 19


Abstract : Today's analysts manually examine social media networks to find discussions concerning planned cyber attacks, attacker techniques and tools, and potential victims. Applying modern machine learning approaches, Lincoln Laboratory has demonstrated the ability to automatically discover such discussions from Stack Exchange, Reddit, and Twitter posts written in English. Criminal hackers often use social media networks to discuss cyber attacks, share strategies and tools, and identify potential victims for targeted attacks. Analysts examining these discussions can forward information about malicious activity to provide system administrators with an advance warning about attacker capabilities and intent. As described in the February 2016 Federal Cybersecurity Research and Development Strategic Plan [1], system administrators must deter, protect networks from, and detect cyber attacks and then adapt after successful attacks (Figure 1). To enable system administrators to be more successful at these four tasks, advance warnings let system administrators focus on specific attack component types, time intervals, and targets. For example, prior to the anticipated cyber attacks on Israeli government websites by the hacking group Anonymous , government analysts were monitoring hackers on Facebook and in private chat rooms. As a result, system administrators were prepared to counter distributed denial-of-service attacks and defacement of government websites. Israel temporarily suspended some international traffic to these sites and advised employees to not open emails for five days. Teams were available to respond to successful attacks and repair or restore web-sites. Because of Israel's careful preparation, this cyber assault only succeeded in bringing down a few websites for a short period of time [2]. Monitoring social media networks is a valuable method for discovering malicious cyber discussions, but analysts currently lack the automation capabilities needed.


Descriptors :   social networking services , machine learning , cyberattacks , detection , automation , NATURAL LANGUAGE PROCESSING SOFTWARE


Subject Categories : Information Science
      Computer Systems Management and Standards
      Cybernetics


Distribution Statement : APPROVED FOR PUBLIC RELEASE