SlideShare ist ein Scribd-Unternehmen logo

Evaluating the Utilization of Twitter Messages as a Source of Security Alerts

Luiz Arthur
Luiz Arthur
1 von 21
Downloaden Sie, um offline zu lesen
Evaluating the Utilization of Twitter Messages as a Source of Security Alerts Authors: Luiz Arthur F. Santos Daniel Macêdo Batista luizsantos@utfpr.edu.br batista@ime.usp.br Rodrigo Campiolo Marco Aurélio Gerosa rcampiolo@utfpr.edu.br gerosa@ime.usp.br These slides from Luiz Arthur Feitosa Santos, Rodrigo Campiolo, Daniel Macêdo Batista e Marco Aurélio Gerosa was licensed with a license Creative Commons - Attribution – Non-Commercial 3.0 Not adjusted.
Introduction: ●Research Problem: Delay in propagation of information from new threats (Zero-day vulnerabilities). Specialized applications are not fully effective against new threats. ● Potential Solutions: The problem can be mitigated by rapid propagation of alerts. Use of social networks. 2
Objective: Analyze a set of Twitter messages to verify that these messages can help in the identification and early warning of potential security problems. Contributions: Confirm that there is collaboration in social networks in relation to computer security. Characterization of security messages. 3
Hypotheses: H1 - There is information about computer security in Twitter messages and many of these messages indicate potential threats. H2 - Twitter reports issues of information security before some specialized sites. H3 - Users on Twitter are concerned to warn another users about security issues. 4
Methodology: 5
Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http... c. ... Problem … X … http... d. Threat Y ... #virus e. … @user … Problem X … f. New Malware Z... g. X Solution.. http Searches in the range of 1 minute for 132 days: security AND (virus OR worm OR attack OR intrusion OR invasion OR ddos OR hacker OR cracker OR exploit OR malware) 6
Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http...Tweet tweet c. ... Problem … X … http... TWEET d. Threat Y ... #virus TwEet e. … @user … Problem X … f. New Malware Z... g. X Solution.. http 3. Similarity and cluster 1a. … Problem X … 1c. ... Problem … X … http... 1e. … @user … Problem X … 2d. Threat Y ... #virus 2b. ...PROBLEM Y … http... 3f. New Malware Z... Degree of similarity: 4g. X Solution... http 0,5 – tweets with tweets 7
Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http... 2. Get Feeds c. ... Problem … X … http... d. Threat Y ... #virus a. Problem X... new exploit... e. … @user … Problem X … b. Problem Z... f. New Malware Z... g. X Solution.. http Searches for 2 months 3. Similarity and cluster using 30 websites of security. 1a. … Problem X … We also used a web crawler. 1c. ... Problem … X … http... 1e. … @user … Problem X … 2d. Threat Y ... #virus 2b. ...PROBLEM Y … http... 3f. New Malware Z... 4g. X Solution... http 8
Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http... 2. Get Feeds c. ... Problem … X … http... d. Threat Y ... #virus a. Problem X... new exploit... e. … @user … Problem X … b. Problem Z... f. New Malware Z... g. X Solution.. http Degree of similarity: 3. Similarity and cluster 0,2 – news with tweets 1a. … Problem X … 1c. ... Problem … X … http... 1e. … @user … Problem X … 4. Important messages 2d. Threat Y ... #virus 1a. … Problem X … 2b. ...PROBLEM Y … http... 3f. New Malware Z... 3f. New Malware Z... 4g. X Solution... http 9
