Crowdsourcing cybersecurity: Cyber attack detection using social media

Rupinder Paul Khandpur; Taoran Ji; Steve Jan; Gang Wang; Chang Tien Lu; Naren Ramakrishnan

doi:10.1145/3132847.3132866

Crowdsourcing cybersecurity: Cyber attack detection using social media

Rupinder Paul Khandpur, Taoran Ji, Steve Jan, Gang Wang, Chang Tien Lu, Naren Ramakrishnan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDoS) attacks, data breaches, and account hijacking) in a weakly supervised manner using just a small set of seed event triggers and requires no training or labeled samples. A new query expansion strategy based on convolution kernels and dependency parses helps model semantic structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.

Original language	English (US)
Title of host publication	CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management
Publisher	Association for Computing Machinery,
Pages	1049-1057
Number of pages	9
ISBN (Electronic)	9781450349185
DOIs	https://doi.org/10.1145/3132847.3132866
State	Published - Nov 6 2017
Externally published	Yes
Event	26th ACM International Conference on Information and Knowledge Management, CIKM 2017 - Singapore, Singapore Duration: Nov 6 2017 → Nov 10 2017

Publication series

Name	International Conference on Information and Knowledge Management, Proceedings
Volume	Part F131841

Other

Other	26th ACM International Conference on Information and Knowledge Management, CIKM 2017
Country/Territory	Singapore
City	Singapore
Period	11/6/17 → 11/10/17

Keywords

Cyber attacks
Cyber security
Dynamic query expansion
Event detection
Social media
Twitter

ASJC Scopus subject areas

Business, Management and Accounting(all)
Decision Sciences(all)

Online availability

10.1145/3132847.3132866

Library availability

Discover UIUC Full Text

Cite this

Khandpur, R. P., Ji, T., Jan, S., Wang, G., Lu, C. T., & Ramakrishnan, N. (2017). Crowdsourcing cybersecurity: Cyber attack detection using social media. In CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management (pp. 1049-1057). (International Conference on Information and Knowledge Management, Proceedings; Vol. Part F131841). Association for Computing Machinery,. https://doi.org/10.1145/3132847.3132866

Crowdsourcing cybersecurity : Cyber attack detection using social media. / Khandpur, Rupinder Paul; Ji, Taoran; Jan, Steve et al.

CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management. Association for Computing Machinery, 2017. p. 1049-1057 (International Conference on Information and Knowledge Management, Proceedings; Vol. Part F131841).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Khandpur, RP, Ji, T, Jan, S, Wang, G, Lu, CT & Ramakrishnan, N 2017, Crowdsourcing cybersecurity: Cyber attack detection using social media. in CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management. International Conference on Information and Knowledge Management, Proceedings, vol. Part F131841, Association for Computing Machinery, pp. 1049-1057, 26th ACM International Conference on Information and Knowledge Management, CIKM 2017, Singapore, Singapore, 11/6/17. https://doi.org/10.1145/3132847.3132866

Khandpur RP, Ji T, Jan S, Wang G, Lu CT, Ramakrishnan N. Crowdsourcing cybersecurity: Cyber attack detection using social media. In CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management. Association for Computing Machinery,. 2017. p. 1049-1057. (International Conference on Information and Knowledge Management, Proceedings). doi: 10.1145/3132847.3132866

@inproceedings{d174aca4b1964716b96931fe08fc42be,

title = "Crowdsourcing cybersecurity: Cyber attack detection using social media",

abstract = "Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDoS) attacks, data breaches, and account hijacking) in a weakly supervised manner using just a small set of seed event triggers and requires no training or labeled samples. A new query expansion strategy based on convolution kernels and dependency parses helps model semantic structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.",

keywords = "Cyber attacks, Cyber security, Dynamic query expansion, Event detection, Social media, Twitter",

author = "Khandpur, {Rupinder Paul} and Taoran Ji and Steve Jan and Gang Wang and Lu, {Chang Tien} and Naren Ramakrishnan",

note = "Funding Information: The authors gratefully acknowledge the funding support for this research from National Science Foundation (under award numbers CNS-1717028, DGE-1545362, IIS-1633363) and Northrop Grumman (NGC 7500144847). Publisher Copyright: {\textcopyright} 2017 Association for Computing Machinery.; 26th ACM International Conference on Information and Knowledge Management, CIKM 2017 ; Conference date: 06-11-2017 Through 10-11-2017",

year = "2017",

month = nov,

day = "6",

doi = "10.1145/3132847.3132866",

language = "English (US)",

series = "International Conference on Information and Knowledge Management, Proceedings",

publisher = "Association for Computing Machinery,",

pages = "1049--1057",

booktitle = "CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management",

}

TY - GEN

T1 - Crowdsourcing cybersecurity

T2 - 26th ACM International Conference on Information and Knowledge Management, CIKM 2017

AU - Khandpur, Rupinder Paul

AU - Ji, Taoran

AU - Jan, Steve

AU - Wang, Gang

AU - Lu, Chang Tien

AU - Ramakrishnan, Naren

N1 - Funding Information: The authors gratefully acknowledge the funding support for this research from National Science Foundation (under award numbers CNS-1717028, DGE-1545362, IIS-1633363) and Northrop Grumman (NGC 7500144847). Publisher Copyright: © 2017 Association for Computing Machinery.

PY - 2017/11/6

Y1 - 2017/11/6

N2 - Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDoS) attacks, data breaches, and account hijacking) in a weakly supervised manner using just a small set of seed event triggers and requires no training or labeled samples. A new query expansion strategy based on convolution kernels and dependency parses helps model semantic structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.

AB - Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDoS) attacks, data breaches, and account hijacking) in a weakly supervised manner using just a small set of seed event triggers and requires no training or labeled samples. A new query expansion strategy based on convolution kernels and dependency parses helps model semantic structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.

KW - Cyber attacks

KW - Cyber security

KW - Dynamic query expansion

KW - Event detection

KW - Social media

KW - Twitter

UR - http://www.scopus.com/inward/record.url?scp=85037356582&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85037356582&partnerID=8YFLogxK

U2 - 10.1145/3132847.3132866

DO - 10.1145/3132847.3132866

M3 - Conference contribution

AN - SCOPUS:85037356582

T3 - International Conference on Information and Knowledge Management, Proceedings

SP - 1049

EP - 1057

BT - CIKM 2017 - Proceedings of the 2017 ACM Conference on Information and Knowledge Management

PB - Association for Computing Machinery,

Y2 - 6 November 2017 through 10 November 2017

ER -

Crowdsourcing cybersecurity: Cyber attack detection using social media

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this