Computers in Human Behavior Reports 18 (2025) 100668

Contents lists available at ScienceDirect

Computers in Human Behavior Reports

journal homepage: www.sciencedirect.com/journal/computers-in-human-behavior-reports

Review

A survey of social cybersecurity: Techniques for attack detection,

evaluations, challenges, and future prospects
Aos Mulahuwaish a ,∗, Basheer Qolomany b , Kevin Gyorick a , Jacques Bou Abdo c ,
Mohammed Aledhari d , Junaid Qadir e , Kathleen Carley f , Ala Al-Fuqaha g
a
Department of Computer Science and Information Systems, Saginaw Valley State University, University Center, 48710, USA
b Department of Medicine, College of Medicine, Howard University, Washington D.C. 20059, USA
c School of Information Technology, University of Cincinnati, Cincinnati, OH 45221, USA
d Department of Data Science, University of North Texas, Denton, TX 76207, USA
e
Computer Science and Engineering Department, Qatar University, Doha, Qatar
f
School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213, USA
g
Information and Computing Technologies (ICT) Division, College of Science and Engineering (CSE), Hamad Bin Khalifa University, Doha, Qatar

ARTICLE INFO ABSTRACT

Keywords: In today’s age of digital interconnectedness, understanding and addressing the nuances of social cybersecurity
Social cybersecurity have become paramount. Unlike its broader counterparts, information security and cybersecurity, which are
Detection focused on safeguarding all forms of sensitive data and digital systems, social cybersecurity places its emphasis
Social network analysis
on the human and social dimensions of cyber threats. This field is uniquely positioned to address issues such as
Dynamic network analysis
different social cybersecurity attacks like cyberbullying, cybercrime, spam, terrorist activities, and community
detection. The significance of detection methods in social cybersecurity is underscored by the need for timely
and proactive responses to these threats. In this comprehensive review, we delve into various techniques,
attacks, challenges, potential solutions, and trends within the realm of detecting social cybersecurity attacks.
Additionally, we explore the potential of readily available public datasets and tools that could expedite research
in this vital domain. Our objective is not only to tackle the existing challenges but also to illuminate potential
pathways for future exploration. Through this survey, our primary focus is to provide valuable insights into the
rapidly evolving landscape of social cybersecurity. By doing so, we aim to assist researchers and practitioners
in developing effective prediction models, enhancing defense strategies, and ultimately fostering a safer digital
environment.

1. Introduction Social cybersecurity is a field centered around human factors

(Hadlington, 2017; Rahman, Rohan, Pal, & Kanthamanon, 2021), striv-
In today’s digital era, the Internet, especially social media platforms, ing to protect individuals and organizations from threats emanating
plays a significant role in shaping public opinions, attitudes, and be- from social manipulation and malicious digital activities (Beskow &
liefs. Unfortunately, the credibility of scientific information sources is Carley, 2019b; Carley, 2020). As emphasized by the epigraph of this
often undermined by the spread of misinformation through various section, humans are frequently considered the most vulnerable element
means, including technology-driven tools like bots, cyborgs, trolls,
in the security chain, with numerous underlying reasons for this sus-
sock-puppets, and deep fakes. This manipulation of public discourse
ceptibility. Schneier (Hadnagy, 2010; Schneier, 2015) delineates six
serves antagonistic business agendas and compromises civil society.
principal factors attributing to human vulnerability:
In response to this challenge, a new scientific discipline has emerged:
social cybersecurity.
1. The inherent human struggle with effective risk perception and
What is Social Cybersecurity? analysis.
‘‘People often represent the weakest link in the security chain and 2. The inadequacy of human intuition for processing infrequent
are chronically responsible for the failure of security systems’’.—Bruce events.
Schneier (Schneier, 2015).

∗ Corresponding author.
E-mail address: [email protected] (A. Mulahuwaish).

https://doi.org/10.1016/j.chbr.2025.100668
Received 17 July 2024; Received in revised form 1 April 2025; Accepted 2 April 2025
Available online 15 April 2025
2451-9588/© 2025 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-
nc-nd/4.0/).
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

3. The perilous overreliance and unwarranted trust people place in

computers.
4. The impractical expectation for consistent, intelligent security
decisions by everyone.
5. The frequent origination of security breaches from malicious
insiders.
6. The commonplace and seemingly effortless occurrences of secu-
rity lapses due to social engineering.

Social cybersecurity merges applied research in computational sci-

ence with computational social science techniques to discern, counter,
and understand threats associated with social communication. It is
an interdisciplinary domain synthesizing elements of high-dimensional
network analysis, data science, machine learning (ML), natural lan-
guage processing (NLP), and agent-based simulation. By utilizing these
tools, crucial insights about social media and internet users are un-
earthed, enabling comprehension of their tactics and fostering the
formulation of robust counterstrategies against social manipulation.
As social cybersecurity continues to evolve, new forms of digital
manipulation are emerging. One example is the rise of virtual in-
fluencers and their impact on digital trust. Research by Hong et al.
(2024) explores how identity and race in virtual influencer interactions
influence public perceptions, which is crucial for understanding the
dynamics of social cybersecurity threats, particularly in misinformation
campaigns (Hong, Cruz, & Kim, 2024).
Moreover, tools in social cybersecurity are pivotal in evaluating and
foreseeing the repercussions of influence operations on social media,
Fig. 1. The relationship among cybersecurity, information security, and social cyber-
thereby reinforcing the security of online social interactions and di-
security.
minishing the adverse effects of malicious influence. These insights are
invaluable, enhancing intelligence and contributing to advancements in
forensic research practices.
their distinct focuses, these three fields share a common overarching
Historical Developments goal: the comprehensive protection of data and systems. Together,
The field of social cybersecurity has evolved significantly over they contribute to a multi-faceted, robust approach to security in our
the past two decades, emerging at the intersection of cybersecurity, increasingly interconnected world, as illustrated in Fig. 1. Furthermore,
psychology, and social network analysis. Early research in the 2000s there is a differentiation in cognitive security (Andrade & Yoo, 2019;
focused on integrating social network analysis (SNA) to understand Kinsner, 2012), which centers on the psychological aspects of cyberse-
the spread of cyber threats and the role of human behavior in se- curity. In contrast, social cybersecurity explores societal dynamics and
curity vulnerabilities (Xu & Chen, 2004). By the 2010s, increased investigates the effects of cyber threats on social structures, narratives,
attention was given to the human factors influencing cybersecurity, and societal trust in digital technologies and institutions. Each of these
leading to advancements in social engineering defenses and misin- fields collectively strives for digital security, providing unique perspec-
formation detection (Algarni, Xu, Chan, & Tian, 2017). The rise of tives and approaches to address the complexities of human–machine
deepfake technology and AI-generated disinformation in recent years interaction in the modern digital landscape.
has further expanded the field, necessitating AI-driven countermeasures Before venturing into predictions of social cybersecurity attacks,
using machine learning (ML), natural language processing (NLP), and understanding the predictable elements and potential challenges is piv-
dynamic network analysis (DNA) (Ferrara, Varol, Davis, Menczer, & otal. The social dimension of cybersecurity, inherently complex due to
Flammini, 2020). These technological advancements have not only human psychology and nuanced social interactions, presents significant
enhanced cyber defense strategies but also introduced new challenges, forecasting challenges. Yet, given the shared tasks and use cases within
as adversaries increasingly exploit generative AI and automation for this domain that exhibit similarities, it is possible to identify patterns.
more sophisticated attacks (Blake, 2024). Looking ahead, the field will Such recognition of commonalities facilitates valuable insights and
likely continue to evolve with interdisciplinary approaches, integrating strategies to address these challenges.
insights from behavioral science, digital forensics, and forensic cy- While the primary goal is the detection of social cybersecurity
berpsychology to mitigate emerging cyber threats effectively (Various
threats, insights gained from predicting future attacks and forecasting
Authors, 2023).
methodologies offer valuable context. The unpredictable nature of
What Sets Social Cybersecurity Apart? human behaviors, group dynamics, and evolving societal norms (Abdl-
It is essential to differentiate social cybersecurity from related fields, hamed, Kifayat, Shi, & Hurst, 2017; Hubbard, 2020; Okutan, Werner,
such as information security (Soomro, Shah, & Ahmed, 2016; Whit- Yang, & McConky, 2018; Radanliev, De Roure, van Kleek, & Cannady,
man & Mattord, 2013) and cybersecurity (Craigen, Diakun-Thibault, 2020; Tetlock & Gardner, 2016) enriches our understanding of the
& Purse, 2014; Kemmerer, 2003). Information security is a broad threat landscape, thereby enhancing detection systems. This unpre-
discipline aimed at safeguarding all sensitive data, encompassing both dictability underscores the necessity of incorporating a detailed grasp
digital and physical aspects. In contrast, cybersecurity, which is a subset of attack statistics, the presence of threats, and the influence of social
of information security, focuses specifically on protecting computer behaviors on these variables, even when our focus is on detecting,
systems, networks, and digital data. Social cybersecurity, on the other rather than forecasting, the security status of a social network.
hand, places a unique emphasis on the human dimension within the Moreover, two pivotal components—attack projection (Yang, Du,
realm of cybersecurity. It delves into the relationship between hu- Holsopple, & Sudit, 2014), which aids in understanding the sequence of
man behavior, social interactions, and cybersecurity threats. Despite actions following an attack, and intention recognition (Ahmed & Zaman,

