Skip to main content

Detection of Zero Day Exploits Using Real-Time Social Media Streams

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 419)


Detection of zero day exploits is a challenging problem. Vulnerabilities that are known only by attackers but not by software vendors and neither by users have severe impact on security of systems and networks. Such vulnerabilities are exploited to intrude systems and often cause leakage of confidential data. Due to the hitherto unknown pattern of the exploitation, real-time detection is hardly possible. Hence, often an incident is detected only long time after it took place, if it is detected at all. More timely detection of attacks is necessary to trigger suitable counter-measures like reconfiguration of firewalls and sending alerts to administrators of other vulnerable targets. Therefore, to know the attributes of a novel attack’s target system supports the protection of other vulnerable systems. We suggest a novel approach of post-incident intrusion detection system, to be precise—a crowd-based intrusion detection system. To accomplish this, we take advantage of social media users’ postings about incidents that affect their user accounts of attacked target systems or their observations about misbehaving online services. Combining knowledge of the attacked systems and reported incidents, we should be able to recognize patterns that define the attributes of vulnerable systems. Furthermore, by matching detected attribute sets with those attributes of well-known attacks, we should be able to link attacks to already existing entries in the Common Vulnerabilities and Exposures database. If a link to an existing entry is not found, we can assume to have detected an exploitation of an unknown vulnerability, i.e., a zero day exploit or the result of an advanced persistent threat. This finding could also be used to direct efforts of examining vulnerabilities of attacked systems and simultaneously lead to faster patch deployment.


  • Network security
  • Crime data mining and network analysis
  • Applications on social networks
  • Reinforcement learning

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

  2. 2.

  3. 3.

  4. 4.


  1. Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and Big Heterogeneous Data: a Survey, J. Big Data 2(1) (2015). doi:10.1186/s40537-015-0013-4,

  2. Aoyama, T., Naruoka, H., Koshijima, I., Machii, W., Seki, K.: Control Conference (ASCC), 2015 10th Asian, pp. 1–4. IEEE (2015)

    Google Scholar 

  3. Yang, C.C., Tseng, S.S., Lee, T.J., Weng, J.F., Chen, K.: Proceedings of the 12th IEEE International Conference on Advanced Learning Technologies, ICALT 2012, pp. 121–123 (2012). doi: 10.1109/ICALT.2012.174

  4. Seeber, S., Rodosek, G.D.: 10th International Conference on Network and Service Management (CNSM), 2014, pp. 376–381. IEEE (2014)

    Google Scholar 

  5. Seeber, S., Rodosek, G.D.: 9122, 134 (2015). doi:10.1007/978-3-319-20034-7,

    Google Scholar 

  6. Derczynski, L.R.A., Yang, B., Jensen, C.S.: Proceedings of the 16th International Conference on Extending Database Technology—EDBT’13, p. 137 (2013). doi:10.1145/2452376.2452393,

  7. Wang, X., Wei, F., Liu, X., Zhou, M., Zhang, M.: pp. 1031–1040 (2011)

    Google Scholar 

  8. Narr, S., Hulfenhaus, M., Albayrak, S.: Proceedings of KDML-2012, the 2012 Workshop on Knowledge Discovery, Data Mining and Machine Learning (2012)

    Google Scholar 

  9. Shamsi, Z., Nandwani, A., Leonard, D., Loguinov, D.: pp. 195–206. doi:10.1145/2591971.2591972

  10. Kergl, D., Roedler, R., Seeber, S.: 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014), pp. 357–364. IEEE, Asonam (2014) doi:10.1109/ASONAM.2014.6921610,

  11. Ritter, A., Wright, E., Casey, W., Mitchell, T.: Proceedings of the 24th International Conference on World Wide Web, pp. 896–905. International World Wide Web Conferences Steering Committee (2015)

    Google Scholar 

  12. Augustine, E., Cushing, C.: Proceedings of the 21st international conference companion on World Wide Web, pp. 13–22 (2012). doi:10.1145/2187980.2187983,

  13. Motoyama, M., Meeder, B., Levchenko, K., Voelker, G.M., Savage, S.: Proceedings of the 3rd conference on Online social networks (WOSN’10) (2010).

  14. Sampson, J., Morstatter, F., Maciejewski, R., Liu, H.: Proceedings of the 26th ACM Conference on Hypertext and Social Media, pp. 237–245. ACM (2015)

    Google Scholar 

  15. Bontcheva, K., Derczynski, L., Funk, A., Greenwood, M.A., Maynard, D., Aswani, N.: RANLP, pp. 83 (September 2013)

    Google Scholar 

Download references


The author wish to thank the members of the Chair for Communication Systems and Network Security at the Universität der Bundeswehr München, headed by Prof. Dr. Gabi Dreo Rodosek, for helpful discussions and valuable comments on previous versions of this paper. This work was partly funded by FLAMINGO, a Network of Excellence project (ICT-318488) supported by the European Commission under its Seventh Framework Program.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Dennis Kergl .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kergl, D., Roedler, R., Rodosek, G.D. (2016). Detection of Zero Day Exploits Using Real-Time Social Media Streams. In: Pillay, N., Engelbrecht, A., Abraham, A., du Plessis, M., Snášel, V., Muda, A. (eds) Advances in Nature and Biologically Inspired Computing. Advances in Intelligent Systems and Computing, vol 419. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27399-0

  • Online ISBN: 978-3-319-27400-3

  • eBook Packages: Computer ScienceComputer Science (R0)