"Enhancing Network Security by Software Vulnerability Detection Using Social Media Analysis Extended Abstract"
Title | "Enhancing Network Security by Software Vulnerability Detection Using Social Media Analysis Extended Abstract" |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | D. Kergl |
Conference Name | 2015 IEEE International Conference on Data Mining Workshop (ICDMW) |
Date Published | Nov |
Publisher | IEEE |
ISBN Number | 978-1-4673-8493-3 |
Accession Number | 15757782 |
Keywords | attacked target system, automated reconfiguration, Automatic Network Configuration, common vulnerability, Crowd-based, database management systems, detecting attack, exposures database, firewall, firewalls, Intrusion detection, Media, media streaming, Network security, online service, Pattern recognition, post-incident intrusion detection, pubcrawl170101, real-time social media stream, Real-time Systems, security of data, social media analysis, social networking (online), software reliability, software vulnerability detection, Twitter, unknown security vulnerability, vulnerable target, web services |
Abstract | Detecting attacks that are based on unknown security vulnerabilities is a challenging problem. The timely detection of attacks based on hitherto unknown vulnerabilities is crucial for protecting other users and systems from being affected as well. To know the attributes of a novel attack's target system can support automated reconfiguration of firewalls and sending alerts to administrators of other vulnerable targets. We suggest a novel approach of post-incident intrusion detection by utilizing information gathered from real-time social media streams. To accomplish this we take advantage of social media users posting about incidents that affect their user accounts of attacked target systems or their observations about misbehaving online services. Combining knowledge of the attacked systems and reported incidents, we should be able to recognize patterns that define the attributes of vulnerable systems. By matching detected attribute sets with those attributes of well-known attacks, we furthermore should be able to link attacks to already existing entries in the Common Vulnerabilities and Exposures database. If a link to an existing entry is not found, we can assume to have detected an exploitation of an unknown vulnerability, i.e., a zero day exploit or the result of an advanced persistent threat. This finding could also be used to direct efforts of examining vulnerabilities of attacked systems and therefore lead to faster patch deployment. |
URL | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7395853&isnumber=7395635 |
DOI | 10.1109/ICDMW.2015.228 |
Citation Key | 7395853 |
- online service
- web services
- vulnerable target
- unknown security vulnerability
- software vulnerability detection
- software reliability
- social networking (online)
- social media analysis
- security of data
- real-time systems
- real-time social media stream
- pubcrawl170101
- post-incident intrusion detection
- Pattern recognition
- attacked target system
- network security
- media streaming
- Media
- Intrusion Detection
- firewalls
- firewall
- exposures database
- detecting attack
- database management systems
- Crowd-based
- common vulnerability
- Automatic Network Configuration
- automated reconfiguration