Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Disrupting drive-by download networks on Twitter.

Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945, Ikwu, Ruth, Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X, Giommoni, Luca ORCID: https://orcid.org/0000-0002-3127-654X and Williams, Matthew ORCID: https://orcid.org/0000-0003-2566-6063 2022. Disrupting drive-by download networks on Twitter. Social Network Analysis and Mining 12 (117)

[thumbnail of s13278-022-00944-2 (2).pdf]
Preview
 PDF - Published Version
Available under License Creative Commons Attribution.
Download (2MB) | Preview
License URL: http://creativecommons.org/licenses/by/4.0/
License Start date: 20 August 2022

Abstract

This paper tests disruption strategies in Twitter networks contain-ing malicious URLs used in drive-by download attacks. Cybercriminals usepopular events that attract a large number of Twitter users to infect andpropagate malware by using trending hashtags and creating misleading tweetsto lure users to malicious webpages. Due to Twitter’s 280 character restric-tion and automatic shortening of URLs, it is particularly susceptible to thepropagation of malware involved in drive-by download attacks. Consideringthe number of online users and the network formed by retweeting a tweet, acybercriminal can infect millions of users in a short period. Policymakers andresearchers have struggled to develop an efficient network disruption strategyto stop malware propagation effectively. We define an efficient strategy as onethat considers network topology and dependency on network resilience, whereresilience is the ability of the network to continue to disseminate informationeven when users are removed from it. One of the challenges faced while curbingmalware propagation on online social platforms is understanding the cyber-criminal network spreading the malware. Combining computational modellingand social network analysis we identify the most effective strategy for dis-rupting networks of malicious URLs. Our results emphasise the importanceof specific network disruption parameters such as network and emotion fea-tures, which have proven to be more effective in disrupting malicious networkscompared to random strategies. In conclusion, disruption strategies force cy-bercriminal networks to become more vulnerable by strategically removing malicious users, which causes successful network disruption to become a long-term effort.

Item Type: Article
Date Type: Published Online
Status: Published
Schools: Social Sciences (Includes Criminology and Education)
Computer Science & Informatics
Additional Information: This article is licensed under a Creative Commons Attribution 4.0 International License
Publisher: Springer
ISSN: 1869-5450
Funders: ESRC
Date of First Compliant Deposit: 12 August 2022
Date of Acceptance: 20 June 2022
Last Modified: 07 Jun 2023 11:27
URI: https://orca.cardiff.ac.uk/id/eprint/151876

Actions (repository staff only)

Edit Item Edit Item
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University Information Services