2
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

2017), which involves discerning an adversary’s intentions—can sig- studies focusing on prediction and detection methodologies within so-
nificantly inform detection strategies. Even though these components cial cybersecurity, and (iii) papers providing novel insights into adver-
are traditionally associated with forecasting, they are equally critical in sarial threats in digital environments. We excluded studies that focused
shaping robust detection mechanisms that can anticipate and respond solely on traditional cybersecurity threats without a social dimension
to threats more effectively. or those lacking empirical validation. Additionally, we acknowledge
Despite the fluidity of social trends and interactions posing chal- the potential for selection bias, as research primarily indexed in the
lenges, this survey emphasizes methodologies that not only address selected databases may not represent all relevant findings. However, we
forecasting but also contribute to the detection of cybersecurity threats. mitigated this risk by cross-referencing citations from key papers and
Many of these methodologies are grounded in shared theoretical foun- reviewing recent conference proceedings in cybersecurity and social
dations, offering a multidisciplinary approach to enhance detection network analysis.
capabilities in the face of social cybersecurity challenges. By doing so, we have endeavored to make our survey both compre-
hensive and reflective of the most recent and influential research on
Key Contributions the forecasting and prediction of social cybersecurity attacks.
This survey explores the detection of social cybersecurity attacks, To assist in navigating the terminologies, Table 1 enumerates the
providing valuable insights into the field. The main highlights of our crucial acronyms used throughout the paper.
work are: The structure of the paper is outlined as follows: Section 2 provides
an overview of the related work pertinent to our study. Section 3
• Valuable Resource: Serving as an essential guide for those ven-
presents a detailed analysis of various social cybersecurity attacks,
turing into social cybersecurity, this paper delves into diverse
along with their respective evaluations and potential solutions. Sec-
prediction methods. From machine learning to agent-based mod-
tion 4 offers a deep dive into the taxonomy of techniques used for
eling, we provide a broad understanding of the field, especially
the detection of such attacks. The subsequent Sections, from 4.1 to
in the context of the increasing threats in online networks.
4.4, offer comprehensive literature reviews spanning Machine Learning
• Comprehensive Exploration: Our survey covers a vast range of
(ML) methods, discrete models, metaheuristic algorithms, and agent-
topics associated with social cybersecurity attacks. More than just
based modeling. Section 5 gives an analytical overview of the tools and
identifying the challenges, we also suggest potential solutions, publicly available datasets significant to social cybersecurity research.
ensuring readers not only understand the problem but also the The paper reaches its denouement in Section 6, which synthesizes the
ways to address it. current challenges and solutions in social cybersecurity and suggests av-
• Datasets and Tools: A key aspect of research is the tools and data enues for future exploration. Finally, Section 7 provides the concluding
one employs. We highlight crucial public datasets and tools that remarks of our study.
researchers can leverage in the realm of social cybersecurity. To provide clarity and focus to this survey, we aim to explore
• Research Challenges and Future Directions: Research is not the general landscape of detecting social cybersecurity attacks, empha-
without its hurdles. We take a deep dive into the complexities sizing methodologies that identify threats arising from manipulative
and challenges faced in this domain, especially when dealing digital activities. The scope of this survey is framed by the following
with social engineering threats. By shedding light on potential central research questions:
research avenues, we emphasize the ongoing need for innovation
and exploration in the field. • What are the primary challenges in detecting social cybersecurity
threats?
By explicitly addressing the needs of researchers, policymakers, and • What tools and techniques are most effective in addressing these
industry professionals, our survey provides a comprehensive framework challenges?
that not only advances academic knowledge but also informs decision- • How can insights from forecasting methods enhance detection
making in both regulatory and operational contexts. As the field of capabilities?
social cybersecurity continues to evolve, this work will serve as a foun-
dation for interdisciplinary collaborations that integrate technological By clearly delineating these boundaries, this study focuses on identify-
innovation, human factors, and governance strategies. ing practical and theoretical approaches to improve detection mecha-
In essence, our paper furnishes a comprehensive overview of pre- nisms within the complex landscape of social cybersecurity.
diction methods, details specific threats, showcases pivotal datasets
and tools, and outlines future research challenges and directions. This 2. Related works
makes it an indispensable guide for those diving into the dynamic world
of social cybersecurity. Our research primarily addresses the general landscape of detect-
ing social cybersecurity attacks. We uniquely fill this gap, laying a
Literature Search Methodology and Paper Structure foundation for proactive defense strategies. Several surveys on social
In our initial quest for literature, we targeted journals with a pen- cybersecurity exist, but they do not concentrate on the detection in
chant for survey-oriented articles on social cybersecurity predictions. the depth that we do. A distinction is illustrated in Table 2, utilizing
Despite our focused approach, no papers exclusively dedicated to the abbreviations like ML (Machine Learning), DM (Discrete Models), MH
forecasting and prediction of cyberattacks in this niche were identified. (Metaheuristic Algorithms), and ABM (Agent-Based Modeling).
This observation led us to broaden our search horizon to include Google One group of papers centered on social network analysis brings to
Scholar, IEEE Xplore, and the ACM Digital Library. light several findings. Kirichenko et al. (2018) delve into social network
To ensure comprehensive coverage, we used a combination of techniques for cyber threat detection, yet their scope seems narrow.
search queries including: ‘‘social cybersecurity’’ OR ‘‘social cyber se- Husák et al. (2019), even with a broader cybersecurity perspective,
curity’’ OR ‘‘Social-cybersecurity’’ OR ‘‘Cyber-social security’’ OR ‘‘Soc- frequently neglect social attacks. Wu et al. (2022) offers a profound
Cyber’’ OR ‘‘Social-network cybersecurity’’. These search terms were look into cybersecurity within social networks but does not accentuate
selected based on common terminologies used in the field and vari- forecasting or prediction of attacks. Carley’s work (Carley, 2020), al-
ations observed across existing literature. The search was conducted though vast in its coverage of social cybersecurity, misses the mark on
using title, abstract, and keyword-based filtering to identify relevant the prediction front.
studies. A group focusing on Machine Learning (ML) in cybersecurity presents
The selection criteria for papers included: (i) peer-reviewed articles varied insights. Shaukat, Luo, Varadharajan, Hameed, and Xu (2020)
published in reputable cybersecurity and social computing journals, (ii) traverse the expanse of ML techniques across different cybersecurity

