Open In App

How to Improve Cyber Attack Detection Using Social Media?

Improve
Improve
Like Article
Like
Save
Share
Report

Cybersecurity threats are and on the rise, organizations need to be able to identify and stop breaches before they happen. While most cybersecurity teams are aware of traditional attack monitoring tactics like antivirus software and firewalls, they may not utilize social media intelligence (SMIN) in their efforts. SMIN combines tools like data analytics, human intelligence, and open source intelligence (OSINT) with social media posts to provide incident response teams with real-time insights about potential threats. It’s a must-have for any team looking for faster detection without relying solely on traditional monitoring tools. According to a recent IDC report, organizations that leverage SMIN detect 90% of zero-day attacks, as compared to just 50% for those without SMIN. However, in order to make the most of this approach, it’s important to know what you’re looking for and how to use the data once it’s been collected.

Impact of Social Media:

Social media is often seen as a sensor for various social events, such as disease outbreaks, protests, and elections. Our approach uses only a limited set of fixed seed event triggers to unattended detect various cyber-attacks (distributed denial of service (DDoS) attacks, data breaches, account theft, etc.). A new query expansion strategy based on convolution kernels and dependency analysis helps in modeling report structure and identifying significant event characteristics. Through large-scale Twitter analysis, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.

How to improve cyber attack detection using social media

 

Open-Source Intelligence (OSINT):

It is a method of deriving meaning by collecting and processing public data. It can be used in any field, but this study refers to cybersecurity. Cybersecurity professionals must follow various sources of information to prepare for an attack. OSINT is a way to track cybersecurity events.

Effective Cyber-attack Detection:

Develop a standard operating procedure (SOP) for responding to alerts about potential cyber-attacks. Conduct training for your incident response teams on what constitutes an alert versus a false positive based on the SOP and how they should respond accordingly.

  • Gather relevant data that you’ll need during any investigation: The best way to do this is to create a database of keywords, classifiers, and phrases that can be used throughout your organization. These can then be plugged into a tool like Red Canary or NS1 to filter through social media content. For example, your team may want to monitor all posts mentioning your brand name as well as keywords such as “hack”, “cyberattack”, or “data breach.” There are services like Meltwater and Sysomos that include threat intelligence in their monitoring product and provide valuable insights on cyber threats leveraging OSINT tools.
  • Analyze your data for suspicious activities, anomalies, and trends: After filtering through all the social media posts, review them to determine whether any of the activity is out of the ordinary. 
  • Conduct a data-driven investigation: Once you’ve analyzed your data, it’s time to move forward with the investigation.  Based on the severity of suspicious activity, an investigation could span from a few minutes (for example, if someone is making a threat against one of your employees) to months or even years (if there are hints of large-scale or nation-state cybersecurity efforts).
  • Prioritize actions for your team: The last step after you’ve gathered enough information about potential threats is to prioritize responses for your team.  Depending on how severe the threat seems, you may want to assign different levels of response depending on the type of threat and who it’s directed at. Some potential actions include:
    • Shut down or block a harmful post or account.
    • Follow up with affected users and offer them extra security support in case they are being hacked, phished, etc.

Methods to Improve Cyberattacks:

  • Robustly Optimized BERT Pretraining Approach (RoBERTa): After the BERT breakthrough, researchers aimed to find better approaches to achieve state-of-the-art results. RoBERTa was created by his Facebook researcher in 2019. We modified the hyperparameters and removed the next set of prediction parts present in BERT to improve the training performance. As such, we were able to train the model using a 10x larger dataset than BERT and get better results on different tasks.
  • Bidirectional Encoder Representations (BERT): It is one of the most popular transformers and was pre-trained by Google researchers in 2018 for NLP next-sentence prediction and language modeling tasks on massive datasets. It consists of encoded layers and a self-aware head.
  • XLNET: The model uses another modeling language called permutation to achieve better results than BERT. We also trained the model on a large dataset with higher computational power than BERT for better results on NLP tasks. 
  • Transfer Learning: This is the power of your model for different tasks or data. As mentioned earlier, there are trained transformers that are very powerful, and by fine-tuning the model, its performance can be used on small data sets. So you can get better results than training the model
    completely new.

Last Updated : 13 Nov, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads