Community analysis of cyber security experts on Online Social Networks

The advent of Online Social Networks (OSNs) has started a new era of communication and information dissemination, fundamentally altering the way individuals and organisations interact in the digital age. OSNs such as Twitter, Facebook, LinkedIn and YouTube allow billions of people across the globe to create online communities based on similar interests. With almost everyone and everything being touched by cyber space in recent times, and despite the advancement in technology and cyber security, malicious attacks are still targeting individuals, organisations and systems on a large scale and utilising new channels like social media platforms. Cyber security is a field dedicated to safeguarding computer systems, networks, and data from theft, damage, or unauthorised access. Within the complex interconnected nature of OSN users, a distinct category of accounts has gained particular attention and significance: cyber security accounts. These accounts encompass a wide spectrum of groups, such as activists, hacktivists, cyber criminals and cyber security experts.

Cyber security experts include researchers, practitioners, innovators, vendors, etc. While previous studies have explored various types of cyber security related accounts and their communities on OSNs, the activities of cyber security experts have not been sufficiently investigated. This thesis addresses this research gap by designing, developing and testing tools to support studying cyber security experts on OSNs, with a particular focus on cyber security researchers. The tools developed and tested include 1) a general cyber security taxonomy, 2) multiple Machine Learning (ML) classifiers, and 3) some generalisable methods for collecting and analysing data from OSNs. Therefore, the thesis encompasses three main studies as follows.

First, the thesis introduces a novel human-machine teaming-based process for building taxonomies. Many previous studies relied solely on manual efforts, leading to limitations in covering diverse topics and rapidly evolving concepts. The proposed process was applied to the cyber security domain as an example, which allowed human experts to collaborate with automated Natural Language Processing (NLP) and Information Retrieval (IR) tools to co-develop a general cyber security taxonomy from relevant textual sources with reasonable human effort.

Second, the thesis presents the design and development of several ML classifiers to detect the needed Twitter accounts. They include a baseline classifier for detecting cyber security related accounts in general, and four sub-classifiers for detecting other related sub-groups of accounts (individuals, hackers, academia and research). The classifiers were trained and tested using a systematic approach involving the cyber security taxonomy built earlier, real-time tweet sampling, and crowdsourcing for dataset labelling. By considering a richer set of features than previous studies, the classifiers achieved promising performance, with the Random Forest model outperforming others, with the F1-score reaching 93\% for the baseline classifier and 83-91\% for the sub-classifiers. Feature reduction analysis demonstrated that a subset of just six features maintained the same performance levels, providing efficient and effective classifiers for detecting cyber security accounts on Twitter.

Third, in the last part, the cyber security researchers were analysed as an example of a sub-group of cyber security experts. As a case study of a research community, the presence of the UK's Academic Centres of Excellence in Cyber Security Research (ACEs-CSR) on Twitter was analysed. Several machine learning classifiers were utilised to identify cyber security and research related accounts, and a social graph was constructed using the friends and followers of the ACE-CSR accounts. Then, a comprehensive analysis was carried out, including community detection, social structural analysis, influence analysis, topic modelling, and sentiment analysis, revealing interesting insights about the research community around ACEs-CSR, such as their sub-communities, top influencers, the influence distribution, the topics being discussed by cyber security researchers, and last but not least the sentiment towards the ACE-CSR programme and accounts. Twitter was used as an example in this thesis, but all the presented methodologies can be applied to other OSNs.