Data Collected: Twitter - from 28/Apr/2012 to 06/Nov/2012 ●Number of tweets: 82,355 ●Average of tweets per day: ~623 ●Number of user: 42,340 ●with links to URLs: 87.6 % ●with mention users - @: 37.7 % ●with hashtags - #: 37 % Feeds - from 01/Apr/2012 to 15/Nov/2012 ● Number of feeds: 4,546 10
Data Analysis: Words most used by security tweets Searched terms Security terms Qty Words Qty Words 51.197 security 4.671 android 23.030 malware 4.536 flame 22.108 attack 4.214 infosec 10.196 hacker 4.200 news 9.893 virus 4.056 cyber 5.695 exploit 3.270 anti 2.359 ddos 2.788 computer 951 worm 2.637 hacking 816 intrusion 2.419 iran 699 invasion 2.398 apple 246 cracker 2.336 internet 11
Data Analysis: Sample of relevant tweets: Pos tweets Message excerpts 1 512 Malicious code on Adobe Flash player http... 2 463 How Flame virus has changed everything for online security firms ... http://t.co... 3 374 New Java Zero-Day Exploit Hits http... 4 373 Kaspersky Anti-Virus Internet Security ... http://t.co/D0Gqh3RR 438 37 Only 9 of 22 virus scanners block Java exploit http://t.co/rw1sa3jf 439 37 ...Microsoft Services Agreement email notifications lead to latest Java exploit http... 440 36 RT @CompuSec... Hackers, rootkit find place in new novel... 441 36 # Android Map Malware http://t.co/... 1735 10 ...Gevaarlijk wis-virus verwijdert brandende VS-vlag - Er is een nieuwe variant... 1736 10 Valse Amazon-bestelling bevat Java-exploit ... http://t.co/f1KIGG2s via @shareth... 1737 10 ...malware via Java-lek Op de website van de Telegraaf hebben aanvallers kwaadaardige... 1738 10 Mobile Malware On The Rise, Android Most At Risk, Says McAfee http://t.co/iyhKXaxE 12
Data Analysis: Classification of tweets grouped with the specialized sites. 82% are related with Classification % Tweets security! Relevant 62% Irrelevant 20% Spams 10% Others 8% 13
Data Analysis: Classification of tweets after clustering. Evaluating a sample of 100 groups of a total 1.738. Classification % Tweets 91 % are related with Security alerts 60% security! General security 31% Others 9% 14
Evaluation of Hypotheses: H1 - There is information about computer security in Twitter messages and many of these messages indicate potential threats. 82.355 tweets in 132 days, averaging of 623,90 tweets per day. 91% tweets reported security issues. 60% tweets report security alerts. 15
Evaluation of Hypotheses: ● H2 - Twitter reports issues of information security before some specialized sites. 43% of tweets have most recent date. Example: PHP-CGI query string parameter vulnerability ➢Post on 02/May/2012 at CERT. ➢Posted in Twitter on 04/May/2012. ➢Cataloged in NIST on 11/May/2012. 16
Evaluation of Hypotheses: H3 - Users on Twitter are concerned to warn another users about ● security issues. 17
Evaluation of Hypotheses: H3 - Users on Twitter are concerned to warn another users about ● security issues. Average time of propagation is 12 days. 10 retweets hit ~10,000 users. The last two messages respectively hit 22,468 and 52,074 Twitter users. The message most propagate hit ~512,000 people. 18
Final Considerations: ● Difficulty selecting tweets (content and size). ● Social networks propagate security alerts. ● The alerts achieve high and rapid spread. 19
Future Work: ● Make new queries using other terms of the security. ● Improve the filter anti-spam/messages out of context. ● Evaluation of security alerts on other social networks. ●Develop an automated early warning of security based on social networks. 20
Questions? Luiz Arthur F. Santos Daniel Macêdo Batista luizsantos@utfpr.edu.br batista@ime.usp.br Rodrigo Campiolo Marco Aurélio Gerosa rcampiolo@utfpr.edu.br gerosa@ime.usp.br Thanks / Obrigado! 21

