Predicting software vulnerability using security discussion in social media

Andrei Queiroz, Brian Keegan, Fredrick Mtenzi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Citations (Scopus)

Abstract

Social media has been used as a tool for the dissemination and exchange of information among people in many different areas of knowledge. Computer security is one which utilises social media in this way. Researchers and specialists in security are using social media tools for informing their discoveries on subjects as computer security, software vulnerabilities, exploits, data breach and hacker intrusion. Within the context of social media, Twitter might be the first channel used by security researchers for disclosing novelty (such as exploits or backdoors) in computer security. This paper proposes a Support Vector Machine (SVM) classification model using Twitter posts (tweets) as a source for filtering relevant information related to software vulnerabilities. In this paper, tweets considered relevant will be those alerting about new vulnerabilities in software (being exploited or not), as well as posts alerting software users about security patches and updates. The nonrelevant information will be considered as those which have no warning characteristic, i.e.: tweets about opinion, general conversation and topics which have no sense of alert. The proposed model achieved an accuracy of 94% by using simple features such as the frequency of words (unigram and bigram). Reasonable rates of recall and precision into the desirable class values were recorded as, 68% and 46% respectively for the same simple features. This experiment opens a path for future studies about the relationship between how alerts and discoveries in computer security are expressed by the security community on social media posts.

Original languageEnglish
Title of host publicationProceedings of the 16th European Conference on Cyber Warfare and Security, ECCWS 2017
EditorsMark Scanlon, Nhien-An Le-Khac
PublisherCurran Associates Inc.
Pages628-634
Number of pages7
ISBN (Electronic)9781911218432
Publication statusPublished - 2017
Externally publishedYes
Event16th European Conference on Cyber Warfare and Security, ECCWS 2017 - Dublin, Ireland
Duration: 29 Jun 201730 Jun 2017

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume0
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference16th European Conference on Cyber Warfare and Security, ECCWS 2017
Country/TerritoryIreland
CityDublin
Period29/06/1730/06/17

Keywords

  • Cybersecurity
  • Machine learning
  • Social media
  • Software vulnerability
  • Support vector machine
  • Twitter

Fingerprint

Dive into the research topics of 'Predicting software vulnerability using security discussion in social media'. Together they form a unique fingerprint.

Cite this