3
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 1
List of important acronyms.
Acronym Full form Acronym Full form
ACO Ant Colony Optimization LSH Locality-sensitive Hashing
ALO Ant Lion Optimization LSTM Long-Short Term Memory
AP Affinity Propagation LVSM Linear Support Vector Machine
ARIMA Autoregressive Integrated Moving Average MC Markov Chain
ARIMAX RIMA with explanatory variables MCC Matthews Correlation Coefficient
BAT Binary Bat Algorithm MCC Multi-Class Classification
BN Bayesian Networks MFO Moth Flame Optimization
BOTRGCN Bot detection with Relational Graph Convolutional Networks ML Machine Learning
BOW Bag-of-Words MLP Multi-Layer Perception
BTO Binary Term Occurrence MLP Multi-Layer Perception
CASOS Computational Analysis of Social and Organizational Systems MRF Markov Random Field
CAT CVE-Author-Tweet MSIG Multi-Start Iterated Greedy
CDC Centers for Disease Control and Prevention MSRC Microsoft Security Response Center
CNN Convolutional Neural Network NB Naïve Bayes
CNN Convolutional Neural Network NDA National Vulnerability Database
CSA Cuckoo Search Algorithm NER Named Entity Recognizer
CUCKOO Binary Cuckoo Algorithm NLP Natural Language Processing
CVE Common Vulnerabilities and Exposures NODEXL Network overview, discovery, and exploration
CVSS Common Vulnerability Scoring System OSINT Open-Source Intelligence
DDOS Distributed Denial-of-Service PCA Principal Component Analysis
DNN Deep Neural Network PSO Particle Swarm Optimization
DQE Dynamic Query Expansion QE Query Expansion
DT Decision Tree RBF Radial Basis Function
EM Expectation-Maximization RBF KERNEL Radial Basis Function kernel
FA Firefly Algorithm RF Random Forest
FEEU Forecasting Ensemble for Exploit Timing RGCN Relational Graph Convolutional Network
FEEU-XGBOOST FEEU with Extreme Gradient Boosting (XGBoost) RNN Recurrent Neural Network
FRET Forecasting Regression for Exploit Timing SGD Stochastic Gradient Descent
GA Genetic Algorithm SMO Sequential Minimal Optimization
GCN Graph Convolutional Networks SMOTE Synthetic Minority Oversampling Technique
GDELT Global Database of Events, Language, and Tone SNA Social Network Analysis
GMM Gaussian Mixture Models SNAP Stanford Network Analysis Project
GPU Graphics Processing Unit SOCNETV Social Network Visualizer
GRU Gated Recurrent Unit classifier SSO Social Spider Optimization
HLT Human Language Technologies SVD Singular Value Decomposition
HMM Hidden Markov Model SVM Support Vector Machine
JUNG Java Universal Network/Graph TDM Text and Data Mining
KNN K-nearest-neighbor TF Term Frequency
L-BFGS Limited-memory Broyden–Fletcher–Goldfarb–Shanno T-MRF Typed Markov Random Field
LBP Local Binary Patterns TO Term Occurrences
LDA Linear Discriminant Analysis TSA Tunicate Swarm Algorithm
LDA Latent Dirichlet Allocation UGM Undirected Graphical Models
LDL Latent Dirichlet Allocation VERIS Vocabulary for Event Recording and Incident Sharing
LFA Levy flight Firefly Algorithm WOA Whale Optimization Algorithm
LIBSVM Library for Support Vector Machines WSA Wolf Search Algorithm
LR Logistic Regression XGBOOST Extreme Gradient Boosting

domains, ranging from spam detection to 5G security, but bypass the detection but lack predictive modeling approaches that could proac-
prediction of social cybersecurity attacks. On a similar trajectory, Das- tively identify evolving threats. Similarly, Husák et al. (2019) discuss
gupta et al. (2022) delve deep into ML’s applications in cybersecurity forecasting in cybersecurity but do not extend this discussion to social
yet omit crucial details on forecasting and prediction of social threats. engineering-based attacks, which have distinct behavioral patterns and
Turning to spam and intrusion detection, another group offers its spread mechanisms.
perspective. Rao et al. (2021) provide a meticulous survey on spam Existing ML-based cybersecurity surveys, such as Shaukat, Luo,
detection strategies in social networks, but their lens remains predomi- Varadharajan, Hameed, and Xu (2020) and Dasgupta et al. (2022),
nantly on spam. Buczak and Guven (2015) offers an exhaustive review predominantly focus on traditional intrusion detection and malware
of ML and data mining techniques tailored for intrusion detection but
analysis but do not integrate forecasting models to anticipate adversar-
skips the intricacies of social cybersecurity prediction and forecasting.
ial strategies in social cybersecurity. Even comprehensive cybersecurity
In the realm of smart grids, a distinct group emerges. Mazhar et al.
reviews such as those by Buczak and Guven (2015) and Rao et al.
(2023) shed light on vulnerabilities and propose ML and blockchain-
(2021) emphasize spam and intrusion detection while overlooking
driven security solutions but overlook prediction methods for social
forecasting and real-time adaptation of attack prediction models.
threats. Pinto et al. (2023) navigate the domain of cybersecurity in
smart distribution systems, predominantly leveraging unsupervised Furthermore, limited emphasis has been placed on the role of
learning methods but disregarding the prediction and forecasting of interdisciplinary approaches, such as social cyber-forensics and dy-
social attacks. namic network analysis, which can enhance predictive capabilities
While previous surveys have made valuable contributions to the in social cybersecurity. Notably, prior surveys do not explore how
study of social cybersecurity, they exhibit notable gaps that necessitate hybrid techniques — combining ML, agent-based modeling (ABM), and
further research. As seen in Table 2, many surveys provide broad metaheuristic algorithms — can be leveraged for proactive threat iden-
overviews of cybersecurity without focusing on prediction and fore- tification. Additionally, a lack of publicly available datasets and bench-
casting techniques specific to social cybersecurity attacks. For example, marking frameworks has been identified as a constraint in developing
Kirichenko et al. (2018) explore social network-based cyber threat reliable detection systems, a challenge that our work addresses.

4
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 2
Comparison with existing surveys.
Ref. Year Social cybersecurity Attacks, Challenges Future Dataset Tools Overview
attack prediction and Evaluation, directions
forecasting techniques and Solutions
ML DM MH ABM
Kirichenko, 2018 ✓ ✓ X X X X X X X This survey paper explores the detection of
Radivilova, and cyber threats through social networks, yet it
Carlsson (2018) offers limited coverage and misses
opportunities to provide comprehensive insights
Husák, 2019 ✓ ✓ X X X ✓ X X X The survey paper underscore projection,
Komárková, prediction, and forecasting in cybersecurity, yet
Bou-Harb, and they often neglect social attacks and lack a
Čeleda (2019) thorough grasp of social engineering
Wu, Edwards, 2019 X X X X X X X X X This survey paper explores improvements in
and Das (2022) cybersecurity and privacy within social
networks, but it does not delve into the
prediction or forecasting of social cybersecurity
attacks
Carley (2020) 2020 X X X X X X ✓ X X This survey paper gives an overview of social
cybersecurity research, yet it does not
adequately focus on predicting and forecasting
social cybersecurity attacks
Shaukat, Luo, 2020 ✓ X X X X ✓ X X X This survey paper delves into ML techniques
Varadharajan, for cybersecurity but does not address the
Hameed, and Xu prediction and forecasting of social
(2020) cybersecurity attacks, also overlooking the
aspects of social engineering
Dasgupta, 2022 ✓ X X X X ✓ ✓ ✓ X This survey paper investigates the application
Akhtar, and Sen of ML in cybersecurity, with a significant
(2022) emphasis on data and malware detection, but it
does not adequately address the prediction and
forecasting of social cybersecurity attacks
Rao, Verma, and 2021 ✓ X X X X ✓ ✓ X X This survey paper explores spam detection on
Bhatia (2021) social networks using various methods, offering
detailed insights into spam detection
techniques. However, it has a narrow focus on
spam detection and does not specifically
address the prediction and forecasting of social
cybersecurity attacks
Buczak and 2015 ✓ X X X X ✓ ✓ ✓ X This survey paper reviews ML and DM methods
Guven (2015) for cyber analytics in intrusion detection,
providing tutorial-like descriptions. It addresses
challenges in applying ML/DM for cyber
security but lacks exploration of prediction and
forecasting in social cybersecurity attacks and
methods, leaving room for further research
Mazhar et al. 2023 ✓ X X X X ✓ ✓ X X This survey paper investigates smart grid
(2023) vulnerabilities and suggests ML and
blockchain-based security solutions. While it
effectively addresses cyberattack challenges, it
lacks exploration of prediction and forecasting
for social cybersecurity attacks, calling for
further research in understanding ML’s role in
anticipating such threats
Pinto, Siano, and 2023 ✓ X X X X ✓ ✓ X X This survey paper explores unsupervised
Parente (2023) learning methods for cyber detection in smart
grids, specifically focusing on identifying False
Data Injection Cyber Attacks (FDIA). However,
it does not cover prediction and forecasting
methods for social cybersecurity attacks,
leaving room for further research in
understanding the role of different learning
approaches in anticipating such threats
Our survey 2025 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Our survey explores the detection of social
paper cybersecurity threats, interweaving a variety of
techniques and attack vectors with their
respective countermeasures. We provide an
in-depth examination of tools and datasets,
address current challenges, suggest potential
solutions, and advocate for continued research
to advance this critical domain.