Empfohlen

Network security
Network securityNetwork security
Network securityNikhil Vyas
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure Compliance and Certification Training
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Skywiper
SkywiperSkywiper
Skywipermikaelsorai
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackAvanzo net
 

Empfohlen

Network security
Network securityNetwork security
Network securityNikhil Vyas
 
ITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure on WannaCry
ITPG Secure on WannaCryITPG Secure Compliance and Certification Training
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Skywiper
SkywiperSkywiper
Skywipermikaelsorai
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
Technical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackTechnical guidance to prevent wanna cry ransomware attack
Technical guidance to prevent wanna cry ransomware attackAvanzo net
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeSysfore Technologies
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Defeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftDefeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftidsecconf
 
Wannacry
WannacryWannacry
WannacryGunther Clauwaert
 
CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyE Hacking
 
Network security
Network securityNetwork security
Network securityAkhilesh Jain
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Detecção de alertas de segurança em redes de computadores usando redes sociai...
Detecção de alertas de segurança em redes de computadores usando redes sociai...Detecção de alertas de segurança em redes de computadores usando redes sociai...
Detecção de alertas de segurança em redes de computadores usando redes sociai...Luiz Arthur
 
Apresentação Primeiro Dia
Apresentação Primeiro DiaApresentação Primeiro Dia
Apresentação Primeiro DiaLuiz Arthur
 
Palestra - Fitem 2009 - Ferramentas de segurança OpenSource
Palestra - Fitem 2009 - Ferramentas de segurança OpenSourcePalestra - Fitem 2009 - Ferramentas de segurança OpenSource
Palestra - Fitem 2009 - Ferramentas de segurança OpenSourceLuiz Arthur
 
Invasao kernel.org
Invasao kernel.orgInvasao kernel.org
Invasao kernel.orgLuiz Arthur
 
Bibliografia recomendada-seguranca
Bibliografia recomendada-segurancaBibliografia recomendada-seguranca
Bibliografia recomendada-segurancaLuiz Arthur
 
match making e propaganda na web
match making e propaganda na webmatch making e propaganda na web
match making e propaganda na webLuiz Arthur
 
Análise de Mensagens de Segurança Postadas no Twitter
Análise de Mensagens de Segurança Postadas no TwitterAnálise de Mensagens de Segurança Postadas no Twitter
Análise de Mensagens de Segurança Postadas no TwitterLuiz Arthur
 
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...Luiz Arthur
 
Palestra Ferramentas de Segurança Open Source v.2
Palestra Ferramentas de Segurança Open Source v.2Palestra Ferramentas de Segurança Open Source v.2
Palestra Ferramentas de Segurança Open Source v.2Luiz Arthur
 
Bibliografia recomendada-programacao-python
Bibliografia recomendada-programacao-pythonBibliografia recomendada-programacao-python
Bibliografia recomendada-programacao-pythonLuiz Arthur
 
Bibliografia recomendada-redes
Bibliografia recomendada-redesBibliografia recomendada-redes
Bibliografia recomendada-redesLuiz Arthur
 
Palestra mau uso da tecnologia
Palestra mau uso da tecnologiaPalestra mau uso da tecnologia
Palestra mau uso da tecnologiaLuiz Arthur
 
UTFPR-inventario-patrimonio-laboratorio-e105
UTFPR-inventario-patrimonio-laboratorio-e105UTFPR-inventario-patrimonio-laboratorio-e105
UTFPR-inventario-patrimonio-laboratorio-e105Luiz Arthur
 
Bibliografia recomendada - programação C
Bibliografia recomendada - programação CBibliografia recomendada - programação C
Bibliografia recomendada - programação CLuiz Arthur
 
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...Luiz Arthur
 

Weitere ähnliche Inhalte

Was ist angesagt?

Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeSysfore Technologies
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Defeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftDefeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftidsecconf
 
CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyE Hacking
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 

Was ist angesagt? (7)

Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | SysforeYour Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Defeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftDefeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draft
 
Wannacry
WannacryWannacry
Wannacry
 
CEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH AcademyCEH and Security+ Training Outline - EH Academy
CEH and Security+ Training Outline - EH Academy
 
Network security
Network securityNetwork security
Network security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 

Andere mochten auch

Detecção de alertas de segurança em redes de computadores usando redes sociai...
Detecção de alertas de segurança em redes de computadores usando redes sociai...Detecção de alertas de segurança em redes de computadores usando redes sociai...
Detecção de alertas de segurança em redes de computadores usando redes sociai...Luiz Arthur
 
