Monitoring Software Vulnerabilities through Social Networks Analysis

Slim Trabelsi, Henrik Plate, Amine Abida, M. Marouane Ben Aoun, Anis Zouaoui, Chedy Missaoui, Sofien Gharbi, Alaeddine Ayari

Abstract

Monitoring software vulnerability information requires an important financial and human effort in order to track all the scattered sources publishing the last news about software vulnerabilities, patches and exploits. We noticed that in some social networks like Twitter we can aggregate a lot of information related to software vulnerabilities in a single channel. In this paper, we analyse the Twitter feed in order to monitor most of the information related to software vulnerabilities including zero-day publications.

References

  1. Jiang, Feng, Jiemin Wang, Abram Hindle, and Mario A. Nascimento., 2013. "Mining the Temporal Evolution of the Android Bug Reporting Community via Sliding Windows." arXiv preprint arXiv:1310.7469.
  2. Bougie, G., Starke, J., Storey, M. A., & German, D. M., 2011. Towards understanding twitter use in software engineering: preliminary findings, ongoing challenges and future questions. In Proceedings of the 2nd international workshop on Web 2.0 for software engineering (pp. 31-36). ACM.
  3. Tian, Y., Achananuparp, P., Lubis, I. N., Lo, D., & Lim, E. P., 2012. What does software engineering community microblog about? In Mining Software Repositories (MSR), 9th IEEE Working Conference on (pp. 247- 250). IEEE.
  4. J. B. MacQueen, 1967. “Some methods for classification and analysis of multivariate observa-tions,” in Proc. of the fifth Berkeley Symposium on Mathematical Statistics and Probability (L. M. L. Cam and J. Neyman, eds.), vol. 1, pp. 281-297, University of California Press.
  5. Rajput, D. S., Thakur, R. S., Thakur, G. S., & Sahu, N. 2012. “Analysis of Social net-working sites using Kmean Clustering algorithm”. International Journal of Computer & Communication Technology (IJCCT) ISSN (ONLINE), 2231-0371.
  6. C. Bird, A. Gourley, P. T. Devanbu, M. Gertz, and A. Swaminathan, 2006 “Mining email social networks,” in MSR, pp. 137-143.
  7. D. Surian, D. Lo, and E.-P. Lim, 2010 “Mining collaboration patterns from a large developer network,” in WCRE, pp. 269-273.
  8. Xu, Jin, Scott Christley, and Greg Madey. 2006 "Application of social network analysis to the study of open source software." The economics of open source software development: 205-224.
  9. Bougie, Gargi, Jamie Starke, Margaret-Anne Storey, and Daniel M. German. 2011 "Towards un-derstanding twitter use in software engineering: preliminary findings, ongoing challenges and future questions." In Proceedings of the 2nd international workshop on Web 2.0 for software engineering, pp. 31-36. ACM.
  10. Tian, Yuan, Palakorn Achananuparp, Ibrahim Nelman Lubis, David Lo, and Ee-Peng Lim. 2012 "What does software engineering community microblog about?" In Mining Software Re-positories (MSR), 2012 9th IEEE Working Conference on, pp. 247-250. IEEE.
  11. Sureka, Ashish, Atul Goyal, and Ayushi Rastogi. 2011 "Using social network analysis for mining collaboration data in a defect tracking system for risk and vulnerability analysis." In Proceed-ings of the 4th India Software Engineering Conference, pp. 195-204. ACM.
  12. Arafin, Md Tanvir, and Richard Royster. 2013 "Vulnerability Exploits Advertised on Twitter.".
  13. Cui, B., Moskal, S., Du, H., & Yang, S. J. (2013). Who shall we follow in twitter for cyber vulnerability?. In Social Computing, Behavioral-Cultural Modeling and Prediction (pp. 394-402). Springer Berlin Heidelberg.
  14. Turney, Peter D., and Patrick Pantel. "From frequency to meaning: Vector space models of semantics." Journal of artificial intelligence research 37.1 (2010): 141-188.
Download


Paper Citation


in Harvard Style

Trabelsi S., Plate H., Abida A., Ben Aoun M., Zouaoui A., Missaoui C., Gharbi S. and Ayari A. (2015). Monitoring Software Vulnerabilities through Social Networks Analysis . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 236-242. DOI: 10.5220/0005538602360242


in Bibtex Style

@conference{secrypt15,
author={Slim Trabelsi and Henrik Plate and Amine Abida and M. Marouane Ben Aoun and Anis Zouaoui and Chedy Missaoui and Sofien Gharbi and Alaeddine Ayari},
title={Monitoring Software Vulnerabilities through Social Networks Analysis},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={236-242},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005538602360242},
isbn={978-989-758-117-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Monitoring Software Vulnerabilities through Social Networks Analysis
SN - 978-989-758-117-5
AU - Trabelsi S.
AU - Plate H.
AU - Abida A.
AU - Ben Aoun M.
AU - Zouaoui A.
AU - Missaoui C.
AU - Gharbi S.
AU - Ayari A.
PY - 2015
SP - 236
EP - 242
DO - 10.5220/0005538602360242