{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T19:00:30Z","timestamp":1771614030164,"version":"3.50.1"},"publisher-location":"Cham","reference-count":62,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030589509","type":"print"},{"value":"9783030589516","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58951-6_11","type":"book-chapter","created":{"date-parts":[[2020,9,11]],"date-time":"2020-09-11T09:07:40Z","timestamp":1599815260000},"page":"217-236","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":16,"title":["Follow the Blue Bird: A Study on Threat Data Published on Twitter"],"prefix":"10.1007","author":[{"given":"Fernando","family":"Alves","sequence":"first","affiliation":[]},{"given":"Ambrose","family":"Andongabo","sequence":"additional","affiliation":[]},{"given":"Ilir","family":"Gashi","sequence":"additional","affiliation":[]},{"given":"Pedro M.","family":"Ferreira","sequence":"additional","affiliation":[]},{"given":"Alysson","family":"Bessani","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,12]]},"reference":[{"key":"11_CR1","unstructured":"Additional paper data. https:\/\/github.com\/fernandoblalves\/Follow-the-Blue-Bird-Paper-Additional-Data. Accessed 10 Jul 2020"},{"key":"11_CR2","unstructured":"Common platform enumeration. https:\/\/cpe.mitre.org\/about\/. Accessed 15 Apr 2020"},{"key":"11_CR3","unstructured":"Common vulnerabilities and exposures (cve). http:\/\/cve.mitre.org\/. Accessed 15 Apr 2020"},{"key":"11_CR4","unstructured":"Common vulnerability scoring system version 3.0. https:\/\/www.first.org\/cvss\/v3-0\/. Accessed 15 Apr 2020"},{"key":"11_CR5","unstructured":"Cvss v2 archive. https:\/\/www.first.org\/cvss\/v2\/. Accessed 15 Apr 2020"},{"key":"11_CR6","unstructured":"Exploit database. www.exploit-db.com\/. Accessed 15 Apr 2020"},{"key":"11_CR7","unstructured":"Get old tweets programatically. https:\/\/github.com\/Jefferson-Henrique\/GetOldTweets-java. Accessed 15 Apr 2020"},{"key":"11_CR8","unstructured":"Hackers say they hacked nsa-linked group, want 1 million bitcoins to share more. https:\/\/www.vice.com\/en_us\/article\/ezpa9p\/hackers-hack-nsa-linked-equation-group. Accessed 15 Apr 2020"},{"key":"11_CR9","unstructured":"How people use Twitter in general. https:\/\/www.americanpressinstitute.org\/publications\/reports\/survey-research\/how-people-use-twitter-in-general\/. Accessed 15 Apr 2020"},{"key":"11_CR10","unstructured":"How Twitter evolved from 2006 to 2011. https:\/\/buffer.com\/resources\/how-twitter-evolved-from-2006-to-2011. Accessed 15 Apr 2020"},{"key":"11_CR11","unstructured":"The mitre corporation. https:\/\/www.mitre.org\/. Accessed 15 Apr 2020"},{"key":"11_CR12","unstructured":"National vulnerability database. https:\/\/nvd.nist.gov\/. Accessed 15 Apr 2020"},{"key":"11_CR13","unstructured":"New targeted attack in the middle east by APT34, a suspected iranian threat group, using cve-2017-11882 exploit. https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/12\/targeted-attack-in-middle-east-by-apt34.html. Accessed 15 Apr 2020"},{"key":"11_CR14","unstructured":"Operation aurora. https:\/\/en.wikipedia.org\/wiki\/Operation_Aurora. Accessed 15 Apr 2020"},{"key":"11_CR15","unstructured":"Packet storm. https:\/\/packetstormsecurity.com\/. Accessed 15 Apr 2020"},{"key":"11_CR16","unstructured":"The race between security professionals and adversaries. https:\/\/www.recordedfuture.com\/vulnerability-disclosure-delay\/. Accessed 15 Apr 2020"},{"key":"11_CR17","unstructured":"Security database. https:\/\/www.security-database.com\/. Accessed 15 Apr 2020"},{"key":"11_CR18","unstructured":"Spiderfoot. https:\/\/www.spiderfoot.net\/documentation\/. Accessed 15 Apr 2020"},{"key":"11_CR19","unstructured":"Tweepy. https:\/\/www.tweepy.org\/. Accessed 15 Apr 2020"},{"key":"11_CR20","unstructured":"Tweet attacks pro. http:\/\/www.tweetattackspro.com\/. Accessed 15 Apr 2020"},{"key":"11_CR21","unstructured":"Twitter input plugin. https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/plugins-inputs-twitter.html. Accessed 15 Apr 2020"},{"key":"11_CR22","unstructured":"Veris taxonomy. http:\/\/veriscommunity.net\/enums.html#section-incident_desc. Accessed 13 Jun 2018"},{"key":"11_CR23","unstructured":"Watchguard firewalls - \u2018escalateplowman\u2019 ifconfig privilege escalation. https:\/\/www.exploit-db.com\/exploits\/40270. Accessed 15 Apr 2020"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., Shakarian, P.: Proactive identification of exploits in the wild through vulnerability mentions online. In: 2017 CyCon US (2017)","DOI":"10.1109\/CYCONUS.2017.8167501"},{"issue":"2","key":"11_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2996183","volume":"17","author":"N Alsaedi","year":"2017","unstructured":"Alsaedi, N., Burnap, P., Rana, O.: Can we predict a riot? Disruptive event detection using Twitter. ACM TOIT 17(2), 1\u201326 (2017)","journal-title":"ACM TOIT"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Alves, F., Bettini, A., Ferreira, P.M., Bessani, A.: Processing tweets for cybersecurity threat awareness. Inf. Syst. 95, 101586 (2020)","DOI":"10.1016\/j.is.2020.101586"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Andongabo, A., Gashi, I.: vepRisk - a web based analysis tool for public security data. In: 13th EDCC (2017)","DOI":"10.1109\/EDCC.2017.30"},{"key":"11_CR28","unstructured":"Arora, A., Krishnan, R., Nandkumar, A., Telang, R., Yang, Y.: Impact of vulnerability disclosure and patch availability-an empirical analysis. In: Third Workshop on the Economics of Information Security (2004)"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"Behzadan, V., Aguirre, C., Bose, A., Hsu, W.: Corpus and deep learning classifier for collection of cyber threat indicators in Twitter stream. In: IEEE Big Data 2018 (2018)","DOI":"10.1109\/BigData.2018.8622506"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"Bian, J., Topaloglu, U., Yu, F.: Towards large-scale Twitter mining for drug-related adverse events. In: Proceedings of the SHB (2012)","DOI":"10.1145\/2389707.2389713"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: learning to classify vulnerabilities and predict exploits. In: 16th ACM SIGKDD (2010)","DOI":"10.1145\/1835804.1835821"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"Bullough, B.L., Yanchenko, A.K., Smith, C.L., Zipkin, J.R.: Predicting exploitation of disclosed software vulnerabilities using open-source data. In: 3rd ACM IWSPA (2017)","DOI":"10.1145\/3041008.3041009"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"Campiolo, R., Santos, L.A.F., Batista, D.M., Gerosa, M.A.: Evaluating the utilization of Twitter messages as a source of security alerts. In: SAC 13 (2013)","DOI":"10.1145\/2480362.2480542"},{"key":"11_CR34","doi-asserted-by":"crossref","unstructured":"Cataldi, M., Di Caro, L., Schifanella, C.: Emerging topic detection on Twitter based on temporal and social terms evaluation. In: 10th MDM\/KDD (2010)","DOI":"10.1145\/1814245.1814249"},{"key":"11_CR35","unstructured":"Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: Bert: Pre-training of deep bidirectional transformers for language understanding (2018). arXiv:1810.04805"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Dion\u00edsio, N., Alves, F., Ferreira, P.M., Bessani, A.: Cyberthreat detection from Twitter using deep neural networks. In: IJCNN 2019 (2019)","DOI":"10.1109\/IJCNN.2019.8852475"},{"key":"11_CR37","doi-asserted-by":"crossref","unstructured":"Dion\u00edsio, N., Alves, F., Ferreira, P.M., Bessani, A.: Towards end-to-end cyberthreat detection from Twitter using multi-task learning. In: IJCNN 2020 (2020)","DOI":"10.1109\/IJCNN48605.2020.9207159"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Edkrantz, M., Truv\u00e9, S., Said, A.: Predicting vulnerability exploits in the wild. In: 2nd IEEE CSCloud (2015)","DOI":"10.1109\/CSCloud.2015.56"},{"key":"11_CR39","doi-asserted-by":"crossref","unstructured":"Fedoryszak, M., Frederick, B., Rajaram, V., Zhong, C.: Real-time event detection on social data streams. In: 25th ACM SIGKDD - KDD \u20199 (2019)","DOI":"10.1145\/3292500.3330689"},{"key":"11_CR40","doi-asserted-by":"crossref","unstructured":"Le Sceller, Q., Karbab, E.B., Debbabi, M., Iqbal, F.: Sonar: automatic detection of cyber security events over the Twitter stream. In: 12th ARES (2017)","DOI":"10.1145\/3098954.3098992"},{"key":"11_CR41","doi-asserted-by":"crossref","unstructured":"McNeil, N., Bridges, R.A., Iannacone, M.D., Czejdo, B., Perez, N., Goodall, J.R.: Pace: pattern accurate computationally efficient bootstrapping for timely discovery of cyber-security concepts. In: 12th ICMLA (2013)","DOI":"10.1109\/ICMLA.2013.106"},{"key":"11_CR42","unstructured":"McQueen, M.A., McQueen, T.A., Boyer, W.F., Chaffin, M.R.: Empirical estimates and observations of 0day vulnerabilities. In: 42nd HICSS (2009)"},{"key":"11_CR43","doi-asserted-by":"crossref","unstructured":"Mittal, S., Das, P.K., Mulwad, V., Joshi, A., Finin, T.: Cybertwitter: using Twitter to generate alerts for cybersecurity threats and vulnerabilities. In: 2016 ASONAM (2016)","DOI":"10.1109\/ASONAM.2016.7752338"},{"key":"11_CR44","doi-asserted-by":"crossref","unstructured":"Moholth, O.C., Juric, R., McClenaghan, K.M.: Detecting cyber security vulnerabilities through reactive programming. In: HICSS 2019 (2019)","DOI":"10.24251\/HICSS.2019.864"},{"key":"11_CR45","doi-asserted-by":"crossref","unstructured":"Nayak, K., Marino, D., Efstathopoulos, P., Dumitra\u015f, T.: Some vulnerabilities are different than others. In: 17th RAID (2014)","DOI":"10.1007\/978-3-319-11379-1_21"},{"key":"11_CR46","unstructured":"Petrovi\u0107, S., Osborne, M., Lavrenko, V.: Streaming first story detection with application to Twitter. In: 11th NAACL HLT (2010)"},{"key":"11_CR47","doi-asserted-by":"crossref","unstructured":"Reinthal, A., Filippakis, E.L., Almgren, M.: Data modelling for predicting exploits. In: NordSec (2018)","DOI":"10.1007\/978-3-030-03638-6_21"},{"key":"11_CR48","doi-asserted-by":"crossref","unstructured":"Ritter, A., Wright, E., Casey, W., Mitchell, T.: Weakly supervised extraction of computer security events from Twitter. In: 24th WWW (2015)","DOI":"10.1145\/2736277.2741083"},{"key":"11_CR49","unstructured":"Rodriguez, L.G.A., Trazzi, J.S., Fossaluza, V., Campiolo, R., Batista, D.M.: Analysis of vulnerability disclosure delays from the national vulnerability database. In: WSCDC-SBRC 2018 (2018)"},{"key":"11_CR50","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1016\/j.cose.2015.03.003","volume":"51","author":"Y Roumani","year":"2015","unstructured":"Roumani, Y., Nwankpa, J.K., Roumani, Y.F.: Time series modeling of vulnerabilities. Comput. Secur. 51, 32\u201340 (2015)","journal-title":"Comput. Secur."},{"key":"11_CR51","unstructured":"Sabottke, C., Suciu, O., Dumitra\u015f, T.: Vulnerability disclosure in the age of social media: exploiting Twitter for predicting real-world exploits. In: 24th USENIX Security Symposium (2015)"},{"key":"11_CR52","doi-asserted-by":"crossref","unstructured":"Sakaki, T., Okazaki, M., Matsuo, Y.: Earthquake shakes Twitter users: real-time event detection by social sensors. In: 19th WWW (2010)","DOI":"10.1145\/1772690.1772777"},{"key":"11_CR53","doi-asserted-by":"crossref","unstructured":"Sapienza, A., Bessi, A., Damodaran, S., Shakarian, P., Lerman, K., Ferrara, E.: Early warnings of cyber threats in online discussions. In: 2017 ICDMW (2017)","DOI":"10.1109\/ICDMW.2017.94"},{"key":"11_CR54","doi-asserted-by":"crossref","unstructured":"Sapienza, A., Ernala, S.K., Bessi, A., Lerman, K., Ferrara, E.: Discover: mining online chatter for emerging cyber threats. In: WWW\u201918 Companion (2018)","DOI":"10.1145\/3184558.3191528"},{"key":"11_CR55","doi-asserted-by":"crossref","unstructured":"Sauerwein, C., Sillaber, C., Huber, M.M., Mussmann, A., Breu, R.: The tweet advantage: an empirical analysis of 0-day vulnerability information shared on Twitter. In: 33rd IFIP SEC (2018)","DOI":"10.1007\/978-3-319-99828-2_15"},{"key":"11_CR56","doi-asserted-by":"crossref","unstructured":"Shahzad, M., Shafiq, M.Z., Liu, A.X.: A large scale exploratory analysis of software vulnerability life cycles. In: 34th ICSE (2012)","DOI":"10.1109\/ICSE.2012.6227141"},{"issue":"1","key":"11_CR57","first-page":"35","volume":"17","author":"RD Steele","year":"1996","unstructured":"Steele, R.D.: Open source intelligence: what is it? why is it important to the military. Am. Intell. J. 17(1), 35\u201341 (1996)","journal-title":"Am. Intell. J."},{"key":"11_CR58","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1016\/j.chb.2017.11.024","volume":"80","author":"R Syed","year":"2018","unstructured":"Syed, R., Rahafrooz, M., Keisler, J.M.: What it takes to get retweeted: an analysis of software vulnerability messages. Comput. Hum. Behav. 80, 207\u2013215 (2018)","journal-title":"Comput. Hum. Behav."},{"key":"11_CR59","doi-asserted-by":"crossref","unstructured":"Trabelsi, S., Plate, H., Abida, A., Aoun, M.M.B., Zouaoui, A., et al.: Mining social networks for software vulnerabilities monitoring. In: 7th NTMS (2015)","DOI":"10.1109\/NTMS.2015.7266506"},{"issue":"8","key":"11_CR60","first-page":"2216","volume":"28","author":"W Xie","year":"2016","unstructured":"Xie, W., Zhu, F., Jiang, J., Lim, E.P., Wang, K.: Topicsketch: real-time bursty topic detection from Twitter. IEEE TKDE 28(8), 2216\u20132229 (2016)","journal-title":"IEEE TKDE"},{"key":"11_CR61","doi-asserted-by":"crossref","unstructured":"Yan, X., Guo, J., Lan, Y., Xu, J., Cheng, X.: A probabilistic model for bursty topic discovery in microblogs. In: 29th AAAI (2015)","DOI":"10.1609\/aaai.v29i1.9199"},{"key":"11_CR62","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511810114","volume-title":"Data Mining and Analysis: Fundamental Concepts and Algorithms","author":"MJ Zaki","year":"2014","unstructured":"Zaki, M.J., et al.: Data Mining and Analysis: Fundamental Concepts and Algorithms. Cambridge University Press, Cambridge (2014)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58951-6_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:03:07Z","timestamp":1757541787000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58951-6_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030589509","9783030589516"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58951-6_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"12 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guildford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/esorics2020.sccs.surrey.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"366","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"72","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9,1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-10 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}