Real-Time IRC Threat Detection Framework

Sicong Shao, Cihan Tunc, Pratik Satam, Salim Hariri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

Most of the social media platforms generate a massive amount of raw data that is slow-paced. On the other hand, Internet Relay Chat (IRC) protocol, which has been extensively used by hacker community to discuss and share their knowledge, facilitates fast-paced and real-Time text communications. Previous studies of malicious IRC behavior analysis were mostly either offline or batch processing. This results in a long response time for data collection, pre-processing, and threat detection. However, since the threats can use the latest vulnerabilities to exploit systems (e.g. zero-day attack) and which can spread fast using IRC channels. Current IRC channel monitoring techniques cannot provide the required fast detection and alerting. In this paper, we present an alternative approach to overcome this limitation by providing real-Time and autonomic threat detection in IRC channels. We demonstrate the capabilities of our approach using as an example the shadow brokers' leak exploit (the exploit leveraged by WannaCry ransomware attack) that was captured and detected by our framework.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages318-323
Number of pages6
ISBN (Electronic)9781509065585
DOIs
StatePublished - Oct 9 2017
Externally publishedYes
Event2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017 - Tucson, United States
Duration: Sep 18 2017Sep 22 2017

Publication series

NameProceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017

Other

Other2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
Country/TerritoryUnited States
CityTucson
Period9/18/179/22/17

Keywords

  • Internet Relay Chat (IRC)
  • Stanford coreNLP
  • WannaCry ransomware attack
  • cyber security
  • hacker data analysis and visualization
  • real-Time threat detection

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Computational Mechanics

Fingerprint

Dive into the research topics of 'Real-Time IRC Threat Detection Framework'. Together they form a unique fingerprint.

Cite this