Real-Time IRC Threat Detection Framework
| Title | Real-Time IRC Threat Detection Framework |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Shao, S., Tunc, C., Satam, P., Hariri, S. |
| Conference Name | 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W) |
| Date Published | Sept. 2017 |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-6558-5 |
| Keywords | Autonomic Security, autonomic threat detection, Computer crime, Computer hacking, cyber security, Data collection, electronic messaging, hacker community, hacker data analysis and visualization, Internet, Internet Relay Chat (IRC), Internet Relay Chat protocol, IRC channel monitoring, IRC protocol, malicious IRC behavior analysis, Metrics, Monitoring, Neural networks, pubcrawl, real-time IRC threat detection framework, Real-time Systems, real-time text communications, real-time threat detection, Resiliency, Scalability, security of data, social media platforms, social networking (online), Stanford coreNLP, Tools, WannaCry ransomware attack |
| Abstract | Most of the social media platforms generate a massive amount of raw data that is slow-paced. On the other hand, Internet Relay Chat (IRC) protocol, which has been extensively used by hacker community to discuss and share their knowledge, facilitates fast-paced and real-time text communications. Previous studies of malicious IRC behavior analysis were mostly either offline or batch processing. This results in a long response time for data collection, pre-processing, and threat detection. However, since the threats can use the latest vulnerabilities to exploit systems (e.g. zero-day attack) and which can spread fast using IRC channels. Current IRC channel monitoring techniques cannot provide the required fast detection and alerting. In this paper, we present an alternative approach to overcome this limitation by providing real-time and autonomic threat detection in IRC channels. We demonstrate the capabilities of our approach using as an example the shadow brokers' leak exploit (the exploit leveraged by WannaCry ransomware attack) that was captured and detected by our framework. |
| URL | http://ieeexplore.ieee.org/document/8064142/ |
| DOI | 10.1109/FAS-W.2017.166 |
| Citation Key | shao_real-time_2017 |
- Metrics
- WannaCry ransomware attack
- tools
- Stanford coreNLP
- social networking (online)
- social media platforms
- security of data
- Scalability
- Resiliency
- real-time threat detection
- real-time text communications
- real-time systems
- real-time IRC threat detection framework
- pubcrawl
- Neural networks
- Monitoring
- Autonomic Security
- malicious IRC behavior analysis
- IRC protocol
- IRC channel monitoring
- Internet Relay Chat protocol
- Internet Relay Chat (IRC)
- internet
- hacker data analysis and visualization
- hacker community
- electronic messaging
- Data collection
- cyber security
- Computer hacking
- Computer crime
- autonomic threat detection