Cardiff University researchers have developed a technique for detecting tweets containing malicious links.
The researchers note hackers frequently exploit public excitement around events such as sports tournaments by crafting tweets that are made to look like they relate to the event, but instead contain links to malicious websites hosting "drive-by download" attacks. They say it can be difficult to determine what links are malicious due to ubiquitous URL-shortening services used by Twitter users.
Cardiff researchers studied tweets containing URLs collected during the 2015 Super Bowl and the cricket world cup finals, and monitored the interactions between the linked URLs and a user's device in order to identify the features of a malicious attack. They found these features include creating processes and modifying registry fields, as well as certain patterns of processor use and network adapter status. The researchers used this data to train a machine classifier to recognize predictive signals that can identify a malicious URL.
During testing, the researchers were able to identify potential malicious tweets with 83-percent accuracy within five seconds after a user clicked on a given link, and with 98-percent accuracy within 30 seconds.
The researchers plan to stress-test their tool during next summer's European Football Championships.
The researchers presented their study at the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining in August.
From Engineering & Physical Sciences Research Council
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found