Skip to main content
SpringerLink
Log in

Data Analytics of Crowdsourced Resources for Cybersecurity Intelligence

  • Conference paper
  • First Online:
Network and System Security (NSS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12570))

Included in the following conference series:

Abstract

Cybersecurity incidents are always enduring hazards to organizations and enterprises. The increasing number of high exposure makes cybersecurity-related data a valuable asset, offering chances to identify trends, to make decisions and address challenges for cybersecurity end-users. While facing a considerable amount of data, it is challenging to seek out an agile approach that directly points out the most severe risks and provides security recommendations. In this paper, we propose a novel methodology that begins with data collection, follows by representing information on the knowledge graph and finishes with offering security recommendations based on the systematic data analysis. It demonstrates the power of collective intelligence of social media community and cybersecurity experts and even hackers to monitor vulnerabilities, threats and security trends to further facilitate decision-making and future planning. Also, we develop a prototype to prove the effectiveness and deployability of the methodology. We applied Tweets containing the unique vulnerability identifiers to examine our tool. The analysis results indicate the tool enabling to point out the vulnerabilities with high priority and reflect the historical experiences on weaknesses. With the facilitation of public cybersecurity reports and databases, our tool can offer security recommendations for risk mitigation from various aspects that satisfy end-users’ requirement within cybersecurity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://nansun.shinyapps.io/shiny/.

  2. 2.

    https://nansun.shinyapps.io/shiny/.

References

  1. Symantec A-Z listing of threats & risks (2014). http://www.symantec.com/security response/landing/azlisting.jsp. Accessed 26 Dec 2018

  2. Symantec attack signatures (2014). http://www.symantec.com/ security_response/attacksignatures/. Accessed 26 Dec 2019

  3. Annual cybersecurity report (2016). http://www.ntt.co.jp/sc/media/NTTannual2016_e_web_lock.pdf. Accessed 11 Nov 2019

  4. Buffer overflow (2018). http://projects.webappsec.org/w/page/13246916/Buffer%20Overflow/. Accessed 28 Dec 2019

  5. National vulnerability dataset (2018). https://nvd.nist.gov/

  6. Twitter APIs (2018). https://developer.twitter.com/en/docs

  7. What is cyber threat intelligence? (2018). https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/. Accessed 11 Sept 2019

  8. Common attack pattern enumeration and classification (2019). https://capec.mitre.org/. Accessed 20 Dec 2019

  9. Exploits database by offensive security (2019). http://www.exploit-db.com/. Accessed 26 Dec 2019

  10. Common vulnerabilities and exposures (2020). http://cve.mitre.org/. Accessed 11 Feb 2020

  11. Common weakness enumeration (2020). http://cwe.mitre.org/index.html. Accessed 11 Feb 2020

  12. Web application security consortium threat classification (2020). http://projects.webappsec.org/w/page/13246970/Threat Classification Enumeration View/. Accessed 20 Feb 2020

  13. Allcott, H., Gentzkow, M.: Social media and fake news in the 2016 election. J. Econ. Perspect. 31(2), 211–36 (2017)

    Article  Google Scholar 

  14. Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., Shakarian, P.: Proactive identification of exploits in the wild through vulnerability mentions online. In: International Conference on Cyber Conflict (CyCon US), pp. 82–88. IEEE (2017)

    Google Scholar 

  15. Atefeh, F., Khreich, W.: A survey of techniques for event detection in Twitter. Comput. Intell. 31(1), 132–164 (2015)

    Article  MathSciNet  Google Scholar 

  16. Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). Mitre Corporation 11, 1–22 (2012)

    Google Scholar 

  17. Bird, D., Ling, M., Haynes, K., et al.: Flooding Facebook-the use of social media during the Queensland and Victorian floods. Aust. J. Emerg. Manag. 27(1), 27 (2012)

    Google Scholar 

  18. Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114. ACM (2010)

    Google Scholar 

  19. Bullough, B.L., Yanchenko, A.K., Smith, C.L., Zipkin, J.R.: Predicting exploitation of disclosed software vulnerabilities using open-source data. In: Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics, pp. 45–53. ACM (2017)

    Google Scholar 

  20. Chang, W., Cheng, J., Allaire, J., Xie, Y., McPherson, J., et al.: Shiny: web application framework for R. R package version 1(5) (2017)

    Google Scholar 

  21. Chou, W.Y.S., Hunt, Y.M., Beckjord, E.B., Moser, R.P., Hesse, B.W.: Social media use in the united states: implications for health communication. J. Med. Internet Res. 11(4), e48 (2009)

