Home

IoT news headlines, before and after DDoS attacks

IoT news headlines, before and after DDoS attacks

Contributed by Kawtar B. 

I. Introduction

The famous cartoon series “The Jetsons” predicted 53 years ago how our lives would look like in 2063 when all our “daily devices” such as home appliances or cars would be connected to the internet. In 2016, the Internet of Things (IoT) is still evolving to a convergence of multiple technologies, including wireless communication, real-time analytics, machine learning, commodity sensors, embedded systems, automation, and more. On October 21, a series of Distributed Denial of Service (DDoS) attacks caused widespread disruption of internet activity across Europe and the US. This attack was also unique because it targeted IoT devices due to the fact they have soft security profiles. As the awareness of what impact connected objects would have on our lives and on our security. In this work, we analyze IoT news headlines after October 21 (from October 21 to October 31), last week (November 1 to November 5) and this week, i.e, three weeks after the attack (November 6 to November 11).

II. The Data

In this work, I used Python’s library Beautifulsoup for pulling data out of HTML and XML files from Google News to compare IoT news headlines.

III. News Headlines- What happened?

In order to compare IoT headlines for both the first and second week after the DDoS attack, Word Clouds are generated as a visual representation of keywords in a text as shown in Fig.1.

IoT news headlines, before and after DDoS attacks

Fig. 1 : Word Clouds for IoT headlines two weeks after Oct 21 (left) and three weeks after the attack (right)

We can see that from Fig.1, that for both the two weeks after the attack(Fig.1-left) the news were kind of neutral and focused on explaining the cause of the attack. We can find words such as: DDoS, Botnet, security, and users. For the third week after the attack (Fig.1-right) we start to see some negative headlines and words such as: bad, afterthought, overload as well as the word security which seems to appear more often.

IV. News headlines- Subjectivity

In next sections of this work, we will use Sentiment analysis (also known as opinion mining) to analyze the IoT news headlines and extract some meaningful information to determine the emotional communication in a text document. Python’s Pattern library is used for this purpose.

In this part, the aim is to measure subjectivity in IoT headlines. Fig.2 shows the subjectivity of these headlines for the three weeks after the attacks.

IoT news headlines, before and after DDoS attacks

Fig. 2 : Analysis of subjectivity

Subjectivity is measured based on the adjectives in a text document. A measure of 0 indicates that the text is not influenced (neutral) and a measure of 1 indicated the emotional effect the author wishes to have on the reader. In the case of IoT headlines, we can see for the last two weeks before the attack subjectivity was a bit higher 0.45 than this week 0.35.

V- News headlines- Polarity

The overall polarity of a document (from Python’s Pattern library) is also based on the adjectives in a text document. Polarity is a value between -1 and 1, where -1 is negative, 0 neutral, and 1 positive.

Fig.3 shows that IoT news headlines are written in a neutral tone.

IoT news headlines, before and after DDoS attacks

Fig. 3 : Analysis of Polarity

VI- News headlines- Similarity between headlines

In the next sections, we use Python’s Scikit-learn library for text processing in order to determine the similarities, separate text by topic and extract some of the most frequent words. This library has several modules that transforms text into a document-term matrix.

First we calculate the measure of similarity between headlines. Since each row of the document-term matrix is a sequence of word frequencies in headlines, it is possible to put mathematical notions of similarity (or distance) between sequences of numbers in order to establish the similarity (or distance) between different texts. The Euclidean distance is used as a measure of similarity between text documents.

Fig.4 shows the principle of distance (similarity) between two vectors in space and the equivalent for news headlines in a text document.

IoT news headlines, before and after DDoS attacks

Fig. 4 : Clustering- Similarity between headlines

We can see from Fig.4 that headlines from the first two weeks after the DDoS attack are quite similar comparing to the headlines of this week.

VII- News headlines- Clustering based on similarity

Using the Euclidean distance from section IV, we use Ward’s method to produce a hierarchy of clustering.

Ward’s method starts with each text in its own cluster and finds closest clusters and merge them. When the clusters are merged, the distance between them is then changed to the sum of squared distances (linkage distance).

For our headlines, Fig.5 shows the different clusters. We can see how headlines from the first two weeks are grouped in the same cluster.

IoT news headlines, before and after DDoS attacks

Fig. 5 : Clustering based on similarity

VI- News headlines- Clustering by topics 

From the headlines, we want to extract the number of topics we have. For that purpose, a technique called Non Negative Matrix Factorization (NMF or NNMF) to extract topics within a text.

IoT news headlines, before and after DDoS attacks

Fig. 6 : Clustering by topics and keyword frequency by week

Fig.6-right shows that there were two main topics during the three weeks following the DDoS attack. For each topic we have the main key words. We can also see in Fig.6-left the frequency of some of these keyword by week.

VII- Conclusion

In this work, an analysis of subjectivity, polarity, headlines similarities, and clustering  along with extraction of keywords has been performed. These analysis are helpful to assess the evolution of headlines from a week to another. For now, the headlines about IoT security indicate it is still a “neutral” subject despite the numerous threats and the debate is still going on about the urgency for viable IoT security solutions.

Tags: