Haishuai Wang,Peng Zhang,Ling Chen,Chengqi Zhang

DOI: https://doi.org/10.1007/978-3-319-19548-3_27

2015-01-01

Abstract:In this paper, we present our recent progress of designing a real-time system, SocialAnalysis, to discover and summarize emergent social events from social media data streams. In social networks era, people always frequently post messages or comments about their activities and opinions. Hence, there exist temporal correlations between the physical world and virtual social networks, which can help us to monitor and track social events, detecting and positioning anomalous events before their outbreakings, so as to provide early warning.The key technologies in the system include: (1) Data denoising methods based on multi-features, which screens out the query-related event data from massive background data. (2) Abnormal events detection methods based on statistical learning, which can detect anomalies by analyzing and mining a series of observations and statistics on the time axis. (3) Geographical position recognition, which is used to recognize regions where abnormal events may happen.

Zhiwei Liu,Yang Yang,Zi Huang,Fumin Shen,Dongxiang Zhang,Heng Tao Shen

DOI: https://doi.org/10.1145/3077136.3080700

2017-01-01

Abstract:Social media has become one of the most credible sources for delivering messages, breaking news, as well as events. Predicting the future dynamics of an event at a very early stage is significantly valuable, e.g, helping company anticipate marketing trends before the event becomes mature. However, this prediction is non-trivial because a) social events always stay with \"noise'' under the same topic and b) the information obtained at its early stage is too sparse and limited to support an accurate prediction. In order to overcome these two problems, in this paper, we design an event early embedding model (EEEM) that can 1) extract social events from noise, 2) find the previous similar events, and 3) predict future dynamics of a new event. Extensive experiments conducted on a large-scale dataset of Twitter data demonstrate the capacity of our model on extract events and the promising performance of prediction by considering both volume information as well as content information.

Guangyan Huang,Jing He,Yanchun Zhang,Wanlei Zhou,Hai Liu,Peng Zhang,Zhiming Ding,Yue You,Jian Cao

DOI: https://doi.org/10.1007/s11280-014-0293-1

2014-01-01

World Wide Web

Abstract:Streams of short text, such as news titles, enable us to effectively and efficiently learn the real world events that occur anywhere and anytime. Short text messages that are companied by timestamps and generally brief events using only a few words differ from other longer text documents, such as web pages, news stories, blogs, technical papers and books. For example, few words repeat in the same news titles, thus frequency of the term (i.e., TF) is not as important in short text corpus as in longer text corpus. Therefore, analysis of short text faces new challenges. Also, detecting and tracking events through short text analysis need to reliably identify events from constant topic clusters; however, existing methods, such as Latent Dirichlet Allocation (LDA), generates different topic results for a corpus at different executions. In this paper, we provide a Finding Topic Clusters using Co-occurring Terms (FTCCT) algorithm to automatically generate topics from a short text corpus, and develop an Event Evolution Mining (EEM) algorithm to discover hot events and their evolutions (i.e., the popularity degrees of events changing over time). In FTCCT, a term (i.e., a single word or a multiple-words phrase) belongs to only one topic in a corpus. Experiments on news titles of 157 countries within 4 months (from July to October, 2013) demonstrate that our FTCCT-based method (combining FTCCT and EEM) achieves far higher quality of the event's content and description words than LDA-based method (combining LDA and EEM) for analysis of streams of short text. Our method also visualizes the evolutions of the hot events. The discovered world-wide event evolutions have explored some interesting correlations of the world-wide events; for example, successive extreme weather phenomenon occur in different locations - typhoon in Hong Kong and Philippines followed hurricane and storm flood in Mexico in September 2013.

Weijing Huang,Wei Chen,Lamei Zhang,Tengjiao Wang

DOI: https://doi.org/10.1007/978-3-319-45814-4_27

2016-01-01

Abstract:Detecting events in microblog is important but still challenging. As tweet stream is a mixture of user interests and external events, its expensive to distinguish them. Existing methods are ineffective since they ignore user interests or only model interests and events on a fixed dataset without scalability. In this paper, we introduce an online learning model User Modeling Based Interest and Event Topic Model (UMIETM). UMIETM (1) exploits user modeling's information to discover events, which usually capture attentions from users with different interests, and (2) treats the arriving data as stream and run the detection in online learning style. Furthermore, UMIETM can handle dynamic increased vocabulary in tweet stream. The UMIETM is verified on the real dataset which spans one year and contains 16 million tweets, and it outperforms state-of-the-art models in quantitative.