    Google Scholar 

  22. Edkrantz, M., Truvé, S., Said, A.: Predicting vulnerability exploits in the wild. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 513–514. IEEE (2015)

    Google Scholar 

  23. Gao, H., Barbier, G., Goolsby, R., Zeng, D.: Harnessing the crowdsourcing power of social media for disaster relief. Technical report, Arizona State Univ Tempe (2011)

    Google Scholar 

  24. Gupta, P., Perdisci, R., Ahamad, M.: Towards measuring the role of phone numbers in twitter-advertised spam. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 285–296. ACM (2018)

    Google Scholar 

  25. Hyvärinen, O., Saltikoff, E.: Social media as a source of meteorological observations. Mon. Weather Rev. 138(8), 3175–3184 (2010)

    Article  Google Scholar 

  26. Immonen, A., Pääkkönen, P., Ovaska, E.: Evaluating the quality of social media data in big data architecture. IEEE Access 3, 2028–2043 (2015)

    Article  Google Scholar 

  27. Khandpur, R.P., Ji, T., Jan, S., Wang, G., Lu, C.T., Ramakrishnan, N.: Crowdsourcing cybersecurity: cyber attack detection using social media. In: Proceedings of the 2017 ACM on Conference on Information and Knowledge Management, pp. 1049–1057. ACM (2017)

    Google Scholar 

  28. Kwon, B.J., Mondal, J., Jang, J., Bilge, L., Dumitras, T.: The dropper effect: insights into malware distribution with downloader graph analytics. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1118–1129. ACM (2015)

    Google Scholar 

  29. Liao, X., Yuan, K., Wang, X., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755–766. ACM (2016)

    Google Scholar 

  30. Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.: Cybertwitter: using twitter to generate alerts for cybersecurity threats and vulnerabilities. In: Proceedings of the 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 860–867. IEEE Press (2016)

    Google Scholar 

  31. Moorhead, S.A., Hazlett, D.E., Harrison, L., Carroll, J.K., Irwin, A., Hoving, C.: A new dimension of health care: systematic review of the uses, benefits, and limitations of social media for health communication. J. Med. Internet Res. 15(4), e85 (2013)

    Google Scholar 

  32. Rathore, M.M., Paul, A., Ahmad, A., Imran, M., Guizani, M.: Big data analytics of geosocial media for planning and real-time decisions. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2017)

    Google Scholar 

  33. Sabottke, C., Suciu, O., Dumitras, T.: Vulnerability disclosure in the age of social media: exploiting twitter for predicting real-world exploits. In: USENIX Security Symposium, pp. 1041–1056 (2015)

    Google Scholar 

  34. Sun, N., Lin, G., Qiu, J., Rimba, P.: Near real-time twitter spam detection with machine learning techniques. Int. J. Comput. Appl. (2020). https://doi.org/10.1080/1206212X.2020.1751387

  35. Sun, N., Zhang, J., Rimba, P., Gao, S., Zhang, L.Y., Xiang, Y.: Data-driven cybersecurity incident prediction: a survey. IEEE Commun. Surv. Tutor. 21(2), 1744–1772 (2019)

    Article  Google Scholar 

  36. Yates, D., Paquette, S.: Emergency knowledge management and social media technologies: a case study of the 2010 haitian earthquake. In: Proceedings of the 73rd ASIS&T Annual Meeting on Navigating Streams in an Information Ecosystem-Volume 47, p. 42. American Society for Information Science (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Deakin University, Geelong, Australia

    Nan Sun, Shang Gao & Leo Yu Zhang

  2. School of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, Australia

    Jun Zhang & Yang Xiang

  3. Data61, CSIRO, Sydney, Australia

    Nan Sun & Seyit Camtepe

Authors
  1. Nan Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shang Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Leo Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Seyit Camtepe
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nan Sun .

Editor information

Editors and Affiliations

  1. Wrocław University of Technology, Wroclaw, Poland

    Mirosław Kutyłowski

  2. Swinburne University of Technology, Hawthorn, VIC, Australia

    Jun Zhang

  3. James Cook University, Douglas, QLD, Australia

    Chao Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sun, N., Zhang, J., Gao, S., Zhang, L.Y., Camtepe, S., Xiang, Y. (2020). Data Analytics of Crowdsourced Resources for Cybersecurity Intelligence. In: Kutyłowski, M., Zhang, J., Chen, C. (eds) Network and System Security. NSS 2020. Lecture Notes in Computer Science(), vol 12570. Springer, Cham. https://doi.org/10.1007/978-3-030-65745-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65745-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65744-4

  • Online ISBN: 978-3-030-65745-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation