TY - GEN
T1 - Real-Time IRC Threat Detection Framework
AU - Shao, Sicong
AU - Tunc, Cihan
AU - Satam, Pratik
AU - Hariri, Salim
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/10/9
Y1 - 2017/10/9
N2 - Most of the social media platforms generate a massive amount of raw data that is slow-paced. On the other hand, Internet Relay Chat (IRC) protocol, which has been extensively used by hacker community to discuss and share their knowledge, facilitates fast-paced and real-Time text communications. Previous studies of malicious IRC behavior analysis were mostly either offline or batch processing. This results in a long response time for data collection, pre-processing, and threat detection. However, since the threats can use the latest vulnerabilities to exploit systems (e.g. zero-day attack) and which can spread fast using IRC channels. Current IRC channel monitoring techniques cannot provide the required fast detection and alerting. In this paper, we present an alternative approach to overcome this limitation by providing real-Time and autonomic threat detection in IRC channels. We demonstrate the capabilities of our approach using as an example the shadow brokers' leak exploit (the exploit leveraged by WannaCry ransomware attack) that was captured and detected by our framework.
AB - Most of the social media platforms generate a massive amount of raw data that is slow-paced. On the other hand, Internet Relay Chat (IRC) protocol, which has been extensively used by hacker community to discuss and share their knowledge, facilitates fast-paced and real-Time text communications. Previous studies of malicious IRC behavior analysis were mostly either offline or batch processing. This results in a long response time for data collection, pre-processing, and threat detection. However, since the threats can use the latest vulnerabilities to exploit systems (e.g. zero-day attack) and which can spread fast using IRC channels. Current IRC channel monitoring techniques cannot provide the required fast detection and alerting. In this paper, we present an alternative approach to overcome this limitation by providing real-Time and autonomic threat detection in IRC channels. We demonstrate the capabilities of our approach using as an example the shadow brokers' leak exploit (the exploit leveraged by WannaCry ransomware attack) that was captured and detected by our framework.
KW - Internet Relay Chat (IRC)
KW - Stanford coreNLP
KW - WannaCry ransomware attack
KW - cyber security
KW - hacker data analysis and visualization
KW - real-Time threat detection
UR - http://www.scopus.com/inward/record.url?scp=85035231447&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85035231447&partnerID=8YFLogxK
U2 - 10.1109/FAS-W.2017.166
DO - 10.1109/FAS-W.2017.166
M3 - Conference contribution
AN - SCOPUS:85035231447
T3 - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
SP - 318
EP - 323
BT - Proceedings - 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE International Workshops on Foundations and Applications of Self* Systems, FAS*W 2017
Y2 - 18 September 2017 through 22 September 2017
ER -