Rupinder Paul Khandpur,Taoran Ji,Steve Jan,Gang Wang,Chang-Tien Lu,Naren Ramakrishnan

DOI: https://doi.org/10.1145/3132847.3132866

2017-02-25

Abstract:Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDOS) attacks, data breaches, and account hijacking) in an unsupervised manner using just a limited fixed set of seed event triggers. A new query expansion strategy based on convolutional kernels and dependency parses helps model reporting structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.

Cryptography and Security,Human-Computer Interaction,Information Retrieval,Social and Information Networks

Raymond Y. K. Lau,Yunqing Xia

DOI: https://doi.org/10.7763/ijfcc.2013.v2.187

2013-01-01

International Journal of Future Computer and Communication

Abstract:Recent research reveals that the number of cyber-attacks has been doubled in the past three years. This is a devastating growth of the number of cyber-attacks, and it reveals a serious business problem around the world. Existing intrusion detection systems (IDSs), intrusion prevention systems (IPSs), and anti-malware systems mainly rely on low-level network traffic features or program code signatures to detect cyber-attacks. However, since hackers can constantly change their attack tactics by, it is extremely difficult for existing security solutions to detect cyber-attacks. There are increasing more evidences showing that cybercriminals tend to exchange cybercrime knowledge and transact via online social media. Accordingly, it presents unprecedented opportunities for security intelligence experts to tap into online social media to extract the vital security intelligence for cyber-attack forensics. The main contributions of this paper are the design, development, and evaluation of a Latent Dirichlet Allocation (LDA)-based latent text mining model for cyber-attack forensics. Our preliminary evaluation of the proposed latent text mining model based on a real-world data set crawled from Twitter and Blog sites shows that it significantly outperforms the probabilistic latent semantic indexing (pLSI) method in terms of extracting more relevant and richer concepts describing real-world cyber-attack incidents.

Zhiwei Liu,Yang,Zi Huang,Fumin Shen,Dongxiang Zhang,Heng Tao Shen

DOI: https://doi.org/10.1007/s11280-018-0545-6

2018-01-01

World Wide Web

Abstract:Social media has become one of the most credible sources for delivering messages, breaking news, as well as events. Predicting the future dynamics of an event at a very early stage is significantly valuable, e.g, helping company anticipate marketing trends before the event becomes mature. However, this prediction is non-trivial because a) social events always stay with "noise" under the same topic and b) the information obtained at its early stage is too sparse and limited to support an accurate prediction. In order to overcome these two problems, in this paper, we design an event early embedding model (EEEM) that can 1) extract social events from noise, 2) find the previous similar events, and 3) predict future dynamics of a new event with very limited information. Specifically, a denoising approach is derived from the knowledge of signal analysis to eliminate social noise and extract events. Moreover, we propose a novel predicting scheme based on locally linear embedding algorithm to construct the volume of a new event from its k nearest neighbors. Compared to previous work only fitting the historical volume dynamics to make a prediction, our predictive model is based on both the volume information and content information of events. Extensive experiments conducted on a large-scale dataset of Twitter data demonstrate the capacity of our model on extract events and the promising performance of prediction by considering both volume information as well as content information. Compared with predicting with only the content or the volume feature, we find the best performance of considering they both with our proposed fusion method.

Ashok Deb,Kristina Lerman,Emilio Ferrara

DOI: https://doi.org/10.3390/info9110280

2018-04-15

Abstract:Recent high-profile cyber attacks exemplify why organizations need better cyber defenses. Cyber threats are hard to accurately predict because attackers usually try to mask their traces. However, they often discuss exploits and techniques on hacking forums. The community behavior of the hackers may provide insights into groups' collective malicious activity. We propose a novel approach to predict cyber events using sentiment analysis. We test our approach using cyber attack data from 2 major business organizations. We consider 3 types of events: malicious software installation, malicious destination visits, and malicious emails that surpassed the target organizations' defenses. We construct predictive signals by applying sentiment analysis on hacker forum posts to better understand hacker behavior. We analyze over 400K posts generated between January 2016 and January 2018 on over 100 hacking forums both on surface and Dark Web. We find that some forums have significantly more predictive power than others. Sentiment-based models that leverage specific forums can outperform state-of-the-art deep learning and time-series models on forecasting cyber attacks weeks ahead of the events.