Apresentação Primeiro Dia
Apresentação Primeiro DiaApresentação Primeiro Dia
Apresentação Primeiro DiaLuiz Arthur
 
Palestra - Fitem 2009 - Ferramentas de segurança OpenSource
Palestra - Fitem 2009 - Ferramentas de segurança OpenSourcePalestra - Fitem 2009 - Ferramentas de segurança OpenSource
Palestra - Fitem 2009 - Ferramentas de segurança OpenSourceLuiz Arthur
 
Invasao kernel.org
Invasao kernel.orgInvasao kernel.org
Invasao kernel.orgLuiz Arthur
 
Bibliografia recomendada-seguranca
Bibliografia recomendada-segurancaBibliografia recomendada-seguranca
Bibliografia recomendada-segurancaLuiz Arthur
 
match making e propaganda na web
match making e propaganda na webmatch making e propaganda na web
match making e propaganda na webLuiz Arthur
 
Análise de Mensagens de Segurança Postadas no Twitter
Análise de Mensagens de Segurança Postadas no TwitterAnálise de Mensagens de Segurança Postadas no Twitter
Análise de Mensagens de Segurança Postadas no TwitterLuiz Arthur
 
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...Luiz Arthur
 
Palestra Ferramentas de Segurança Open Source v.2
Palestra Ferramentas de Segurança Open Source v.2Palestra Ferramentas de Segurança Open Source v.2
Palestra Ferramentas de Segurança Open Source v.2Luiz Arthur
 
Bibliografia recomendada-programacao-python
Bibliografia recomendada-programacao-pythonBibliografia recomendada-programacao-python
Bibliografia recomendada-programacao-pythonLuiz Arthur
 
Bibliografia recomendada-redes
Bibliografia recomendada-redesBibliografia recomendada-redes
Bibliografia recomendada-redesLuiz Arthur
 
Palestra mau uso da tecnologia
Palestra mau uso da tecnologiaPalestra mau uso da tecnologia
Palestra mau uso da tecnologiaLuiz Arthur
 
UTFPR-inventario-patrimonio-laboratorio-e105
UTFPR-inventario-patrimonio-laboratorio-e105UTFPR-inventario-patrimonio-laboratorio-e105
UTFPR-inventario-patrimonio-laboratorio-e105Luiz Arthur
 
Bibliografia recomendada - programação C
Bibliografia recomendada - programação CBibliografia recomendada - programação C
Bibliografia recomendada - programação CLuiz Arthur
 
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...Luiz Arthur
 
Núcleo do Linux (Kernel Linux)
Núcleo do Linux (Kernel Linux)Núcleo do Linux (Kernel Linux)
Núcleo do Linux (Kernel Linux)Luiz Arthur
 
Mineração de dados no Gmail e Facebook
Mineração de dados no Gmail e FacebookMineração de dados no Gmail e Facebook
Mineração de dados no Gmail e FacebookLuiz Arthur
 
01 programação - introdução computação
01 programação - introdução computação01 programação - introdução computação
01 programação - introdução computaçãoLuiz Arthur
 

Andere mochten auch (18)

Detecção de alertas de segurança em redes de computadores usando redes sociai...
Detecção de alertas de segurança em redes de computadores usando redes sociai...Detecção de alertas de segurança em redes de computadores usando redes sociai...
Detecção de alertas de segurança em redes de computadores usando redes sociai...
 
