Abstract
Cybersecurity incidents are always enduring hazards to organizations and enterprises. The increasing number of high exposure makes cybersecurity-related data a valuable asset, offering chances to identify trends, to make decisions and address challenges for cybersecurity end-users. While facing a considerable amount of data, it is challenging to seek out an agile approach that directly points out the most severe risks and provides security recommendations. In this paper, we propose a novel methodology that begins with data collection, follows by representing information on the knowledge graph and finishes with offering security recommendations based on the systematic data analysis. It demonstrates the power of collective intelligence of social media community and cybersecurity experts and even hackers to monitor vulnerabilities, threats and security trends to further facilitate decision-making and future planning. Also, we develop a prototype to prove the effectiveness and deployability of the methodology. We applied Tweets containing the unique vulnerability identifiers to examine our tool. The analysis results indicate the tool enabling to point out the vulnerabilities with high priority and reflect the historical experiences on weaknesses. With the facilitation of public cybersecurity reports and databases, our tool can offer security recommendations for risk mitigation from various aspects that satisfy end-users’ requirement within cybersecurity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec A-Z listing of threats & risks (2014). http://www.symantec.com/security response/landing/azlisting.jsp. Accessed 26 Dec 2018
Symantec attack signatures (2014). http://www.symantec.com/ security_response/attacksignatures/. Accessed 26 Dec 2019
Annual cybersecurity report (2016). http://www.ntt.co.jp/sc/media/NTTannual2016_e_web_lock.pdf. Accessed 11 Nov 2019
Buffer overflow (2018). http://projects.webappsec.org/w/page/13246916/Buffer%20Overflow/. Accessed 28 Dec 2019
National vulnerability dataset (2018). https://nvd.nist.gov/
Twitter APIs (2018). https://developer.twitter.com/en/docs
What is cyber threat intelligence? (2018). https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/. Accessed 11 Sept 2019
Common attack pattern enumeration and classification (2019). https://capec.mitre.org/. Accessed 20 Dec 2019
Exploits database by offensive security (2019). http://www.exploit-db.com/. Accessed 26 Dec 2019
Common vulnerabilities and exposures (2020). http://cve.mitre.org/. Accessed 11 Feb 2020
Common weakness enumeration (2020). http://cwe.mitre.org/index.html. Accessed 11 Feb 2020
Web application security consortium threat classification (2020). http://projects.webappsec.org/w/page/13246970/Threat Classification Enumeration View/. Accessed 20 Feb 2020
Allcott, H., Gentzkow, M.: Social media and fake news in the 2016 election. J. Econ. Perspect. 31(2), 211–36 (2017)
Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., Shakarian, P.: Proactive identification of exploits in the wild through vulnerability mentions online. In: International Conference on Cyber Conflict (CyCon US), pp. 82–88. IEEE (2017)
Atefeh, F., Khreich, W.: A survey of techniques for event detection in Twitter. Comput. Intell. 31(1), 132–164 (2015)
Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corporation 11, 1–22 (2012)
Bird, D., Ling, M., Haynes, K., et al.: Flooding Facebook-the use of social media during the Queensland and Victorian floods. Aust. J. Emerg. Manag. 27(1), 27 (2012)
Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114. ACM (2010)
Bullough, B.L., Yanchenko, A.K., Smith, C.L., Zipkin, J.R.: Predicting exploitation of disclosed software vulnerabilities using open-source data. In: Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics, pp. 45–53. ACM (2017)
Chang, W., Cheng, J., Allaire, J., Xie, Y., McPherson, J., et al.: Shiny: web application framework for R. R package version 1(5) (2017)
Chou, W.Y.S., Hunt, Y.M., Beckjord, E.B., Moser, R.P., Hesse, B.W.: Social media use in the united states: implications for health communication. J. Med. Internet Res. 11(4), e48 (2009)
Edkrantz, M., Truvé, S., Said, A.: Predicting vulnerability exploits in the wild. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 513–514. IEEE (2015)
Gao, H., Barbier, G., Goolsby, R., Zeng, D.: Harnessing the crowdsourcing power of social media for disaster relief. Technical report, Arizona State Univ Tempe (2011)
Gupta, P., Perdisci, R., Ahamad, M.: Towards measuring the role of phone numbers in twitter-advertised spam. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 285–296. ACM (2018)
Hyvärinen, O., Saltikoff, E.: Social media as a source of meteorological observations. Mon. Weather Rev. 138(8), 3175–3184 (2010)
Immonen, A., Pääkkönen, P., Ovaska, E.: Evaluating the quality of social media data in big data architecture. IEEE Access 3, 2028–2043 (2015)
Khandpur, R.P., Ji, T., Jan, S., Wang, G., Lu, C.T., Ramakrishnan, N.: Crowdsourcing cybersecurity: cyber attack detection using social media. In: Proceedings of the 2017 ACM on Conference on Information and Knowledge Management, pp. 1049–1057. ACM (2017)
Kwon, B.J., Mondal, J., Jang, J., Bilge, L., Dumitras, T.: The dropper effect: insights into malware distribution with downloader graph analytics. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1118–1129. ACM (2015)
Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755–766. ACM (2016)
Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.: Cybertwitter: using twitter to generate alerts for cybersecurity threats and vulnerabilities. In: Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 860–867. IEEE Press (2016)
Moorhead, S.A., Hazlett, D.E., Harrison, L., Carroll, J.K., Irwin, A., Hoving, C.: A new dimension of health care: systematic review of the uses, benefits, and limitations of social media for health communication. J. Med. Internet Res. 15(4), e85 (2013)
Rathore, M.M., Paul, A., Ahmad, A., Imran, M., Guizani, M.: Big data analytics of geosocial media for planning and real-time decisions. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2017)
Sabottke, C., Suciu, O., Dumitras, T.: Vulnerability disclosure in the age of social media: exploiting twitter for predicting real-world exploits. In: USENIX Security Symposium, pp. 1041–1056 (2015)
Sun, N., Lin, G., Qiu, J., Rimba, P.: Near real-time twitter spam detection with machine learning techniques. Int. J. Comput. Appl. (2020). https://doi.org/10.1080/1206212X.2020.1751387
Sun, N., Zhang, J., Rimba, P., Gao, S., Zhang, L.Y., Xiang, Y.: Data-driven cybersecurity incident prediction: a survey. IEEE Commun. Surv. Tutor. 21(2), 1744–1772 (2019)
Yates, D., Paquette, S.: Emergency knowledge management and social media technologies: a case study of the 2010 haitian earthquake. In: Proceedings of the 73rd ASIS&T Annual Meeting on Navigating Streams in an Information Ecosystem-Volume 47, p. 42. American Society for Information Science (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sun, N., Zhang, J., Gao, S., Zhang, L.Y., Camtepe, S., Xiang, Y. (2020). Data Analytics of Crowdsourced Resources for Cybersecurity Intelligence. In: Kutyłowski, M., Zhang, J., Chen, C. (eds) Network and System Security. NSS 2020. Lecture Notes in Computer Science(), vol 12570. Springer, Cham. https://doi.org/10.1007/978-3-030-65745-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-65745-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65744-4
Online ISBN: 978-3-030-65745-1
eBook Packages: Computer ScienceComputer Science (R0)