Legends. ML: Machine Learning; DM: Discrete Models; MH: Metaheuristic Algorithms; ABM: Agent-Based Modeling.

5
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

By addressing these gaps, our survey provides a comprehensive and the importance of maintaining account security. Employing multi-
taxonomy of detection techniques, spanning ML, discrete models, meta- factor authentication and regularly updating passwords can signifi-
heuristic optimization, and ABM, while also identifying future direc- cantly reduce the risk of identity theft. Additionally, creating awareness
tions in predictive analytics for social cybersecurity. We uniquely focus about the various tactics employed by attackers can equip users with
on the integration of real-time threat prediction and countermeasure the knowledge to identify and avoid falling prey to such attacks,
optimization, distinguishing our work from prior studies. thereby enhancing overall security in online social interactions and
In summing up our contribution, we shine a light on the detection networks.
strategies for social cybersecurity attacks. We weave a cohesive nar-
Spam Attack:
rative that connects a spectrum of techniques and attack vectors with
Spam Attacks (Klien & Strohmaier, 2012) involve attackers ac-
their corresponding countermeasures, along with an analysis of tools
quiring a user’s contact information to send unsolicited spam emails,
and datasets. Furthermore, we unveil the existing challenges within
leading to network congestion and causing potential inconveniences to
the realm of social cybersecurity, offering contemporary solutions and
service providers and users. The indiscriminate nature of these attacks
proposing directions for future inquiry. Significantly, our survey iden-
can overwhelm users with irrelevant or malicious content, disrupting
tifies uncharted territories such as social cyber-forensics and dynamic
the normal flow of communications on the platform.
network analysis, signposting these as promising fields for forthcoming
research endeavors. Evaluation: (Ferrara, 2019) The ubiquity of spam attacks can adversely
affect the user experience on online platforms by cluttering feeds with
3. Various attacks on social cybersecurity: Evaluations and poten- unwanted content, potentially overshadowing legitimate communica-
tial solutions tions and impairing the platform’s functionality. The malicious intent
behind some spam attacks further intensifies the risks associated with
In this survey paper, we deeply explore various attacks observed them, with potential damages including exposure to harmful content or
within the realm of social cybersecurity, each posing substantial risks websites and loss of personal information.
to user privacy and security, profoundly affecting individuals and com- Potential Solutions: (Chakraborty et al., 2016) In the context of
munities. social cybersecurity, mitigating spam attacks is pivotal. This can be
Exploration delves deeper than just outlining the nature and method- achieved through the implementation of advanced email filters and
ologies of these attacks. We provide succinct evaluations, dissecting anti-spam measures, ensuring effective blocking of unwanted content.
each attack’s implications, challenges, and potential repercussions. Encouraging users to exercise caution, especially when confronted with
These evaluations shed light on the multifaceted risks and their impacts unexpected communications, can aid in creating a vigilant online com-
on societal harmony, individual well-being, and overall cybersecurity. munity. Equipping them with the requisite knowledge to identify and
This provides an insightful understanding of the intricate challenges promptly report spam further strengthens the defense against such at-
posed by social cybersecurity threats. tacks. Moreover, the continuous refinement and enhancement of spam
Furthermore, we present potential solutions aimed at reducing the detection algorithms play a crucial role in preserving the integrity and
occurrence and impact of the highlighted attacks. These solutions, ensuring the user-friendly nature of online platforms and communities.
encompassing preventative measures, remedial strategies, and insight-
ful recommendations, address the core of the identified issues. They Malware Attack:
offer strategies to counter the widespread malicious activities in social Malware attacks (Oehri & Teufel, 2012) involve the distribution of
cybersecurity. Central to these solutions is the idea of fostering a secure harmful scripts or software via networking sites, which can result in the
and inclusive online environment. This is achieved through enhanced unauthorized installation of malware on a user’s device or lead to the
user awareness, strong policy frameworks, and shared responsibility. theft of personal data. These attacks exploit the interconnectedness and
For a quick reference and a comprehensive overview of the dis- trust within platforms to propagate malicious software, compromising
cussed attacks, evaluations, and proposed solutions, readers are di- user privacy and security.
rected to Table 3. This compilation serves as an invaluable resource,
Evaluation: (Le Page et al., 2018) The interconnected nature of online
aiding in understanding the challenges introduced by social cyberse-
platforms and communities in the realm of social cybersecurity makes
curity attacks and suggesting effective counter-strategies. Also, Fig. 2
them susceptible to the rapid spread of malware, resulting in signif-
shows the mechanism of social cyber attack detection and evaluation.
icant harm to users and the platform’s infrastructure. The potential
Identity Theft: consequences of such attacks encompass the loss of sensitive data,
Identity Theft (Bilge et al., 2009) occurs when an unauthorized unauthorized system intrusions, and eroded user trust in these digital
entity illegitimately gains access to a user’s account and exploits it, communities and platforms.
potentially causing harm to the victim through theft of sensitive in-
Potential Solutions: (Zhang & Gupta, 2018) To counter malware at-
formation or dissemination of malicious content. This form of attack
tacks in online communities and platforms, it is crucial to educate users
is particularly insidious as it allows the attacker to operate under
about safe browsing habits and the dangers of downloading content
the guise of a legitimate user, thus enhancing the credibility of their
from unverified sources. Implementing and regularly updating anti-
malicious activities.
malware software can assist in detecting and neutralizing malicious
Evaluation: (Ellison et al., 2011) The degree of harm and the scope of content before any damage occurs. Further, fortifying security measures
exploitation in identity theft are considerable, given that the attacker and integrating advanced threat detection mechanisms within these
can misuse the victim’s account to access sensitive data or spread digital platforms and networks can facilitate early recognition and
malevolent content. The clandestine nature of this attack makes it a po- response to malware threats, ensuring both user data protection and
tent threat, with the victims often remaining oblivious until significant sustained platform integrity.
damage has occurred, highlighting the critical need for early detection
Sybil Attack:
and preventive measures.
Sybil Attacks (Douceur, 2002) refer to the creation and use of
Potential Solutions: (Tsikerdekis & Zeadally, 2014) Preventing iden- fake identities or profiles within online communities and platforms.
tity theft necessitates the implementation of robust authentication Attackers utilize these counterfeit profiles to spread misinformation,
methods and continuous user education on secure password practices disseminate malware, or disrupt the functionality of the platform. Such

6
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Fig. 2. The Mechanism of social cyber attack detection and evaluation.

attacks leverage the built-in trust within digital networks, enabling the safety of community participants; they can also diminish trust within
malicious entity to manipulate or deceive unwary users. the community, rendering sincere exchanges permeated with doubt.