Apresentação Primeiro Dia
Apresentação Primeiro DiaApresentação Primeiro Dia
Apresentação Primeiro Dia
 
Palestra - Fitem 2009 - Ferramentas de segurança OpenSource
Palestra - Fitem 2009 - Ferramentas de segurança OpenSourcePalestra - Fitem 2009 - Ferramentas de segurança OpenSource
Palestra - Fitem 2009 - Ferramentas de segurança OpenSource
 
Invasao kernel.org
Invasao kernel.orgInvasao kernel.org
Invasao kernel.org
 
Bibliografia recomendada-seguranca
Bibliografia recomendada-segurancaBibliografia recomendada-seguranca
Bibliografia recomendada-seguranca
 
match making e propaganda na web
match making e propaganda na webmatch making e propaganda na web
match making e propaganda na web
 
Análise de Mensagens de Segurança Postadas no Twitter
Análise de Mensagens de Segurança Postadas no TwitterAnálise de Mensagens de Segurança Postadas no Twitter
Análise de Mensagens de Segurança Postadas no Twitter
 
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
Uma Arquitetura Autonômica para Detecção e Reação a Ameaças de Segurança em R...
 
Palestra Ferramentas de Segurança Open Source v.2
Palestra Ferramentas de Segurança Open Source v.2Palestra Ferramentas de Segurança Open Source v.2
Palestra Ferramentas de Segurança Open Source v.2
 
Bibliografia recomendada-programacao-python
Bibliografia recomendada-programacao-pythonBibliografia recomendada-programacao-python
Bibliografia recomendada-programacao-python
 
Bibliografia recomendada-redes
Bibliografia recomendada-redesBibliografia recomendada-redes
Bibliografia recomendada-redes
 
Palestra mau uso da tecnologia
Palestra mau uso da tecnologiaPalestra mau uso da tecnologia
Palestra mau uso da tecnologia
 
UTFPR-inventario-patrimonio-laboratorio-e105
UTFPR-inventario-patrimonio-laboratorio-e105UTFPR-inventario-patrimonio-laboratorio-e105
UTFPR-inventario-patrimonio-laboratorio-e105
 
Bibliografia recomendada - programação C
Bibliografia recomendada - programação CBibliografia recomendada - programação C
Bibliografia recomendada - programação C
 
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
Slides - Uma abordagem autonômica para mitigar ciberataques em redes de compu...
 
Núcleo do Linux (Kernel Linux)
Núcleo do Linux (Kernel Linux)Núcleo do Linux (Kernel Linux)
Núcleo do Linux (Kernel Linux)
 
Mineração de dados no Gmail e Facebook
Mineração de dados no Gmail e FacebookMineração de dados no Gmail e Facebook
Mineração de dados no Gmail e Facebook
 
01 programação - introdução computação
01 programação - introdução computação01 programação - introdução computação
01 programação - introdução computação
 

Ähnlich wie Evaluating the Utilization of Twitter Messages as a Source of Security Alerts

Ibm risk management-30min
Ibm risk management-30minIbm risk management-30min
Ibm risk management-30minKim Aarenstrup
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
Symantec Intelligence Quarterly Report - October - December 2010
Symantec Intelligence Quarterly Report - October - December 2010Symantec Intelligence Quarterly Report - October - December 2010
Symantec Intelligence Quarterly Report - October - December 2010Symantec
 
Module ict society
Module ict societyModule ict society
Module ict societyKak Yong
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Middle East
 
Understanding the mirai botnet
Understanding the mirai botnetUnderstanding the mirai botnet
Understanding the mirai botnetFelipe Prado
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012thesocialreporters
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaSergio Renteria Nuñez
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 

Ähnlich wie Evaluating the Utilization of Twitter Messages as a Source of Security Alerts (20)

Hacking 10 2010
Hacking 10 2010Hacking 10 2010
Hacking 10 2010
 
Ibm risk management-30min
Ibm risk management-30minIbm risk management-30min
Ibm risk management-30min
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
Symantec Intelligence Quarterly Report - October - December 2010
Symantec Intelligence Quarterly Report - October - December 2010Symantec Intelligence Quarterly Report - October - December 2010
Symantec Intelligence Quarterly Report - October - December 2010
 
Charan Resume
Charan ResumeCharan Resume
Charan Resume
 
The red book
The red book The red book
The red book
 
Module ict society
Module ict societyModule ict society
Module ict society
 
ESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectivenessESET Technology: The multi-layered approach and its effectiveness
ESET Technology: The multi-layered approach and its effectiveness
 
