Showing 1–10 of 10 results for author: Pastor-Galindo, J

DISINFOX: an open-source threat exchange platform serving intelligence on disinformation and influence operations

Authors: Felipe Sánchez González, Javier Pastor-Galindo, José A. Ruipérez-Valiente

Abstract: This paper introduces DISINFOX, an open-source threat intelligence exchange platform for the structured collection, management, and dissemination of disinformation incidents and influence operations. Analysts can upload and correlate information manipulation and interference incidents, while clients can access and analyze the data through an interactive web interface or programmatically via a publ… ▽ More This paper introduces DISINFOX, an open-source threat intelligence exchange platform for the structured collection, management, and dissemination of disinformation incidents and influence operations. Analysts can upload and correlate information manipulation and interference incidents, while clients can access and analyze the data through an interactive web interface or programmatically via a public API. This facilitates integration with other vendors, providing a unified view of cybersecurity and disinformation events. The solution is fully containerized using Docker, comprising a web-based frontend for user interaction, a backend REST API for managing core functionalities, and a public API for structured data retrieval, enabling seamless integration with existing Cyber Threat Intelligence (CTI) workflows. In particular, DISINFOX models the incidents through DISARM Tactics, Techniques, and Procedures (TTPs), a MITRE ATT&CK-like framework for disinformation, with a custom data model based on the Structured Threat Information eXpression (STIX2) standard. As an open-source solution, DISINFOX provides a reproducible and extensible hub for researchers, analysts, and policymakers seeking to enhance the detection, investigation, and mitigation of disinformation threats. The intelligence generated from a custom dataset has been tested and utilized by a local instance of OpenCTI, a mature CTI platform, via a custom-built connector, validating the platform with the exchange of more than 100 disinformation incidents. △ Less

Submitted 2 April, 2025; originally announced April 2025.

The Influence Operation Ontology (IOO)

Authors: Alejandro David Cayuela Tudela, Javier Pastor-Galindo, Pantaleone Nespoli, José A. Ruipérez-Valiente

Abstract: Ontologies provide a systematic framework for organizing and leveraging knowledge, enabling smarter and more effective decision-making. In order to advance in the capitalization and augmentation of intelligence related to nowadays cyberoperations, the proposed Influence Operation Ontology (IOO) establishes the main entities and relationships to model offensive tactics and techniques by threat acto… ▽ More Ontologies provide a systematic framework for organizing and leveraging knowledge, enabling smarter and more effective decision-making. In order to advance in the capitalization and augmentation of intelligence related to nowadays cyberoperations, the proposed Influence Operation Ontology (IOO) establishes the main entities and relationships to model offensive tactics and techniques by threat actors against the public audience through the information environment. It aims to stimulate research and development in the field, leading to innovative applications against influence operations, particularly in the fields of intelligence, security, and defense. △ Less

Submitted 10 March, 2025; originally announced March 2025.

Toward interoperable representation and sharing of disinformation incidents in cyber threat intelligence

Authors: Felipe Sánchez González, Javier Pastor-Galindo, José A. Ruipérez-Valiente

Abstract: A key countermeasure in cybersecurity has been the development of standardized computational protocols for modeling and sharing cyber threat intelligence (CTI) between organizations, enabling a shared understanding of threats and coordinated global responses. However, while the cybersecurity domain benefits from mature threat exchange frameworks, there has been little progress in the automatic and… ▽ More A key countermeasure in cybersecurity has been the development of standardized computational protocols for modeling and sharing cyber threat intelligence (CTI) between organizations, enabling a shared understanding of threats and coordinated global responses. However, while the cybersecurity domain benefits from mature threat exchange frameworks, there has been little progress in the automatic and interoperable sharing of knowledge about disinformation campaigns. This paper proposes an open-source disinformation threat intelligence framework for sharing interoperable disinformation incidents. This approach relies on i) the modeling of disinformation incidents with the DISARM framework (MITRE ATT&CK-based TTP modeling of disinformation attacks), ii) a custom mapping to STIX2 standard representation (computational data format), and iii) an exchange architecture (called DISINFOX) capable of using the proposed mapping with a centralized platform to store and manage disinformation incidents and CTI clients which consume the gathered incidents. The microservice-based implementation validates the framework with more than 100 real-world disinformation incidents modeled, stored, shared, and consumed successfully. To the best of our knowledge, this work is the first academic and technical effort to integrate disinformation threats in the CTI ecosystem. △ Less

Submitted 28 February, 2025; originally announced February 2025.

