NSF 1.2 Million Award: “Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics”


NSF SBE TTP: Medium: “Securing Cyber Space: Understanding the Cyber Attackers and Attacks via Social Media Analytics”

[PI:  Hsinchun Chen, University of Arizona; Salim Hariri, University of Arizona; Ronald Breiger, University of Arizona; Tom Holt, Michigan State University]

Cyber security is an important challenge in today's world as corporations, governments, and individuals have increasingly become victims of cyber attacks. Such attacks exploit weaknesses in technical infrastructures and human behavior. Understanding the motivation and incentives of individuals and institutions, both as attackers and defenders, can aid in creating a more secure and trustworthy cyberspace. Instead of taking a reactive approach to infrastructure protection and damage control, proactive cyber security attribution and situational awareness of the sources of attacks will allow researchers and practitioners to better understand the community of cyber attackers (and the closely affiliated hacker community), their profiles and incentives, and the associated vast underground cyber criminal networks and ecosystems. Developing “methods to model adversaries” is one of the critical but unfulfilled research needs recommended in the “Trustworthy Cyberspace” report by the National Science and Technology Council (2011).

Our research team will address important social science research questions of relevance to cyber attacker or hacker skills, community structure and ecosystem, contents and artifacts, and cultural differences. We will develop automated hacker forums and IRC (Internet Relay Chat) collection techniques for the international (US, Russian and Chinese) hacker communities. We will also deploy scalable honeypot platforms to collect malware in the wild and generate feature representation for malware attribution. The proposed integrated computational framework and the resulting algorithms and software will allow social science researchers and security practitioners to: (1) detect, classify, measure and track the formation, development and spread of topics, ideas, and concepts in cyber attacker social media communication; (2) identify important and influential cyber criminals and their interests, intent, sentiment, and opinions in online discourses; and (3) induce and recognize hacker identities, online profiles/styles, communication genres, and interaction patterns.