Evaluation: (Al-Qurishi et al., 2017) The inherent nature of online Potential Solutions: (Ji et al., 2020) Defending against the exploita-
communities and platforms, built on principles of openness and con- tion of community detection requires enhancing the security protocols
nectivity, renders them especially susceptible to Sybil Attacks. An governing group interactions and membership. This might involve more
individual attacker can manage numerous fabricated profiles, ampli- rigorous membership vetting processes, tighter content sharing restric-
fying the potential damage. Such attacks not only interrupt genuine tions, and regular monitoring for suspicious activities. Additionally,
communication pathways but also undermine the perceived reliability advanced algorithms can be developed to identify and flag potential
and authenticity of information within these digital spaces. infiltrators or malicious actors. Educating community moderators about
potential threats and equipping them with tools to monitor and remove
Potential Solutions: (Dhanalakshmi et al., 2014) Effective counter- harmful entities is equally crucial. Such proactive and reactive mea-
measures against Sybil Attacks involve improving user registration and sures can significantly bolster community defenses and preserve the
authentication procedures. Implementing more stringent registration integrity and purpose of these online groups.
protocols, like CAPTCHAs, phone number verification, or behavior-
Social Phishing:
based checks, can act as deterrents for automated account creation.
Regular monitoring and algorithmic detection of suspicious activity Social Phishing (Gupta et al., 2016) is a deceptive technique where
attackers create fraudulent websites or communication channels that
patterns can also aid in identifying and removing fake profiles. Raising
appear legitimate, aiming to deceive users into providing personal
user awareness about the prevalence of fake accounts and encourag-
information or login credentials. These attacks leverage the trust that
ing them to report suspicious behavior can further bolster platform
users place in familiar platforms or known contacts, effectively manip-
defenses against Sybil Attacks.
ulating them into compromising their own security.
Exploiting Community Detection:
Evaluation: (Jagatic et al., 2007) The inherent danger of social phish-
Community detection has many applications in online networks ing stems from its ability to exploit the trust users have in familiar
(Javed et al., 2018). Exploiting community detection (Bedi & Sharma, entities. Because these phishing attempts often masquerade as trusted
2016) involves malevolent activities aimed at the intrinsic structure sources or acquaintances, they can easily bypass users’ typical guard
and communication dynamics of these digital communities. Through against suspicious activities. The repercussions of such attacks can
such attacks, adversaries can identify and target susceptible groups or be severe, with users potentially losing personal data and financial
communities within online platforms. For example, a digital group of resources or facing identity theft.
users discussing sensitive health information might be singled out by
malicious actors aiming to penetrate and misuse the group’s collective Potential Solutions: (Jansson & von Solms, 2013) Combatting social
resources or data. phishing necessitates a two-pronged approach: technological interven-
tions and user education. On the technological front, implementing
Evaluation: (Papadopoulos et al., 2012) The capability to cluster and robust phishing detection algorithms and secure communication pro-
identify communities within online platforms might unintentionally tocols can identify and block suspicious content or redirect attempts.
make these groups vulnerable to specialized attacks. Certain communi- Moreover, periodic system-wide security audits can ensure that vul-
ties could be more attractive to attackers because of the type of content nerabilities are promptly addressed. On the user front, continuous
they share, the potential for data extraction, or chances to circulate education about the dangers of phishing and training on how to recog-
false information. Such attacks do not just jeopardize the privacy and nize phishing attempts are vital. Encouraging users to verify suspicious

7
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 3
Summary of social media attacks: evaluation and potential solutions.
Attack Evaluation Potential solution
Identity Theft (Bilge, Strufe, Balzarotti, Considerable harm due to misuse of victim’s Robust authentication, user education, multi-factor
& Kirda, 2009) account, often with victims unaware until authentication, and regular password updates
significant damage occurs Ellison, Vitak, Steinfield, (Tsikerdekis & Zeadally, 2014)
Gray, and Lampe (2011)
Spam Attack (Klien & Strohmaier, 2012) Clutters user feeds with unwanted content, Advanced email filters, anti-spam measures, and
impairing platform functionality and exposing user vigilance (Chakraborty, Pal, Pramanik, &
users to potential threats (Ferrara, 2019) Chowdary, 2016)
Malware Attack (Oehri & Teufel, 2012) Rapid malware dissemination compromises user User education, up-to-date anti-malware software,
privacy and security, leading to data theft and enhanced security protocols, and threat detection
reduced trust Le Page, Jourdan, Bochmann, Flood, (Zhang & Gupta, 2018)
and Onut (2018)
Sybil Attack (Douceur, 2002) Amplified potential harm due to operation of Stringent registration protocols, continuous
multiple fake profiles, undermining platform monitoring, and user education (Dhanalakshmi,
trustworthiness Al-Qurishi et al. (2017) Bharathi, & Monisha, 2014)
Exploiting Community Detection (Bedi & Targeted attacks compromise group privacy and Enhanced security protocols for groups, rigorous
Sharma, 2016; Javed, Younis, Latif, erode trust within communities (Papadopoulos, membership vetting, and content restriction (Ji
Qadir, & Baig, 2018) Kompatsiaris, Vakali, & Spyridonos, 2012) et al., 2020)
Social Phishing (Gupta, Singhal, & Exploits user trust in familiar platforms, leading to Robust phishing detection, system-wide security
Kapoor, 2016) data loss and identity theft (Jagatic, Johnson, audits, and continuous user education (Jansson &
Jakobsson, & Menczer, 2007) von Solms, 2013)
Impersonation (Ferrara, 2015) Uses trust dynamics to spread misinformation or Stringent profile verification procedures, ML
solicit data, leading to potential financial fraud algorithms, and user education (Villar-Rodriguez,
Willemo et al. (2019) Del Ser, & Salcedo-Sanz, 2015)
Hijacking (Thomas, Li, Grier, & Paxson, Compromises direct victims and their network, Robust authentication, multi-factor authentication,
2014) leading to potential data theft and reputational user education on strong passwords, and detection
harm (Khandpur et al., 2017a; Sanderson, Barnes, of unusual activities (Sabottke, Suciu, & Dumitraş,
Williamson, & Kian, 2016) 2015a)
Fake Requests (Fire, Kagan, Elyashar, & Privacy breaches due to malicious connections, Rigorous profile verification, detection algorithms,
Elovici, 2014) leading to exposure to misleading content user education, and reporting tools (Krombholz,
(Ramalingam & Chinnaiah, 2018) Merkl, & Weippl, 2012)
Image Retrieval and Analysis (Li et al., Invasion of privacy and potential for targeted Enhanced privacy settings, image obfuscation,
2021) attacks, identity theft, or physical stalking Li et al. watermarking, and user awareness campaigns (Lu,
(2019) Varna, Swaminathan, & Wu, 2009)
Cyberbullying (Feinberg & Robey, 2009) Severe impact on mental well-being, isolation, Stringent content moderation, support systems for
depression, and potentially suicidal tendencies victims, legal penalties, and community awareness
(Al-Garadi et al., 2019; Whittaker & Kowalski, campaigns (Hinduja & Patchin, 2010)
2015)
Hate Speech (Guiora & Park, 2017) Amplifies harmful impacts, potentially inciting Robust content moderation, AI-driven tools, user
violence or discrimination, with challenges in reporting, and educative initiatives (Malmasi &
content moderation (Matamoros-Fernández & Zampieri, 2017; Mondal, Silva, & Benevenuto,
Farkas, 2021) 2017)
Terrorist Activity (Wu, 2015) Threatens global security by spreading radical Enhanced content moderation, intelligence sharing,
ideologies, targeting individuals for recruitment, legal frameworks, and counter-narrative campaigns
and potential real-world violence (Tsesis, 2017a, (Bertram, 2016)
2017b)
Social Unrest (Goolsby, Shanley, & Amplifies sentiments, potentially escalating Fact-checking tools, open dialogues, digital literacy
Lovell, 2013) peaceful protests into violence, with campaigns, and partnerships with civic
misinformation risks (Korolov et al., 2016) organizations (Tufekci & Freelon, 2013)
Attack Ad (Auter & Fine, 2016) Distorts public perception, undermines trust in Stringent ad-review policies, independent
democracy, and polarizes communities fact-checkers, ad libraries, and public awareness
(Ansolabehere, Iyengar, Simon, & Valentino, 1994) campaigns (Paek, Pan, Sun, Abisaid, & Houden,
2005)
Fake News (Shu, Sliva, Wang, Tang, & Erodes trust in information sources, threatens AI-driven fact-checking tools, partnerships with
Liu, 2017) democracy, public safety, and societal harmony independent fact-checkers, digital literacy
(Allcott & Gentzkow, 2017) campaigns, and transparency features (Shu,
Mahudeswaran, Wang, Lee, & Liu, 2020)
Deepfake Manipulation (Verdoliva, 2020) Creates highly realistic fabricated media used in Advanced detection algorithms (facial landmark
misinformation, defamation, and political detection, frequency analysis, deep learning),
manipulation, eroding trust and distorting public media literacy, and collaborative efforts among
perception (Chesney & Citron, 2019) platforms, researchers, and policymakers (Tolosana
et al., 2020)
AI-Generated Misinformation (Zellers Automates the creation of convincing fake news AI-based detection models, fact-checking systems,
et al., 2019) and misleading content, amplifying information platform-level interventions, and public awareness
disorder and overwhelming users with deceptive campaigns (Shu et al., 2020)
narratives (Weidinger et al., 2021)

