Cyber criminals are taking advantage of real-world events with high volumes of traffic on Twitter in order to post links to Web sites that contain malware. To combat the threat, computer scientists have created an intelligent system to identify malicious links disguised in shortened URLs on Twitter.

In the recent study, the Cardiff University team identified potential cyber-attacks within five seconds with up to 83 percent accuracy and within 30 seconds with up to 98 percent accuracy, when a user clicked on a URL posted on Twitter and malware began to infect the device.

The scientists collected tweets containing URLs during the 2015 Super Bowl and cricket world cup finals, and monitored interactions between a Web site and a user’s device to recognize the features of a malicious attack. Where changes were made to a user’s machine, such as new processes created, registry files modified or files tampered with, these showed a malicious attack.

The team subsequently used system activity, such as bytes and packets exchanged between device and remote endpoint, processor use and network adapter status to train a machine classifier to recognize predictive signals that can distinguish between malicious and benign URLs.

Dr. Pete Burnap, Director of the Social Data Science Lab at Cardiff University, and lead scientist on the research, said: Unfortunately, the high volume of traffic around large scale events creates a perfect environment for cyber criminals to launch surreptitious attacks. It is well known that people use online social networks, such as Twitter, to find information about an event.

Attackers can hide links to malicious servers in a post masquerading as an attractive or informative piece of information about the event.

URLs are always shortened on Twitter due to character limitations in posts, so it’s incredibly difficult to know which are legitimate. Once infected, the malware can turn your computer into a zombie computer and become part of a global network of machines used to hide information or route further attacks.

In a 2013 report from Microsoft, these ‘drive-by downloads’ were identified as one of the most active and commercial risks to cyber security.

At the moment, many existing anti-virus solutions identify malware using known code signatures, which make it difficult to detect previous unseen attacks.

Professor Omer Rana, Principal investigator on the project, which is also includes Royal Holloway, University of London, City University London, the University of Plymouth and Durham University, said:

“We are trying to build systems that can help law enforcement authorities make decisions in a changing cyber security landscape. Social media adds a whole new dimension to network security risk. This work contributes to new insight into this, and we hope to take this forward and develop a real-time system that can protect users as they search for information about real-world events using new forms of information sources.

We have the European Football Championships coming up next summer, which will provide a huge spike in Twitter traffic, and we expect to stress-test our system using this event.

Professor Philip Nelson, Chief Executive, EPSRC said: “Using social media is an integral part of modern life, vital to organizations, businesses and individuals. The UK needs to operate in a resilient and secure environment and this research will help combat these criminal Cyber-attacks.”

The research is co-funded by the Engineering and Physical Sciences Research Council (EPSRC) and the Economic and Social Research Council (ESRC).