Understanding the mirai botnet
Understanding the mirai botnetUnderstanding the mirai botnet
Understanding the mirai botnet
 
Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012Presentatie professor Hartel Dialogues House, 28 mrt 2012
Presentatie professor Hartel Dialogues House, 28 mrt 2012
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
 
Cybersecurity fundamental
Cybersecurity fundamentalCybersecurity fundamental
Cybersecurity fundamental
 
Case Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks TelefónicaCase Study: Wannacry Ransomware attacks Telefónica
Case Study: Wannacry Ransomware attacks Telefónica
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 

Mehr von Luiz Arthur

Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?
Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?
Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?Luiz Arthur
 
Desafios da cibersegurança - ontem, hoje e amanhã
Desafios da cibersegurança - ontem, hoje e amanhãDesafios da cibersegurança - ontem, hoje e amanhã
Desafios da cibersegurança - ontem, hoje e amanhãLuiz Arthur
 
Dissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelasDissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelasLuiz Arthur
 
Dissertacao - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Algoritmos para simulador de arquiteturas paralelasDissertacao - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Algoritmos para simulador de arquiteturas paralelasLuiz Arthur
 
Palestra - Segurança da Informação - Softwarein Legal
Palestra - Segurança da Informação - Softwarein LegalPalestra - Segurança da Informação - Softwarein Legal
Palestra - Segurança da Informação - Softwarein LegalLuiz Arthur
 
Redes - Wireless Teoria
Redes - Wireless TeoriaRedes - Wireless Teoria
Redes - Wireless TeoriaLuiz Arthur
 
Redes - VoIP Teoria
Redes - VoIP TeoriaRedes - VoIP Teoria
Redes - VoIP TeoriaLuiz Arthur
 
Redes - VoIP H.323
Redes - VoIP H.323Redes - VoIP H.323
Redes - VoIP H.323Luiz Arthur
 
Redes - VoIP SIP
Redes - VoIP SIPRedes - VoIP SIP
Redes - VoIP SIPLuiz Arthur
 
Redes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanRedes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanLuiz Arthur
 
Tópicos - LVS Instalacao Slack11
Tópicos - LVS Instalacao Slack11Tópicos - LVS Instalacao Slack11
Tópicos - LVS Instalacao Slack11Luiz Arthur
 

Mehr von Luiz Arthur (12)

Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?
Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?
Pint of Science - Cibersegurnça x ciberameaças: Até onde você está seguro?
 
Desafios da cibersegurança - ontem, hoje e amanhã
Desafios da cibersegurança - ontem, hoje e amanhãDesafios da cibersegurança - ontem, hoje e amanhã
Desafios da cibersegurança - ontem, hoje e amanhã
 
NAPSOL
NAPSOLNAPSOL
NAPSOL
 
Dissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelasDissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Palestra - Algoritmos para simulador de arquiteturas paralelas
 
Dissertacao - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Algoritmos para simulador de arquiteturas paralelasDissertacao - Algoritmos para simulador de arquiteturas paralelas
Dissertacao - Algoritmos para simulador de arquiteturas paralelas
 
Palestra - Segurança da Informação - Softwarein Legal
Palestra - Segurança da Informação - Softwarein LegalPalestra - Segurança da Informação - Softwarein Legal
Palestra - Segurança da Informação - Softwarein Legal
 
Redes - Wireless Teoria
Redes - Wireless TeoriaRedes - Wireless Teoria
Redes - Wireless Teoria
 
Redes - VoIP Teoria
Redes - VoIP TeoriaRedes - VoIP Teoria
Redes - VoIP Teoria
 
Redes - VoIP H.323
Redes - VoIP H.323Redes - VoIP H.323
Redes - VoIP H.323
 
Redes - VoIP SIP
Redes - VoIP SIPRedes - VoIP SIP
Redes - VoIP SIP
 
Redes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial PlanRedes - VoIP Asterisk Dial Plan
Redes - VoIP Asterisk Dial Plan
 