8
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

messages through alternate communication channels and to avoid click- accounts, making them vulnerable to subsequent attacks or misuse of
ing on unverified links can significantly reduce the risk of successful their data. Additionally, accepting such requests can lead to exposure
phishing attacks. to misleading content, spam, or even direct phishing attempts.
Impersonation: Potential Solutions: (Krombholz et al., 2012) Combating fake re-
Impersonation (Ferrara, 2015) denotes the act where an attacker es- quests necessitates both platform-level interventions and heightened
tablishes a counterfeit profile within online platforms or communities, user awareness. On the platform side, implementing more rigorous
emulating a legitimate individual or organization. The primary motive profile verification procedures and using algorithms to detect and flag
behind these attacks is to mislead other participants, utilizing the trust potential fake accounts can play a crucial role in minimizing the spread
linked to the mimicked identity to disseminate false information, gather of such requests. For users, it is essential to be educated on the risks of
private data, or conduct various harmful actions. accepting unknown requests and to be encouraged to adopt a cautious
approach, only accepting connections from familiar or verified entities.
Evaluation: (Willemo et al., 2019) Impersonation attacks capitalize
Additionally, platforms can provide users with tools to easily report
on the intrinsic trust and recognition dynamics within online commu-
suspicious requests, facilitating faster identification and removal of fake
nities and platforms. Users are often more forthcoming when engag-
profiles.
ing with recognized entities, rendering them vulnerable to deception
when encountering a forged account. Such transgressions can result Image Retrieval and Analysis:
in numerous negative outcomes, such as the circulation of erroneous This type of attack (Li et al., 2021) leverages cutting-edge face
information, invasions of privacy, and possible financial deceit. and image recognition technologies. Malevolent actors can extract and
scrutinize images from online profiles or communities to acquire in-
Potential Solutions: (Villar-Rodriguez et al., 2015) Countering imper- sights about an individual, their pursuits, affiliations, and even regular
sonation requires a combination of robust platform policies, techno- locations. By assembling this data, attackers can infringe upon the pri-
logical solutions, and user awareness. Platforms can implement more vacy and safety of the individual, extending the risk to their associated
stringent verification processes for accounts, especially those with sig- contacts, acquaintances, and relatives.
nificant reach or influence. Features such as ‘‘Verified Badges’’ can help
users distinguish genuine profiles from potential impersonators. Addi- Evaluation: (Li et al., 2019) Image Retrieval and Analysis present
tionally, utilizing advanced ML algorithms to detect and flag potential multifaceted dangers. Beyond the straightforward breach of privacy,
impersonation activities based on account behavior and content can the depth of extracted data can fuel targeted phishing schemes, identity
be instrumental. On the user side, education campaigns highlighting fraud, or even real-world tracking. Considering the prevalent dissem-
the risks of impersonation and guiding users on how to verify account ination of images in online communities and platforms, numerous
authenticity can help reduce the success rate of such attacks. participants might be oblivious to the magnitude of information that
can be deduced and studied from seemingly harmless snapshots.
Hijacking:
Hijacking (Thomas et al., 2014) entails an attacker forcefully seizing Potential Solutions: (Lu et al., 2009) Mitigating the risks associated
control of a user’s authentic online profile or account, generally by with image retrieval and analysis demands a combination of techno-
cracking or circumventing their access credentials. Upon gaining con- logical solutions and user awareness initiatives. Platforms can provide
trol, the attacker can exploit the account for diverse nefarious activities, enhanced privacy settings, allowing users to control who can view
from spreading misleading data to impersonating the genuine user for and access their images, along with implementing automated filters
deceitful objectives. to deter image scraping attempts. On the user end, awareness cam-
paigns detailing the risks of sharing personal images and the potential
Evaluation: (Khandpur et al., 2017a; Sanderson et al., 2016) Account information they can reveal can encourage more judicious sharing
hijacking poses significant threats to both the direct victim and their practices. Additionally, leveraging technologies like image obfuscation
network of contacts. The credibility and trust associated with a hijacked or watermarking can deter unauthorized analysis or replication of user
account can amplify the impact of malicious actions taken by the at- photos.
tacker. Additionally, the direct victim might face loss of personal data,
privacy breaches, and potential reputational harm, especially if the Cyberbullying:
attacker engages in activities that misrepresent the victim’s intentions Cyberbullying (Feinberg & Robey, 2009) involves utilizing online
or beliefs. communities and platforms to intimidate, threaten, belittle, or single
out another individual. It includes sharing disparaging images, texts,
Potential Solutions: (Sabottke et al., 2015a) Preventing account hi- or remarks with the intent to inflict emotional harm on the target.
jacking necessitates the adoption of robust authentication methods. The electronic essence of these aggressions enables swift propagation,
Incorporating multi-factor authentication, where users are required to rendering them particularly damaging and widespread.
provide two or more verification methods, can significantly bolster
Evaluation: (Al-Garadi et al., 2019; Whittaker & Kowalski, 2015)
account security. Platforms can also implement mechanisms to detect
The impact of cyberbullying is profound, affecting the mental well-
unusual account activities, such as logging in from new locations or
being of victims, leading to feelings of isolation, depression, and in
devices, prompting immediate verification processes in such cases.
extreme cases, even suicidal tendencies. The anonymity that online
Educating users about the importance of strong, unique passwords and
platforms offer can embolden bullies, making it challenging to identify
the risks of using the same password across multiple platforms can also
and penalize them. Moreover, the vast reach and permanence of online
reduce the likelihood of successful hijacking attempts.
content mean that bullying incidents can have lasting and far-reaching
Fake Requests: consequences.
Fake Requests (Fire et al., 2014) involve attackers using counterfeit
Potential Solutions: (Hinduja & Patchin, 2010) Tackling cyberbully-
profiles to send deceptive connections or information requests to other
ing necessitates an all-encompassing strategy, merging platform-level
users. By expanding their network through these fake requests, attack-
initiatives, legislative actions, and collective community endeavors.
ers can gain access to a wider range of personal data, increasing their
Online platforms can incorporate rigorous content moderation utilities,
potential for malicious activities or data harvesting.
facilitating the prompt detection and deletion of harmful content.
Evaluation: (Ramalingam & Chinnaiah, 2018) The core danger of fake Instituting procedures for users to report bullying events and offering
requests is the potential breach of privacy. Unsuspecting users might support to the impacted parties is pivotal. Legal infrastructures can
share sensitive information, either directly or indirectly, with these fake be set up to sanction cyberbullying, serving as a preventive measure.

