Abstract
Many web-based attacks have been studied to understand how web hackers behave, but web site defacement attacks (malicious content manipulations of victim web sites) and defacers' behaviors have received less attention from researchers. This paper fills this research gap via a computational data-driven analysis of a public database of defacers and defacement attacks and activities of 96 selected defacers who were active on Twitter. We conducted a comprehensive analysis of the data: an analysis of a friendship graph with 10,360 nodes, an analysis on how sentiments of defacers related to attack patterns, and a topical modelling based analysis to study what defacers discussed publicly on Twitter. Our analysis revealed a number of key findings: a modular and hierarchical clustering method can help discover interesting sub-communities of defacers; sentiment analysis can help categorize behaviors of defacers in terms of attack patterns; and topic modelling revealed some focus topics (politics, country-specific topics, and technical discussions) among defacers on Twitter and also geographic links of defacers sharing similar topics. We believe that these findings are useful for a better understanding of defacers' behaviors, which could help design and development of better solutions for detecting defacers and even preventing impeding defacement attacks.
Highlights
Cybercrime such as hacking activities of cyber criminals have been causing a significant amount of damage to their victims [1], and such threats are becoming more and more advanced and severe in recent years [2]
The results shown above demonstrate that topic modeling is a useful technique for analyzing defacers’ topical interests on Twitter, which can provide useful insights on understanding their motivations of launching defacement attacks and may even provide clues for predicting impeding future attacks
Our results demonstrated that topical modelling is a useful technique to study defacers’ topical interests and politics emerged as one of main topical themes
Summary
Cybercrime such as hacking activities of cyber criminals have been causing a significant amount of damage to their victims (organizations and people) [1], and such threats are becoming more and more advanced and severe in recent years [2]. Gandhi et al proposed to categorize cyber attacks into four groups based based on motivations of human attackers [7]: politically motivated attacks, sociocultural conflict triggered attacks, economically motivated attacks, and espionage related attacks Another example is Yang et al.’s work [8], which studied social relationships in hacker communities to understand how they acted on online social media, using Twitter as an example platform. We have seen few studies bridging social and technical aspects of cyber attacks using computational methods to study activities, behaviors and organizational aspects of hacking communities, often using data from open and dark web. Aslan et al et al.: The World of Defacers: Looking through the Lens of Their Activities on Twitter defacement attacks This type of attacks are among the most common web attacks and frequently reported by the media.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
