Overview

Talkback is a web-based system to analyse data that has been specifically mined from social-media. The project has been built from a security-perspective to mine social-media for vulnerability references and then utilises the inventory of security-relevant users to identify trending items.

Talkback has been running for over a year, to read a blog post reflecting on the way the tool has slowly evolved and the data it's captured, click here.

SCMagazine Australia wrote a feature article on Talkback, which can be found here.

If you like this project, follow @volvent on Twitter to receive updates on Talkback and other upcoming public projects from Volvent Security.

Motivators

One of the initial motivations behind mining Twitter for vulnerabilities was sparked by the fact public vulnerability data (e.g. NVD) can suffer from data-issues when information is missing or incomplete. Talkback can help compile a dynamic timeline for public vulnerabilities by leveraging discussions and references in social-media.

The second motivator is the difficulty of keeping up with information in a rapidly changing field. Social media as it's generally used does not make things easier, as the ratio of noise is too high. By utilising the user inventory built and maintained from the first motivator, it opens the possibility of capturing trending items within a specific community of users. The trending items interface demonstrates this and is a work in progress.

Upcoming Features

Here is a brief list of upcoming features to Talkback:

• Increased Scope: integration with other social-media sites (e.g. countries who don't use Twitter much)
• Improved Algorithms: improvements to the processing logic for determining what's hot
• More Statistics: provide an insight into how information flows through the community, points of influence, community analysis, etc.

Quick Rundown

Talkback is a simple program that fits together (more or less) like so:

• Twitter is mined for vulnerability ID prefixes (CVE, MS, RHSA, VMSA, APSB, APSA, etc.)
• Valid vulnerability related entries and source users are saved in Talkback
• Additional meta-data for users is fetched from Twitter
• Geographic location/coords for users is fetched via the Google Maps API
• Items are processed internally to identify parent/child relationships of tweets and calculate weightings
• Trending items are identified amongst the community of vulnerability-relevant users
• The web-interface is built using a combination of Bootstrap, jqPlot, and Exhibit Simile
• The web-services are available in a 90's /cgi-bin directory to give a retro feel

Weight Classes

Weights are calculated by identifying parent items and comparing the similarity between them and potential child items. This method is used to workaround retweets, URL shorterners, hash-tags, and the rest of the junk that comes with Twitter.

The following table shows the value ranges and notes for each of the weight-classes:

Trending Categories

The trending items view shows featured trending items after basic moderation. Trending items are first captured by regularly snapshotting all users in social-media who've referenced vulnerabilities or have had a trending item pass moderation previously. The moderation process is a simple review to help cut-down the general noise and helps build logic to incorporate into ML algorithms in the near future.

The following table shows the current list of categories for trending items:

* The categories should be considered a quick & dirty classifier for items.

For enquiries, bugs, ideas, and all the rest, please contact talkback@volvent.org.