OSINT investigation to detect and prevent cyber attacks and cyber security incidents
Keywords:cyber security, cyber security incident, open source intelligence, big data
A methodology for investigating and predicting cyber incidents based on the use of open sources of information and freely available open source software is offered and substantiated. The suggested methodology refers to such types of methodologies as Open Source Intelligence (OSINT). In addition, it is based on technologies of monitoring the modern Internet space, the concept of processing large amounts of data (Big Data), complex networks (Complex Networks), and extracting knowledge from text arrays (Text Mining). The components of the keyword detection technology (NLTK, Natural Language Toolkit), concepts (SpaCy, NLP), graph visualization and analysis systems are considered in detail. The main idea of analyzing large amounts of data on cybersecurity from the Internet space is to use methods and tools for collecting data using global search engines, aggregating information flows and mining the data obtained. The technique is based on the implementation of such functions as the collection of relevant information from certain information resources using the capabilities of global search engines; automatic scanning and primary processing of information from websites; formation of full-text arrays of information; analysis of text messages, determination of sentiment, formation of analytical reports; integration with a geographic information system; analysis and visualization of information reports; research of dynamics of thematic information flows; forecasting the development of events based on the analysis of the dynamics of publications in the Internet space. In the analytical mode, a number of tools are implemented for graphical presentation of data dynamics, displayed as a time series of the number of messages per day matching to a specific cyber incident, viewing plots from messages on the topic of cyber incidents, clusters grouped by the cluster analysis algorithm. Within the framework of the methodology, it is provided for the formation and inclusion of networks in operational reports from concepts matching to people, organizations, information sources, allowing to explore the relationship between them.
D. Lande, and E. Shnurko-Tabakova, “OSINT as a part of cyber defense system”, Theoretical and Applied Cybersecurity, no. 1, pp. 103-108, 2019, doi: https://doi.org/10.20535/tacs.2664-29132019.1.169091.
B. Akhgar, P. S. Bayerl, and F. Sampson, Open Source Intelligence Investigation. From Strategy to Implementation. Cham: Springer International Publishing AG, 2016.
N. Memon, and R. Reda Alhajj, Counterterrorism and Open Source Intelligence. Wien, Austria: Springer-Verlag, 2011.
D. Lande, I. Subach, and A. Puchkov, “System of Analysis of Big Data from Social Media”, Information & Security: An International Journal, vol. 47, no. 1, pp. 44-61, 2020, doi: https://doi.org/10.11610/isij.4703.
D. V. Lande, I. Yu. Subach, and Yu. Ye. Boyarinova, Fundamentals of the theory and practice of data mining in the field of cyber security. Kyiv: Institute of Special Communications and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2018.
D. Lande, “Information Streams Analysis in the Global Computer Networks”, Visnyk NAS of Ukraine, no. 3, pp. 46-54, 2017, doi: https://doi.org/10.15407/visn2017.03.045.
N. Astafieva, “Wavelet analysis: bases of the theory and examples of application”, Achievements of physical sciences, iss. 11, pp. 1145-1170, 1996.
A. Dodonov, D. Lande, V. Tsyganok, O. Andriichuk, S. Kadenko, and A. Graivoronskaya, Information Operations Recognition. From Nonlinear Analysis to Decision-Making. Kiev: Lambert Academic Publishing, 2019.
D. Sornette, Why Stock Markets Crash: Critical Events in Complex Financial Systems. Princeton: Princeton University Press, 2004, doi: https://doi.org/10.23943/princeton/9780691175959.001.0001.
D. Sornette, How to predict the collapse of financial markets. Critical events in complex financial systems. Princeton: Litres, 2017.
D. Lande, and I. Subach, Visualization and analysis of network structures. Kyiv: National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Politekhnika, 2021.
How to Cite
Copyright (c) 2021 Information Technology and Security
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).