Visible to the public Real-Time IRC Threat Detection Framework

TitleReal-Time IRC Threat Detection Framework
Publication TypeConference Paper
Year of Publication2017
AuthorsShao, S., Tunc, C., Satam, P., Hariri, S.
Conference Name2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W)
Date Publishedsep
ISBN Number978-1-5090-6558-5
KeywordsAutonomic Security, autonomic threat detection, Computer crime, Computer hacking, cyber security, Data collection, electronic messaging, hacker community, hacker data analysis and visualization, Internet, Internet Relay Chat (IRC), Internet Relay Chat protocol, IRC channel monitoring, IRC protocol, malicious IRC behavior analysis, Metrics, Monitoring, Neural networks, pubcrawl, real-time IRC threat detection framework, Real-time Systems, real-time text communications, real-time threat detection, Resiliency, Scalability, security of data, social media platforms, social networking (online), Stanford coreNLP, Tools, WannaCry ransomware attack
Abstract

Most of the social media platforms generate a massive amount of raw data that is slow-paced. On the other hand, Internet Relay Chat (IRC) protocol, which has been extensively used by hacker community to discuss and share their knowledge, facilitates fast-paced and real-time text communications. Previous studies of malicious IRC behavior analysis were mostly either offline or batch processing. This results in a long response time for data collection, pre-processing, and threat detection. However, since the threats can use the latest vulnerabilities to exploit systems (e.g. zero-day attack) and which can spread fast using IRC channels. Current IRC channel monitoring techniques cannot provide the required fast detection and alerting. In this paper, we present an alternative approach to overcome this limitation by providing real-time and autonomic threat detection in IRC channels. We demonstrate the capabilities of our approach using as an example the shadow brokers' leak exploit (the exploit leveraged by WannaCry ransomware attack) that was captured and detected by our framework.

URLhttp://ieeexplore.ieee.org/document/8064142/
DOI10.1109/FAS-W.2017.166
Citation Keyshao_real-time_2017