Uncovering Sentiment-Based Predictors of Cyber Defacement Attacks: A Case of Online Discourse on X-Platform

Abstract

This paper discussed the possibility of utilizing a sentiment analysis of online discussions on X platform (which was previously X) as a predictor of cyber defacement attacks. It bridged a serious gap in the literature on cybersecurity, where the focus has been on technical signatures and little consideration has been made on socio-technical antecedents. The hypothesis that spikes of negative public sentiment might be predictive indicators of ideologically motivated cases of defacement was tested in the study. A hybrid sentiment analysis model was used, which incorporates lexicon-based VADER model with machine learning classifiers, such as Naive Bayes and Long Short-Term Memory networks. The data consisted of 503456 posts related to cybersecurity and the data were compared to the verified cases of defacement in repositories like Zone-H using time-series analysis, Pearson correlation, and cross-correlation functions. Findings indicated that negative sentiment only comprised of 8.6% of the posts with the majority being neutral (50.9) and positive (40.5). The temporal analysis showed that there is not a substantial change in negative sentiment, but short bursts of negative sentiment are associated with cybersecurity disclosure. The cross-correlation analysis showed only weak contemporaneous correlation (r ≈ 0.12, lag = 0 days) but no predictive correlation in negative lags. The stacked ensemble model (Naïve Bayes, BiLSTM, ARIMA) was very strong in classification (Accuracy = 0.8568, F1 = 0.8055, ROC-AUC = 0.9116) but mainly it was very sensitive to concurrent or retrospective signals. The research established that aggregate sentiment does not provide predictive information, socio-technical prediction would combat inactive fine-grained and entity-specific signals combined with technical threat knowledge.