What Remains Uncaught?: Characterizing Sparsely Detected Malicious URLs on Twitter

Roy, Sayak Saha; Karanjit, Unique; Nilizadeh, Shirin

doi:10.14722/madweb.2021.23028

Cited by 6 publications

(1 citation statement)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Obtaining cybersecurity threats from social media. Recently, some works have proposed using social media, such as Twitter and Facebook, as the main source of identifying new vulnerabilities (Sabottke, Suciu, and Dumitras , 2015;Roy, Karanjit, and Nilizadeh 2021b). (Alves et al 2021) Misinformation Detection in Social Media.…”

Section: Related Workmentioning

confidence: 99%

Cybersecurity Misinformation Detection on Social Media: Case Studies on Phishing Reports and Zoom’s Threat

Singhal

Nihal

Kinhekar

et al. 2023

ICWSM

View full text Add to dashboard Cite

Prior work has extensively studied misinformation related to news, politics, and health, however, misinformation can also be about technological topics. While less controversial, such misinformation can severely impact companies’ reputations and revenues, and users’ online experiences. Recently, social media has also been increasingly used as a novel source of knowledgebase for extracting timely and relevant security threats, which are fed to the threat intelligence systems for better performance. However, with possible campaigns spreading false security threats, these systems can become vulnerable to poisoning attacks. In this work, we proposed novel approaches for detecting misinformation about cybersecurity and privacy threats on social media, focusing on two topics with different types of misinformation: phishing websites and Zoom’s security & privacy threats. We developed a framework for detecting inaccurate phishing claims on Twitter. Using this framework, we could label about 9% of URLs and 22% of phishing reports as misinformation. We also proposed another framework for detecting misinformation related to Zoom’s security and privacy threats on multiple platforms. Our classifiers showed great performance with more than 98% accuracy. Employing these classifiers on the posts from Facebook, Instagram, Reddit, and Twitter, we found respectively that about 18%, 3%, 4%, and 3% of posts were misinformation. In addition, we studied the characteristics of misinformation posts, their authors, and their timelines, which helped us identify campaigns.

show abstract

Section: Related Workmentioning

confidence: 99%

Cybersecurity Misinformation Detection on Social Media: Case Studies on Phishing Reports and Zoom’s Threat

Singhal

Nihal

Kinhekar

et al. 2023

ICWSM

View full text Add to dashboard Cite

show abstract

Disrupting drive-by download networks on Twitter

Javed

Ikwu

Burnap

et al. 2022

Soc. Netw. Anal. Min.

View full text Add to dashboard Cite

This paper tests disruption strategies in Twitter networks containing malicious URLs used in drive-by download attacks. Cybercriminals use popular events that attract a large number of Twitter users to infect and propagate malware by using trending hashtags and creating misleading tweets to lure users to malicious webpages. Due to Twitter’s 280 character restriction and automatic shortening of URLs, it is particularly susceptible to the propagation of malware involved in drive-by download attacks. Considering the number of online users and the network formed by retweeting a tweet, a cybercriminal can infect millions of users in a short period. Policymakers and researchers have struggled to develop an efficient network disruption strategy to stop malware propagation effectively. We define an efficient strategy as one that considers network topology and dependency on network resilience, where resilience is the ability of the network to continue to disseminate information even when users are removed from it. One of the challenges faced while curbing malware propagation on online social platforms is understanding the cybercriminal network spreading the malware. Combining computational modelling and social network analysis, we identify the most effective strategy for disrupting networks of malicious URLs. Our results emphasise the importance of specific network disruption parameters such as network and emotion features, which have proved to be more effective in disrupting malicious networks compared to random strategies. In conclusion, disruption strategies force cybercriminal networks to become more vulnerable by strategically removing malicious users, which causes successful network disruption to become a long-term effort.

show abstract