Computation and Language

Hansu Gu,Xing Xie,Qin Lv,Yaoping Ruan,Li Shang

DOI: https://doi.org/10.1109/wi-iat.2011.126

2011-01-01

Abstract:Outline social media networks (OSMNs) such as Twitter provide great opportunities for public engagement and event information dissemination. Event-related discussions occur in real time and at the worldwide scale. However, these discussions are in the form of short, unstructured messages and dynamically woven into daily chats and status updates. Compared with traditional news articles, the rich and diverse user-generated content raises unique new challenges for tracking and analyzing events. Effective and efficient event modeling is thus essential for real-time information-intensive OSMNs. In this work, we propose ETree, an effective and efficient event modeling solution for social media network sites. Targeting the unique challenges of this problem, ETree consists of three key components: (1) an n-gram based content analysis technique for identifying core information blocks from a large number of short messages, (2) an incremental and hierarchical modeling technique for identifying and constructing event theme structures at different granularities, and (3) an enhanced temporal analysis technique for identifying inherent causalities between information blocks. Detailed evaluation using 3.5 million tweets over a 5-month period demonstrates that ETree can efficiently generate high-quality event structures and identify inherent causal relationships with high accuracy.

Jian Cui,Hanna Kim,Eugene Jang,Dayeon Yim,Kicheol Kim,Yongjae Lee,Jin-Woo Chung,Seungwon Shin,Xiaojing Liao

2024-09-13

Abstract:Twitter is recognized as a crucial platform for the dissemination and gathering of Cyber Threat Intelligence (CTI). Its capability to provide real-time, actionable intelligence makes it an indispensable tool for detecting security events, helping security professionals cope with ever-growing threats. However, the large volume of tweets and inherent noises of human-crafted tweets pose significant challenges in accurately identifying security events. While many studies tried to filter out event-related tweets based on keywords, they are not effective due to their limitation in understanding the semantics of tweets. Another challenge in security event detection from Twitter is the comprehensive coverage of security events. Previous studies emphasized the importance of early detection of security events, but they overlooked the importance of event coverage. To cope with these challenges, in our study, we introduce a novel event attribution-centric tweet embedding method to enable the high precision and coverage of events. Our experiment result shows that the proposed method outperforms existing text and graph-based tweet embedding methods in identifying security events. Leveraging this novel embedding approach, we have developed and implemented a framework, Tweezers, that is applicable to security event detection from Twitter for CTI gathering. This framework has demonstrated its effectiveness, detecting twice as many events compared to established baselines. Additionally, we have showcased two applications, built on Tweezers for the integration and inspection of security events, i.e., security event trend analysis and informative security user identification.

Cryptography and Security

Weifeng Li,Hsinchun Chen,,

DOI: https://doi.org/10.25300/misq/2022/15642

IF: 7.3

2022-12-01

MIS Quarterly

Abstract:The prevalence and rapid growth of cybercrime are largely attributed to hacker communities on the dark web, where cybercriminals extensively exchange hacking resources, share hacking knowledge, and organize cyberattacks. Such streams of hacker-generated content constitute an invaluable data source for developing threat intelligence that can inform organizations of cybersecurity risks and facilitate proactive cyber defense. Drawing upon the design science paradigm, we propose a novel nonparametric emerging topic detection (NPETD) framework for detecting emerging topics in streams of hacker-generated content. Our framework extends the state-of-the-art nonparametric topic model to inductively model topics without having to specify the number of topics a priori. Moreover, our framework features an efficient algorithm to jointly infer topics and detect topic emergence. We conducted experiments to rigorously evaluate the effectiveness and efficiency of our framework in comparison with the state-of-the-art baseline methods. Our framework outperformed the baseline methods in detecting the listings of emerging threats in darknet marketplaces on recall, F-measure, topic coherence, and processor time. The practical utility of our framework is further demonstrated in a major hacker forum, where we identified several notable emerging topics with important implications for victim companies and law enforcement. The proposed framework contributes to cybersecurity, topic detection and tracking, and design science.

information science & library science,management,computer science, information systems

Zheng Xu,Hui Zhang,Chuanping Hu,Yunhuai Liu,Junyu Xuan,Lin Mei

DOI: https://doi.org/10.1504/ijahuc.2017.10001956

2016-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Crowdsourcing is a newly emerging service platform and business model in the Internet. Analysis and description about urban emergency events, e.g., fires, storms and traffic jams are of great importance to protect the security of humans. Recently, social media feeds are rapidly emerging as a novel platform for providing and dissemination of information that is often geographic. In this paper, in order to describe the timeline of real-time urban emergency events, the new web mining task timeline description (TD) is proposed. Firstly, the related information of an urban emergency event is extracted from Weibo messages. Secondly, the valid message including the semantic or spatial information is detected in this step. Thirdly, detected valid messages are used to build the TD. Case studies on real datasets show the proposed model has good performance and high effectiveness in the analysis and description of urban emergency events.