9
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Moreover, enlightening the public about the detrimental consequences can take the form of public disruptions, widespread demonstrations,
of cyberbullying and cultivating an ethos of understanding and regard or even workforce protests. Displeasure with extant social, economic,
in digital spaces can markedly mitigate such occurrences. or political circumstances can incite such movements, all aiming to
champion transformation.
Hate Speech:
Hate speech (Guiora & Park, 2017) is defined by messages that den- Evaluation: (Korolov et al., 2016) The digital domain has revolution-
igrate, menace, or belittle individuals or collectives, typically zeroing ized the way social unrest is orchestrated and disseminated. While on-
in on aspects like race, faith, ethnicity, sexual inclination, disability, or line communities offer a formidable avenue for articulating grievances
gender. Its widespread presence in online communities and platforms is and rallying collective endeavors, they also introduce complexities. The
notably alarming given its vast influence and the profound unease it can swift proliferation of data, encompassing both authentic and spurious
elicit. Interpreting hate speech in the diverse landscape of online spaces content, can heighten emotions, occasionally escalating serene demon-
can be complex, as cultural and societal subtleties influence linguistic strations into tumultuous altercations. The distributed character of
perspectives. Yet, the intrinsically degrading and disparaging essence these communities complicates the verification of information integrity,
of hate speech earmarks it as a malicious form of communication. ushering in potential disinformation and exploitation.
Evaluation: (Matamoros-Fernández & Farkas, 2021) The vast influence Potential Solutions: (Tufekci & Freelon, 2013) To tackle the chal-
of online communities can magnify the detrimental repercussions of lenges posed by social unrest in online communities, platforms can
hate speech, disseminating unease and potentially kindling hostility or institute protocols to validate the authenticity and consistency of dis-
bias. The intricacies in delineating hate speech, accentuated by the in- seminated information. Employing fact-checking utilities and affilia-
stantaneous, fluid exchanges in online platforms, present considerable tions with autonomous verification bodies can prove pivotal in cur-
hurdles in pinpointing and supervising such content. This highlights the tailing disinformation. Moreover, nurturing transparent conversations
urgency for holistic strategies to manage it aptly. and carving pathways for non-violent articulation of concerns can assist
in addressing the foundational triggers of unrest. Platforms might also
Potential Solutions: (Malmasi & Zampieri, 2017; Mondal et al., 2017)
ally with civic entities to champion digital literacy, assuring users are
To mitigate the prevalence of hate speech, the development and im-
adept at distinguishing trustworthy inputs from potentially deceptive
plementation of robust content moderation policies and technologies,
narratives.
including AI-driven tools, are crucial. These tools can aid in the timely
identification and removal of hate speech. Additionally, fostering an Attack Ad:
environment that encourages users to report hate speech and providing An Attack Ad (Auter & Fine, 2016) is a form of political advertise-
clear guidelines on acceptable content can contribute to creating a more ment primarily designed to discredit or malign an opposing candidate
inclusive and respectful online community. Educative initiatives aimed or party. Leveraging various digital channels within the realm of so-
at promoting tolerance, diversity, and respect can also play a significant cial cybersecurity, these ads highlight perceived flaws, weaknesses,
role in combating the propagation of hate-filled narratives and fostering or controversial stances of the opponent, intending to shift public
a sense of community and shared responsibility among users. opinion against them. Often, within these cyber environments, ads
might employ selective data, exaggeration, or even misinformation to
Terrorist Activity:
achieve their objectives.
Terrorist Activity in online communities (Wu, 2015) pertains to the
exploitation of these digital spaces by extremist factions for radicaliza- Evaluation: (Ansolabehere et al., 1994) The pervasive nature of digital
tion, enlistment, and the spread of their doctrines. Numerous extremist channels in social cybersecurity amplifies the reach and impact of
assemblies have discerned the potency of platforms like video-sharing attack ads, allowing them to swiftly influence vast cyber communi-
sites, social networking sites, and microblogging services in accessing ties. While political discourse and critique are inherent to democratic
an international viewership and consequently manipulating them to processes, the malicious or deceptive nature of some attack ads can
advance their objectives. distort public perception, undermine trust in democratic institutions,
and polarize digital communities. The real-time spread and potential
Evaluation: (Tsesis, 2017a, 2017b) The harnessing of online platforms
virality of such content within cyber environments further complicate
by extremist entities presents grave risks to worldwide safety. Through
efforts to ensure fair and truthful political campaigning.
these digital spaces, extremist views can disseminate swiftly, zeroing
in on vulnerable individuals for enlistment and radicalization. The Potential Solutions: (Paek et al., 2005) To mitigate the negative im-
instantaneous and interlinked nature of online communities renders pacts of attack ads, platforms can implement stringent ad-review poli-
them a formidable instrument for these factions to orchestrate endeav- cies, ensuring that political advertisements meet specific standards of
ors, broadcast propaganda, and even strategize assaults, potentially truthfulness and fairness. Collaboration with independent fact-checkers
culminating in tangible aggression and turmoil. can help in verifying the authenticity of claims made in such ads.
Additionally, transparency initiatives, such as ad libraries detailing the
Potential Solutions: (Bertram, 2016) Addressing terrorist undertak-
sponsors, reach, and target audience of political ads, can provide users
ings in online platforms necessitates cooperative endeavors from dig-
with context and promote informed decision-making. Public awareness
ital service providers, governmental entities, and global organizations.
campaigns educating users about the nature of attack ads and encourag-
Platforms can bolster their content moderation strategies and employ
ing critical media consumption can also play a pivotal role in fostering
AI-driven mechanisms to promptly discern and eliminate extremist
a more informed electorate.
material. Exchanging intelligence between platforms and with polic-
ing agencies can further assist in pinpointing and quelling threats. Fake News:
State authorities and international consortia can draft regulatory edicts Fake News (Shu et al., 2017) pertains to the deliberate spread
mandating platforms to counteract extremist content and concurrently of false or misleading information crafted to deceive and manipulate
champion counter-narrative initiatives to contest extremist dogmas. readers or viewers. Leveraging various media platforms, especially
Additionally, enlightening users about indications of radicalization and social media, fake news aims to distort reality, influence public opinion,
championing digital discernment can act as prophylactic strategies. sow discord, or advance specific agendas. Whether politically, econom-
ically, or socially motivated, fake news exploits the rapid dissemination
Social Unrest:
potential of digital platforms to reach and mislead vast audiences.
Social Unrest in online communities (Goolsby et al., 2013) embodies
coordinated collective endeavors that question prevailing standards Evaluation: (Allcott & Gentzkow, 2017) The proliferation of fake
and may disturb societal or institutional routines. These endeavors news on social media is particularly concerning due to the platform’s

