Predicting software vulnerability using security discussion in social media

Social media has been used as a tool for the dissemination and exchange of information among people in many different areas of knowledge. Computer security is one which utilises social media in this way. Researchers and specialists in security are using social media tools for informing their discoveries on subjects as computer security, software vulnerabilities, exploits, data breach and hacker intrusion. Within the context of social media, Twitter might be the first channel used by security researchers for disclosing novelty (such as exploits or backdoors) in computer security. This paper proposes a Support Vector Machine (SVM) classification model using Twitter posts (tweets) as a source for filtering relevant information related to software vulnerabilities. In this paper, tweets considered relevant will be those alerting about new vulnerabilities in software (being exploited or not), as well as posts alerting software users about security patches and updates. The nonrelevant information will be considered as those which have no warning characteristic, i.e.: tweets about opinion, general conversation and topics which have no sense of alert. The proposed model achieved an accuracy of 94% by using simple features such as the frequency of words (unigram and bigram). Reasonable rates of recall and precision into the desirable class values were recorded as, 68% and 46% respectively for the same simple features. This experiment opens a path for future studies about the relationship between how alerts and discoveries in computer security are expressed by the security community on social media posts.