Soumajyoti Sarkar,Mohammad Almukaynizi,Jana Shakarian,Paulo Shakarian

DOI: https://doi.org/10.1007/s13278-019-0603-9

2019-09-30

Social Network Analysis and Mining

Abstract:With the rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. In this study, we attempt to build a framework that utilizes unconventional signals from the darkweb forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise-related external cyber attacks. We use both unsupervised and supervised learning models that address the challenges that come with the lack of enterprise attack metadata for ground-truth validation as well as insufficient data for training the models. We validate our models on a binary classification problem that attempts to predict cyber attacks on a daily basis for an organization. Using several controlled studies on features leveraging the network structure, we measure the extent to which the indicators from the darkweb forums can be successfully used to predict attacks. We use information from 53 forums in the darkweb over a span of 17 months for the task. Our framework to predict real-world organization cyber attacks of three different security events suggests that focusing on the reply path structure between groups of users based on random walk transitions and community structures has an advantage in terms of better performance solely relying on forum or user posting statistics prior to attacks.

Zheng Xu,Yunhuai Liu,Lin Mei,Xiangfeng Luo,Chuanping Hu,Hui Zhang,Jie Yu

DOI: https://doi.org/10.1007/s11277-016-3689-7

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Event has been described as something unexpectedly-happened or a story, which is described by a series of text information sources in time sequence. In recent years, with the rapid development of the information society, the application services gradually become the main form of information dissemination and communication, such as social networking site, post bar, etc. The generated social impact by the application services propagation after an event occurrence is growing larger, while recently people pay much more attention to the research of the information dissemination model. In this paper, we proposed a Cyber-Physical Space Event Model (CPSEM) and an Event Influence Scope Detection Algorithm (EISDA) from Cyber-Physical Space, and made relevant experiments on the basis of formal description. The CPSEM analysed events from Cyber Space and Physical Space which effectively made up the sidedness only from one space. In addition, EISDA was proposed based on CPSEM in the further, which identified a hot event influence scope on the basis of two spaces. Experiments verified that CPSEM solved incompleteness and unreality of internet data, and EISDA identified scope and diffusion direction of event influence from a new perspective and have improved the experiment accuracy for business application.

Lin Mu,Peiquan Jin,Lizhou Zheng,En-Hong Chen,Lihua Yue

DOI: https://doi.org/10.1145/3184558.3186338

2018-01-01

Abstract:Microblog like Twitter and Sina Weibo has been an important information source for event detection and monitoring. In many decision-making scenarios, it is not enough to only provide a structural tuple for an event, e.g., a 5W1H record like . However, in addition to event structural tuples, people need to know the evolution lifecycle of an event. The lifecycle description of an event is more helpful for decision making because people can focus on the progress and trend of events. In this paper, we propose a novel method for efficiently detecting and tracking event evolution on microblogging platforms. The major features of our study are: (1) It provides a novel event-type-driven method to extract event tuples, which forms the foundation for event evolution analysis. (2) It describes the lifecycle of an event by a staged model, and provides effective algorithms for detecting the stages of an event. (3) It offers emotional analysis over the stages of an event, through which people are able to know the public emotional tendency over a specific event at different time periods. We build a prototype system and present its architecture and implemental details in the paper. In addition, we conduct experiments on real microblog datasets and the results in terms of precision, recall, and F-measure suggest the effectiveness and efficiency of our proposal.

Pei Lee,Laks V.S. Lakshmanan,Evangelos E. Milios

DOI: https://doi.org/10.48550/arXiv.1311.5978

2013-11-23

Abstract:Online social post streams such as Twitter timelines and forum discussions have emerged as important channels for information dissemination. They are noisy, informal, and surge quickly. Real life events, which may happen and evolve every minute, are perceived and circulated in post streams by social users. Intuitively, an event can be viewed as a dense cluster of posts with a life cycle sharing the same descriptive words. There are many previous works on event detection from social streams. However, there has been surprisingly little work on tracking the evolution patterns of events, e.g., birth/death, growth/decay, merge/split, which we address in this paper. To define a tracking scope, we use a sliding time window, where old posts disappear and new posts appear at each moment. Following that, we model a social post stream as an evolving network, where each social post is a node, and edges between posts are constructed when the post similarity is above a threshold. We propose a framework which summarizes the information in the stream within the current time window as a ``sketch graph'' composed of ``core'' posts. We develop incremental update algorithms to handle highly dynamic social streams and track event evolution patterns in real time. Moreover, we visualize events as word clouds to aid human perception. Our evaluation on a real data set consisting of 5.2 million posts demonstrates that our method can effectively track event dynamics in the whole life cycle from very large volumes of social streams on the fly.