Influence Operations in Social Networks

Authors: Javier Pastor-Galindo, Pantaleone Nespoli, José A. Ruipérez-Valiente, David Camacho

Abstract: An important part of online activities are intended to control the public opinion and behavior, being considered currently a global threat. This article identifies and conceptualizes seven online strategies employed in social media influence operations. These procedures are quantified through the analysis of 80 incidents of foreign information manipulation and interference (FIMI), estimating their… ▽ More An important part of online activities are intended to control the public opinion and behavior, being considered currently a global threat. This article identifies and conceptualizes seven online strategies employed in social media influence operations. These procedures are quantified through the analysis of 80 incidents of foreign information manipulation and interference (FIMI), estimating their real-world usage and combination. Finally, we suggest future directions for research on influence operations. △ Less

Submitted 17 February, 2025; originally announced February 2025.

Exploring the topics, sentiments and hate speech in the Spanish information environment

Authors: ALEJANDRO BUITRAGO LOPEZ, Javier Pastor-Galindo, José Antonio Ruipérez-Valiente

Abstract: In the digital era, the internet and social media have transformed communication but have also facilitated the spread of hate speech and disinformation, leading to radicalization, polarization, and toxicity. This is especially concerning for media outlets due to their significant role in shaping public discourse. This study examines the topics, sentiments, and hate prevalence in 337,807 response m… ▽ More In the digital era, the internet and social media have transformed communication but have also facilitated the spread of hate speech and disinformation, leading to radicalization, polarization, and toxicity. This is especially concerning for media outlets due to their significant role in shaping public discourse. This study examines the topics, sentiments, and hate prevalence in 337,807 response messages (website comments and tweets) to news from five Spanish media outlets (La Vanguardia, ABC, El País, El Mundo, and 20 Minutos) in January 2021. These public reactions were originally labeled as distinct types of hate by experts following an original procedure, and they are now classified into three sentiment values (negative, neutral, or positive) and main topics. The BERTopic unsupervised framework was used to extract 81 topics, manually named with the help of Large Language Models (LLMs) and grouped into nine primary categories. Results show social issues (22.22%), expressions and slang (20.35%), and political issues (11.80%) as the most discussed. Content is mainly negative (62.7%) and neutral (28.57%), with low positivity (8.73%). Toxic narratives relate to conversation expressions, gender, feminism, and COVID-19. Despite low levels of hate speech (3.98%), the study confirms high toxicity in online responses to social and political topics. △ Less

Submitted 19 September, 2024; originally announced September 2024.

Comments: 24 pages

Frameworks, Modeling and Simulations of Misinformation and Disinformation: A Systematic Literature Review

Authors: Alejandro Buitrago López, Javier Pastor-Galindo, José A. Ruipérez-Valiente

Abstract: The prevalence of misinformation and disinformation poses a significant challenge in today's digital landscape. That is why several methods and tools are proposed to analyze and understand these phenomena from a scientific perspective. To assess how the mis/disinformation is being conceptualized and evaluated in the literature, this paper surveys the existing frameworks, models and simulations of… ▽ More The prevalence of misinformation and disinformation poses a significant challenge in today's digital landscape. That is why several methods and tools are proposed to analyze and understand these phenomena from a scientific perspective. To assess how the mis/disinformation is being conceptualized and evaluated in the literature, this paper surveys the existing frameworks, models and simulations of mis/disinformation dynamics by performing a systematic literature review up to 2023. After applying the PRISMA methodology, 57 research papers are inspected to determine (1) the terminology and definitions of mis/disinformation, (2) the methods used to represent mis/disinformation, (3) the primary purpose beyond modeling and simulating mis/disinformation, (4) the context where the mis/disinformation is studied, and (5) the validation of the proposed methods for understanding mis/disinformation. The main findings reveal a consistent essence definition of misinformation and disinformation across studies, with intent as the key distinguishing factor. Research predominantly uses social frameworks, epidemiological models, and belief updating simulations. These studies aim to estimate the effectiveness of mis/disinformation, primarily in health and politics. The preferred validation strategy is to compare methods with real-world data and statistics. Finally, this paper identifies current trends and open challenges in the mis/disinformation research field, providing recommendations for future work agenda. △ Less

Submitted 13 June, 2024; originally announced June 2024.

A Big Data Architecture for Early Identification and Categorization of Dark Web Sites

Authors: Javier Pastor-Galindo, Hông-Ân Sandlin, Félix Gómez Mármol, Gérôme Bovet, Gregorio Martínez Pérez