Tópicos - LVS Instalacao Slack11
Tópicos - LVS Instalacao Slack11Tópicos - LVS Instalacao Slack11
Tópicos - LVS Instalacao Slack11
 

Evaluating the Utilization of Twitter Messages as a Source of Security Alerts

  • 1. Evaluating the Utilization of Twitter Messages as a Source of Security Alerts Authors: Luiz Arthur F. Santos Daniel Macêdo Batista luizsantos@utfpr.edu.br batista@ime.usp.br Rodrigo Campiolo Marco Aurélio Gerosa rcampiolo@utfpr.edu.br gerosa@ime.usp.br These slides from Luiz Arthur Feitosa Santos, Rodrigo Campiolo, Daniel Macêdo Batista e Marco Aurélio Gerosa was licensed with a license Creative Commons - Attribution – Non-Commercial 3.0 Not adjusted.
  • 2. Introduction: ●Research Problem: Delay in propagation of information from new threats (Zero-day vulnerabilities). Specialized applications are not fully effective against new threats. ● Potential Solutions: The problem can be mitigated by rapid propagation of alerts. Use of social networks. 2
  • 3. Objective: Analyze a set of Twitter messages to verify that these messages can help in the identification and early warning of potential security problems. Contributions: Confirm that there is collaboration in social networks in relation to computer security. Characterization of security messages. 3
  • 4. Hypotheses: H1 - There is information about computer security in Twitter messages and many of these messages indicate potential threats. H2 - Twitter reports issues of information security before some specialized sites. H3 - Users on Twitter are concerned to warn another users about security issues. 4
  • 6. Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http... c. ... Problem … X … http... d. Threat Y ... #virus e. … @user … Problem X … f. New Malware Z... g. X Solution.. http Searches in the range of 1 minute for 132 days: security AND (virus OR worm OR attack OR intrusion OR invasion OR ddos OR hacker OR cracker OR exploit OR malware) 6
  • 7. Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http...Tweet tweet c. ... Problem … X … http... TWEET d. Threat Y ... #virus TwEet e. … @user … Problem X … f. New Malware Z... g. X Solution.. http 3. Similarity and cluster 1a. … Problem X … 1c. ... Problem … X … http... 1e. … @user … Problem X … 2d. Threat Y ... #virus 2b. ...PROBLEM Y … http... 3f. New Malware Z... Degree of similarity: 4g. X Solution... http 0,5 – tweets with tweets 7
  • 8. Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http... 2. Get Feeds c. ... Problem … X … http... d. Threat Y ... #virus a. Problem X... new exploit... e. … @user … Problem X … b. Problem Z... f. New Malware Z... g. X Solution.. http Searches for 2 months 3. Similarity and cluster using 30 websites of security. 1a. … Problem X … We also used a web crawler. 1c. ... Problem … X … http... 1e. … @user … Problem X … 2d. Threat Y ... #virus 2b. ...PROBLEM Y … http... 3f. New Malware Z... 4g. X Solution... http 8
  • 9. Methodology: 1. Get tweets a. … Problem X … b. ...PROBLEM Y … http... 2. Get Feeds c. ... Problem … X … http... d. Threat Y ... #virus a. Problem X... new exploit... e. … @user … Problem X … b. Problem Z... f. New Malware Z... g. X Solution.. http Degree of similarity: 3. Similarity and cluster 0,2 – news with tweets 1a. … Problem X … 1c. ... Problem … X … http... 1e. … @user … Problem X … 4. Important messages 2d. Threat Y ... #virus 1a. … Problem X … 2b. ...PROBLEM Y … http... 3f. New Malware Z... 3f. New Malware Z... 4g. X Solution... http 9
  • 10. Data Collected: Twitter - from 28/Apr/2012 to 06/Nov/2012 ●Number of tweets: 82,355 ●Average of tweets per day: ~623 ●Number of user: 42,340 ●with links to URLs: 87.6 % ●with mention users - @: 37.7 % ●with hashtags - #: 37 % Feeds - from 01/Apr/2012 to 15/Nov/2012 ● Number of feeds: 4,546 10