Social and Information Networks,Physics and Society

Tao Tang,Guangmin Hu

DOI: https://doi.org/10.3390/info11090450

2020-01-01

Information

Abstract:People publish tweets on Twitter to share everything from global news to their daily life. Abundant user-generated content makes Twitter become one of the major channels for people to obtain information about real-world events. Event detection techniques help to extract events from massive amounts of Twitter data. However, most existing techniques are based on Twitter information streams, which contain plenty of noise and polluted content that would affect the accuracy of the detecting result. In this article, we present an event discovery method based on the change of the user’s followers, which can detect the occurrences of significant events relevant to the particular user. We divide these events into categories according to the positive or negative effect on the specific user. Further, we observe the evolution of individuals’ followership networks and analyze the dynamics of networks. The results show that events have different effects on the evolution of different features of Twitter followership networks. Our findings may play an important role for realizing how patterns of social interaction are impacted by events and can be applied in fields such as public opinion monitoring, disaster warning, crisis management, and intelligent decision making.

Wei Chen,Chun Chen,Li-jun Zhang,Can Wang,Jia-jun Bu

DOI: https://doi.org/10.1631/jzus.c0910245

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Online monitoring of temporally-sequenced news streams for interesting patterns and trends has gained popularity in the last decade. In this paper, we study a particular news stream monitoring task: timely detection of bursty events which have happened recently and discovery of their evolutionary patterns along the timeline. Here, a news stream is represented as feature streams of tens of thousands of features (i.e., keyword. Each news story consists of a set of keywords.). A bursty event therefore is composed of a group of bursty features, which show bursty rises in frequency as the related event emerges. In this paper, we give a formal definition to the above problem and present a solution with the following steps: (1) applying an online multi-resolution burst detection method to identify bursty features with different bursty durations within a recent time period; (2) clustering bursty features to form bursty events and associating each event with a power value which reflects its bursty level; (3) applying an information retrieval method based on cosine similarity to discover the event’s evolution (i.e., highly related bursty events in history) along the timeline. We extensively evaluate the proposed methods on the Reuters Corpus Volume 1. Experimental results show that our methods can detect bursty events in a timely way and effectively discover their evolution. The power values used in our model not only measure event’s bursty level or relative importance well at a certain time point but also show relative strengths of events along the same evolution.

Yang Sun,Junhua Tang,Li Pan,Jianhua Li

DOI: https://doi.org/10.1109/smartcity.2015.114

2015-01-01

Abstract:In recent years, the evolution of online social networks has become an important research topic in online social network analysis. An important approach to this problem is to detect community evolution events so as to understand the evolution of the whole network. Considering the huge amount of data in large social networks, an efficient and scalable community evolution detection algorithm is necessary. In this paper, we focus on community evolution events detection in dynamic social networks. First, we divide the Facebook and DBLP data set into a series of snapshots and apply the Louvain algorithm to find the communities in each snapshot. Then, we propose a light weight evolution events detection algorithm to find the community evolution patterns between adjacent snapshots, which statistically show the evolution trend of the entire network. Simulation results show that our algorithm can effectively detect the community evolution events in online social networks.

Zheng Xu,Yunhuai Liu,Junyu Xuan,Haiyan Chen,Lin Mei

DOI: https://doi.org/10.1007/s11042-015-2731-1

IF: 2.577

2015-01-01

Multimedia Tools and Applications

Abstract:An urban emergency event requires an immediate reaction or assistance for an emergency situation. With the popularity of the World Wide Web, the internet is becoming a major information provider and disseminator of emergency events and this is due to its real-time, open, and dynamic features. However, faced with the huge, disordered and continuous nature of web resources, it is impossible for people to efficiently recognize, collect and organize these events. In this paper, a crowdsourcing based burst computation algorithm of an urban emergency event is developed in order to convey information about the event clearly and to help particular social groups or governments to process events effectively. A definition of an urban emergency event is firstly introduced. This serves as the foundation for using web resources to compute the burst power of events on the web. Secondly, the different temporal features of web events are developed to provide the basic information for the proposed computation algorithm. Moreover, the burst power is presented to integrate the above temporal features of an event. Empirical experiments on real datasets show that the burst power can be used to analyze events.