Tool to check malware in Twitter URLs to be tested during European Football Championships next summer
An intelligent system has been created by computer scientists to identify malicious links disguised in shortened URLs on Twitter.
Scientists were inspired to carry out further research on the problem, following a Cardiff University study that could identify potential cyber-attacks with up to 83 percent accuracy within five seconds and with up to 98 percent accuracy within 30 seconds, when a user clicked on a URL posted on Twitter and malware began to infect the device.
Professor Omer Rana, principal investigator on the project, said “We are trying to build systems that can help law enforcement authorities make decisions in a changing cyber security landscape.”
With increasing number of people using social networks such as Twitter to find information about events, cyber-criminals are taking advantage of these high volumes of traffic, in order to post links that contain malware on websites.
The scientists collected tweets containing URLs during the 2015 Superbowl and cricket world cup finals, and monitored interactions between a website and a user’s device to recognise the features of a malicious attack.
The scientists collected data from tweets during the 2015 Superbowl and cricket world cup finals, and traced the interaction between the user’s device and the destination website to identify the features of malicious attack. Changes to the user’s machine, such as modified processes and files, were considered as malicious activity.
These activities were then used to train their system to identify common attack signs, and therefore recognize between malicious and harmless URLs.
“Unfortunately, the high volume of traffic around large scale events creates a perfect environment for cybercriminals to launch surreptitious attacks. It is well known that people use online social networks such as Twitter to find information about an event. Attackers can hide links to malicious servers in a post masquerading as an attractive or informative piece of information about the event,” explained Dr Pete Burnap, Director at Cardiff University’s Social Data Science Lab.
Due to character limitations in posts, URLs are always shortened on Twitter. Hence, it becomes extremely difficult find out which are legitimate, Burnap said.
The malware can turn your computer into a zombie computer once infected oand become part of a global network of machines used to hide information or route further attacks.
“In a 2013 report from Microsoft these ‘drive-by downloads’ were identified as one of the most active and commercial risks to cyber security,” Burnap said.
The project team that includes Professor Rana and researchers from Royal Holloway, the University of London, City University London, the University of Plymouth, Durham University, said that the European Football Championships next summer will provide an ideal environment for stress-testing the system, with a huge predicted spike in Twitter traffic.
Professor Philip Nelson, CEO at EPSRC, added: “Using social media is an integral part of modern life, vital to organisations, businesses and individuals. The UK needs to operate in a resilient and secure environment and this research will help combat these criminal cyberattacks.”
The study was carried out by research personnel from the Cardiff University and was funded by the Engineering and Physical Sciences Research Council (EPSRC) and the Economic and Social Research Council (ESRC).
This research was presented at the 2015 IEEE / ACM International Conference on Advances in Social Networks Analysis and Mining in August 2015.