  • 11. Data Analysis: Words most used by security tweets Searched terms Security terms Qty Words Qty Words 51.197 security 4.671 android 23.030 malware 4.536 flame 22.108 attack 4.214 infosec 10.196 hacker 4.200 news 9.893 virus 4.056 cyber 5.695 exploit 3.270 anti 2.359 ddos 2.788 computer 951 worm 2.637 hacking 816 intrusion 2.419 iran 699 invasion 2.398 apple 246 cracker 2.336 internet 11
  • 12. Data Analysis: Sample of relevant tweets: Pos tweets Message excerpts 1 512 Malicious code on Adobe Flash player http... 2 463 How Flame virus has changed everything for online security firms ... http://t.co... 3 374 New Java Zero-Day Exploit Hits http... 4 373 Kaspersky Anti-Virus Internet Security ... http://t.co/D0Gqh3RR 438 37 Only 9 of 22 virus scanners block Java exploit http://t.co/rw1sa3jf 439 37 ...Microsoft Services Agreement email notifications lead to latest Java exploit http... 440 36 RT @CompuSec... Hackers, rootkit find place in new novel... 441 36 # Android Map Malware http://t.co/... 1735 10 ...Gevaarlijk wis-virus verwijdert brandende VS-vlag - Er is een nieuwe variant... 1736 10 Valse Amazon-bestelling bevat Java-exploit ... http://t.co/f1KIGG2s via @shareth... 1737 10 ...malware via Java-lek Op de website van de Telegraaf hebben aanvallers kwaadaardige... 1738 10 Mobile Malware On The Rise, Android Most At Risk, Says McAfee http://t.co/iyhKXaxE 12
  • 13. Data Analysis: Classification of tweets grouped with the specialized sites. 82% are related with Classification % Tweets security! Relevant 62% Irrelevant 20% Spams 10% Others 8% 13
  • 14. Data Analysis: Classification of tweets after clustering. Evaluating a sample of 100 groups of a total 1.738. Classification % Tweets 91 % are related with Security alerts 60% security! General security 31% Others 9% 14
  • 15. Evaluation of Hypotheses: H1 - There is information about computer security in Twitter messages and many of these messages indicate potential threats. 82.355 tweets in 132 days, averaging of 623,90 tweets per day. 91% tweets reported security issues. 60% tweets report security alerts. 15
  • 16. Evaluation of Hypotheses: ● H2 - Twitter reports issues of information security before some specialized sites. 43% of tweets have most recent date. Example: PHP-CGI query string parameter vulnerability ➢Post on 02/May/2012 at CERT. ➢Posted in Twitter on 04/May/2012. ➢Cataloged in NIST on 11/May/2012. 16
  • 17. Evaluation of Hypotheses: H3 - Users on Twitter are concerned to warn another users about ● security issues. 17
  • 18. Evaluation of Hypotheses: H3 - Users on Twitter are concerned to warn another users about ● security issues. Average time of propagation is 12 days. 10 retweets hit ~10,000 users. The last two messages respectively hit 22,468 and 52,074 Twitter users. The message most propagate hit ~512,000 people. 18
  • 19. Final Considerations: ● Difficulty selecting tweets (content and size). ● Social networks propagate security alerts. ● The alerts achieve high and rapid spread. 19
  • 20. Future Work: ● Make new queries using other terms of the security. ● Improve the filter anti-spam/messages out of context. ● Evaluation of security alerts on other social networks. ●Develop an automated early warning of security based on social networks. 20
  • 21. Questions? Luiz Arthur F. Santos Daniel Macêdo Batista luizsantos@utfpr.edu.br batista@ime.usp.br Rodrigo Campiolo Marco Aurélio Gerosa rcampiolo@utfpr.edu.br gerosa@ime.usp.br Thanks / Obrigado! 21