Localising social network users and profiling their movement

© 2018 Elsevier Ltd Open-source intelligence (OSINT) is intelligence collected from publicly available sources to meet specific intelligence requirements. This paper proposes a new method to localise and profile the movement of social network users through OSINT and machine learning techniques. Analysis of obtained OSINT social networks posts data from targeted users, suggests that it is possible to extract information such as their approximate location, leading also to the profiling of their movement, without using any supported Global Navigation Satellite System functionality which may be passed to the social network through a capable smart device. The ability to profile a target's movement activity could allow anyone to track a social network user or predict his or her future location. Moreover, in this work, we also demonstrate that information from social networks can be extracted relatively in real time, thus targeted users are prone to lose any sense of physical privacy

A cost-efficient threat intelligence platform powered by crowdsourced OSINT

Cyberattacks are a primary concern for organisations of all kinds, costing billions of dollars globally each year. As more businesses begin operating online, and as attackers develop more advanced malware and evolve their modus operandi, the demand for effective cyber security measures grows exponentially. One such measure is the threat intelligence platform (TIP): a system which gathers and presents information about current cyber threats, providing actionable insight to aid security teams in employing a more proactive approach to thwarting attacks. These platforms and their accompanying intelligence feeds can be costly when purchased from a commercial vendor, creating a financial barrier for small and medium-sized enterprises. This paper explores the use of crowdsourced open-source intelligence (OSINT) as an alternative to commercial threat intelligence. A model TIP is developed using a combination of crowdsourced OSINT, freeware, and cloud services, demonstrating the feasibility and benefits of using OSINT over commercial solutions. The developed TIP is evaluated using a dataset containing 16,713 malware samples collected via the MalwareBazaar repository

Detection of LDDoS Attacks Based on TCP Connection Parameters

Low-rate application layer distributed denial of service (LDDoS) attacks are both powerful and stealthy. They force vulnerable webservers to open all available connections to the adversary, denying resources to real users. Mitigation advice focuses on solutions that potentially degrade quality of service for legitimate connections. Furthermore, without accurate detection mechanisms, distributed attacks can bypass these defences. A methodology for detection of LDDoS attacks, based on characteristics of malicious TCP flows, is proposed within this paper. Research will be conducted using combinations of two datasets: one generated from a simulated network, the other from the publically available CIC DoS dataset. Both contain the attacks slowread, slowheaders and slowbody, alongside legitimate web browsing. TCP flow features are extracted from all connections. Experimentation was carried out using six supervised AI algorithms to categorise attack from legitimate flows. Decision trees and k-NN accurately classified up to 99.99% of flows, with exceptionally low false positive and false negative rates, demonstrating the potential of AI in LDDoS detection