Abstract: The dark web has become notorious for its association with illicit activities and there is a growing need for systems to automate the monitoring of this space. This paper proposes an end-to-end scalable architecture for the early identification of new Tor sites and the daily analysis of their content. The solution is built using an Open Source Big Data stack for data serving with Kubernetes, Kafka… ▽ More The dark web has become notorious for its association with illicit activities and there is a growing need for systems to automate the monitoring of this space. This paper proposes an end-to-end scalable architecture for the early identification of new Tor sites and the daily analysis of their content. The solution is built using an Open Source Big Data stack for data serving with Kubernetes, Kafka, Kubeflow, and MinIO, continuously discovering onion addresses in different sources (threat intelligence, code repositories, web-Tor gateways, and Tor repositories), downloading the HTML from Tor and deduplicating the content using MinHash LSH, and categorizing with the BERTopic modeling (SBERT embedding, UMAP dimensionality reduction, HDBSCAN document clustering and c-TF-IDF topic keywords). In 93 days, the system identified 80,049 onion services and characterized 90% of them, addressing the challenge of Tor volatility. A disproportionate amount of repeated content is found, with only 6.1% unique sites. From the HTML files of the dark sites, 31 different low-topics are extracted, manually labeled, and grouped into 11 high-level topics. The five most popular included sexual and violent content, repositories, search engines, carding, cryptocurrencies, and marketplaces. During the experiments, we identified 14 sites with 13,946 clones that shared a suspiciously similar mirroring rate per day, suggesting an extensive common phishing network. Among the related works, this study is the most representative characterization of onion services based on topics to date. △ Less

Submitted 24 January, 2024; originally announced January 2024.

Large-Language-Model-Powered Agent-Based Framework for Misinformation and Disinformation Research: Opportunities and Open Challenges

Authors: Javier Pastor-Galindo, Pantaleone Nespoli, José A. Ruipérez-Valiente

Abstract: This article presents the affordances that Generative Artificial Intelligence can have in misinformation and disinformation contexts, major threats to our digitalized society. We present a research framework to generate customized agent-based social networks for disinformation simulations that would enable understanding and evaluating the phenomena whilst discussing open challenges. This article presents the affordances that Generative Artificial Intelligence can have in misinformation and disinformation contexts, major threats to our digitalized society. We present a research framework to generate customized agent-based social networks for disinformation simulations that would enable understanding and evaluating the phenomena whilst discussing open challenges. △ Less

Submitted 29 April, 2024; v1 submitted 11 October, 2023; originally announced October 2023.

Journal ref: IEEE Security & Privacy, 2024

BOTTER: A framework to analyze social bots in Twitter

Authors: Javier Pastor-Galindo, Félix Gómez Mármol, Gregorio Martínez Pérez

Abstract: Social networks have triumphed in communicating people online, but they have also been exploited to launch influence operations for manipulating society. The deployment of software-controlled accounts (e.g., social bots) has proven to be one of the most effective enablers for that purpose, and tools for their detection have been developed and widely adopted. However, the way to analyze these accou… ▽ More Social networks have triumphed in communicating people online, but they have also been exploited to launch influence operations for manipulating society. The deployment of software-controlled accounts (e.g., social bots) has proven to be one of the most effective enablers for that purpose, and tools for their detection have been developed and widely adopted. However, the way to analyze these accounts and measure their impact is heterogeneous in the literature, where each case study performs unique measurements. To unify these efforts, we propose a common framework to analyze the interference of social bots in Twitter. The methodology compares the non-authentic actors with the rest of users from different perspectives, thus building objective metrics to measure their actual impact. We validate the framework by applying it to a dataset of Twitter iterations dated in the weeks preceding the 2019 Spanish general election. In this sense, we check that our framework facilitates the quantitative evaluation of unauthentic groups, particularly discovering that social bots changed the natural dynamics of the network in these days, but did not have a significant impact. We also consider this methodology as a practical tool for the qualitative interpretation of experimental results, particularly suggesting within the aforementioned electoral context that semi-automated accounts are potentially more threatening than fully automated ones. △ Less

Submitted 15 July, 2021; v1 submitted 29 June, 2021; originally announced June 2021.

Spotting political social bots in Twitter: A use case of the 2019 Spanish general election

Authors: Javier Pastor-Galindo, Mattia Zago, Pantaleone Nespoli, Sergio López Bernal, Alberto Huertas Celdrán, Manuel Gil Pérez, José A. Ruipérez-Valiente, Gregorio Martínez Pérez, Félix Gómez Mármol

Abstract: While social media has been proved as an exceptionally useful tool to interact with other people and massively and quickly spread helpful information, its great potential has been ill-intentionally leveraged as well to distort political elections and manipulate constituents. In the paper at hand, we analyzed the presence and behavior of social bots on Twitter in the context of the November 2019 Sp… ▽ More While social media has been proved as an exceptionally useful tool to interact with other people and massively and quickly spread helpful information, its great potential has been ill-intentionally leveraged as well to distort political elections and manipulate constituents. In the paper at hand, we analyzed the presence and behavior of social bots on Twitter in the context of the November 2019 Spanish general election. Throughout our study, we classified involved users as social bots or humans, and examined their interactions from a quantitative (i.e., amount of traffic generated and existing relations) and qualitative (i.e., user's political affinity and sentiment towards the most important parties) perspectives. Results demonstrated that a non-negligible amount of those bots actively participated in the election, supporting each of the five principal political parties. △ Less

Submitted 12 October, 2020; v1 submitted 2 April, 2020; originally announced April 2020.