IoT news headlines, before and after DDoS attacks
The famous cartoon series “The Jetsons” predicted 53 years ago how our lives would look like in 2063 when all our “daily devices” such as home appliances or cars would be connected to the internet. In 2016, the Internet of Things (IoT) is still evolving to a convergence of multiple technologies, including wireless communication, real-time analytics, machine learning, commodity sensors, embedded systems, automation, and more. On October 21, a series of Distributed Denial of Service (DDoS) attacks caused widespread disruption of internet activity across Europe and the US. This attack was also unique because it targeted IoT devices due to the fact they have soft security profiles. As the awareness of what impact connected objects would have on our lives and on our security. In this work, we analyze IoT news headlines after October 21 (from October 21 to October 31), last week (November 1 to November 5) and this week, i.e, three weeks after the attack (November 6 to November 11).
II. The Data
In this work, I used Python’s library Beautifulsoup for pulling data out of HTML and XML files from Google News to compare IoT news headlines.
III. News Headlines- What happened?
In order to compare IoT headlines for both the first and second week after the DDoS attack, Word Clouds are generated as a visual representation of keywords in a text as shown in Fig.1.
We can see that from Fig.1, that for both the two weeks after the attack(Fig.1-left) the news were kind of neutral and focused on explaining the cause of the attack. We can find words such as: DDoS, Botnet, security, and users. For the third week after the attack (Fig.1-right) we start to see some negative headlines and words such as: bad, afterthought, overload as well as the word security which seems to appear more often.
IV. News headlines- Subjectivity
In next sections of this work, we will use Sentiment analysis (also known as opinion mining) to analyze the IoT news headlines and extract some meaningful information to determine the emotional communication in a text document. Python’s Pattern library is used for this purpose.
In this part, the aim is to measure subjectivity in IoT headlines. Fig.2 shows the subjectivity of these headlines for the three weeks after the attacks.
Fig. 2 : Analysis of subjectivity
Subjectivity is measured based on the adjectives in a text document. A measure of 0 indicates that the text is not influenced (neutral) and a measure of 1 indicated the emotional effect the author wishes to have on the reader. In the case of IoT headlines, we can see for the last two weeks before the attack subjectivity was a bit higher 0.45 than this week 0.35.
V- News headlines- Polarity
The overall polarity of a document (from Python’s Pattern library) is also based on the adjectives in a text document. Polarity is a value between -1 and 1, where -1 is negative, 0 neutral, and 1 positive.
Fig.3 shows that IoT news headlines are written in a neutral tone.
Fig. 3 : Analysis of Polarity
VI- News headlines- Similarity between headlines
In the next sections, we use Python’s Scikit-learn library for text processing in order to determine the similarities, separate text by topic and extract some of the most frequent words. This library has several modules that transforms text into a document-term matrix.
First we calculate the measure of similarity between headlines. Since each row of the document-term matrix is a sequence of word frequencies in headlines, it is possible to put mathematical notions of similarity (or distance) between sequences of numbers in order to establish the similarity (or distance) between different texts. The Euclidean distance is used as a measure of similarity between text documents.
Fig.4 shows the principle of distance (similarity) between two vectors in space and the equivalent for news headlines in a text document.
Fig. 4 : Clustering- Similarity between headlines
We can see from Fig.4 that headlines from the first two weeks after the DDoS attack are quite similar comparing to the headlines of this week.
VII- News headlines- Clustering based on similarity
Using the Euclidean distance from section IV, we use Ward's method to produce a hierarchy of clustering.
Ward’s method starts with each text in its own cluster and finds closest clusters and merge them. When the clusters are merged, the distance between them is then changed to the sum of squared distances (linkage distance).
For our headlines, Fig.5 shows the different clusters. We can see how headlines from the first two weeks are grouped in the same cluster.
Fig. 5 : Clustering based on similarity
VI- News headlines- Clustering by topics
From the headlines, we want to extract the number of topics we have. For that purpose, a technique called Non Negative Matrix Factorization (NMF or NNMF) to extract topics within a text.
Fig. 6 : Clustering by topics and keyword frequency by week
Fig.6-right shows that there were two main topics during the three weeks following the DDoS attack. For each topic we have the main key words. We can also see in Fig.6-left the frequency of some of these keyword by week.
In this work, an analysis of subjectivity, polarity, headlines similarities, and clustering along with extraction of keywords has been performed. These analysis are helpful to assess the evolution of headlines from a week to another. For now, the headlines about IoT security indicate it is still a “neutral” subject despite the numerous threats and the debate is still going on about the urgency for viable IoT security solutions.