10
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

real-time, widespread reach. Misinformation can quickly gain traction, 4. Techniques for detection in social cybersecurity
creating a cascade of reinforced false beliefs among users. This not only
erodes trust in credible information sources but also threatens demo- This section delineates a taxonomy of methods employed in detect-
cratic processes, public safety, and societal harmony. The decentralized ing social cybersecurity attacks. These methods span a broad spectrum,
and user-generated nature of content on social media complicates varying based on both their application domains and their mathemat-
efforts to discern and combat fake news effectively. ical and theoretical underpinnings. Previous surveys in the field of
Potential Solutions: (Shu et al., 2020) Addressing the challenge of social cybersecurity (Carley, 2020; Wu et al., 2022) have primarily re-
fake news requires a multi-faceted approach. Platforms can incorporate volved around enhancing cybersecurity and privacy in social networks,
advanced AI-driven fact-checking tools to identify and flag potentially offering a broad overview of social cybersecurity research. Our sur-
misleading content. Collaborations with independent fact-checking or- vey, however, brings a unique focus on detecting social cybersecurity
ganizations can enhance the credibility of these efforts. Transparency attacks, categorizing these methods based on their theoretical founda-
features, like source verification badges or context panels, can provide tions. This approach underscores the commonalities across different
users with additional information to gauge the reliability of content. On tasks. Each method is additionally examined in terms of its specific
the user front, digital literacy campaigns that equip users to critically use case, offering a nuanced understanding. The techniques for attack
evaluate online content can be instrumental in mitigating the spread detection methods that emerge from this categorization are visually
and impact of fake news. Furthermore, promoting a culture of cross- represented in Fig. 3.
referencing information and relying on multiple trusted sources can Our categorization process, pivotal for social cybersecurity detec-
help in fostering an informed and discerning online community. tion, begins with ML methods that learn from historical patterns to
make future projections (Mitchell & Mitchell, 1997). The second cat-
Deepfake Manipulation:
egory, discrete models (Greenspan, 1973; Mallet, 1997), provides de-
Deepfake manipulation refers to the use of AI-generated synthetic
tailed frameworks for representing complex systems and interactions,
media, typically created using deep learning techniques such as Gen-
crucial for understanding and detecting attack dynamics. Metaheuris-
erative Adversarial Networks (GANs), to fabricate audio, video, or
tic algorithms then address the complexities endemic to social cy-
images that appear authentic (Verdoliva, 2020). Deepfakes have been
bersecurity, refining solutions to accurately counter threats. Lastly,
widely used in misinformation campaigns, political manipulation, and
Agent-based modeling (ABM) simulates multifaceted interactions on
character defamation. Attackers leverage these techniques to distort
platforms like social media, making it invaluable for detecting emergent
reality, influence public perception, and damage reputations.
behaviors tied to cybersecurity threats.
Evaluation: (Chesney & Citron, 2019) Deepfakes pose a significant The increasing use of AI in social cybersecurity detection necessi-
threat to online communities due to their realism and rapid dissemi- tates advanced methodologies that account for adversarial tactics used
nation through social media platforms. Their usage can result in the to evade detection. One challenge is how attackers exploit AI-based
spread of false narratives, erosion of public trust, and manipulation defense mechanisms by leveraging deceptive strategies to manipulate
of public opinion. The difficulty in distinguishing between real and detection models. For instance, research by Hong et al. (2024) high-
manipulated content exacerbates the problem, creating fertile ground lights how expectancy violations in AI interactions can influence user
for misinformation and disinformation campaigns. trust, which has implications for adversarial deception tactics in cyber-
Potential Solutions: (Tolosana et al., 2020) Combating deepfakes security (Hong, Fischer, Kim, Cho, & Sun, 2024). To enhance detection
requires the development of advanced detection algorithms capable of accuracy, integrating adversarial machine learning techniques and in-
identifying synthetic media artifacts. Techniques such as facial land- corporating insights from human–computer interaction research can
mark detection, frequency domain analysis, and deep learning-based improve model robustness against manipulation and evasion strategies.
classifiers have shown promise. Moreover, promoting media literacy Throughout this discussion, we reference literature to offer a holistic
and awareness among users is critical in reducing the impact of deep- understanding of these methods’ roles in forecasting and countering
fakes. Collaborative efforts between platforms, researchers, and policy- social cybersecurity threats.
makers can further strengthen the ecosystem against deepfake threats.
4.1. Machine learning in social cybersecurity
AI-Generated Misinformation:
AI-generated misinformation involves the use of large language
In this section, we focus on ML, the foremost category of meth-
models (LLMs) and content generation algorithms to create and prop-
ods employed in detecting social cybersecurity attacks. We explore a
agate false or misleading information (Zellers et al., 2019). Unlike
traditional misinformation, AI-generated content can be rapidly pro- spectrum of approaches, from classifier and clustering models to other
duced, highly convincing, and tailored to specific audiences, making related technologies. An overview of these methods, including relevant
it a powerful tool for adversaries in social cybersecurity contexts. research papers, is provided in Table 4 and the summary section.
ML techniques (Buczak & Guven, 2015; Liu, Sarabi, et al., 2015;
Evaluation: (Weidinger et al., 2021) The proliferation of AI-generated Mitchell & Mitchell, 1997) are instrumental in detecting imminent
misinformation has significantly raised concerns due to its scale and social cybersecurity threats and understanding their trends. Classifica-
quality. Attackers can automate the creation of fake news articles, so- tion models in ML categorize data, facilitating the early detection of
cial media posts, and bot-driven interactions, contributing to informa- threats, while regression and time series analysis utilize historical data
tion overload and undermining trust in legitimate information sources. to identify and anticipate attack patterns. The ML process encompasses
The capacity of AI models to mimic human-like communication further a training stage, where models learn from past data, followed by a
amplifies the threat. testing phase that focuses on detecting and understanding the nature
Potential Solutions: (Shu et al., 2020) Addressing AI-generated misin- of threats. The choice between supervised, unsupervised, or semi-
formation requires a multi-faceted approach combining AI-based detec- supervised learning is dictated by the specific requirements in social
tion methods, fact-checking systems, and platform-level interventions. cybersecurity, balancing the detection of current threats with insights
Detection models can be trained to recognize linguistic patterns, con- into potential future behaviors.
tent anomalies, and metadata inconsistencies typical of generated mis- Below, we will examine the literature on detecting social cyberse-
information. Moreover, strengthening user education and promoting curity attacks with ML models. We will focus on three key categories:
fact-checking practices are essential in limiting the influence of such classifier models, clustering models, and time series, along with an
misinformation. exploration of text analysis techniques in this domain.

11
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Fig. 3. Techniques for detection methods in social cybersecurity.

Classifier Models Clustering Models

In the arena of Support Vector Machines (SVMs) (Hsu et al., 2003), Shao, Tunc, Al-Shawi, and Hariri (2019) embarked on a journey
several standout studies have been conducted. Sabottke, Suciu, and to unearth malicious cybercriminal activities on Twitter using the
Dumitras (2015b) applied an SVM classifier to Twitter data, offering Gaussian Mixture Model (GMM) (Reynolds, 2009). In their quest, they
a novel method to predict real-world exploits, detecting them earlier put several clustering algorithms to the test, ultimately recognizing
than other techniques. Sharif et al. (2019) leveraged SVM to pinpoint the Expectation Maximization (EM)-based GMM—especially when syn-
extreme behaviors on Twitter, particularly in political discourse, and ergized with a kernel filter—as the most adept at singling out ma-
found it especially potent when paired with the bigram feature set. licious users. Taking the baton, Ritter, Wright, Casey, and Mitchell
Benevenuto, Magno, Rodrigues, and Almeida (2010) employed SVM (2015) turned their focus towards the Expectation Maximization (EM)
classifiers on an expansive dataset, underscoring its efficacy in dis- method (Moon, 1996) to sift through Twitter for cyber attack-related
cerning Twitter spammers. El-Mawass, Honeine, and Vercouter (2018)
events. By harnessing seed queries and weaving in NLP techniques,
blended SVM with a Markov Random Field (MRF) to detect spammers
their approach unfurled impressive AUC values across various cyber
on Twitter, with a special emphasis on the utility of the SVM classifier
attack classifications. Diving into a mammoth dataset of 14 million
that utilized the RBF kernel. Moreover, Mostafa, Abdelwahab, and
entries, Eshraqi, Jalali, and Moattar (2015) employed the DenStream
Sayed (2020) showcased a technique using SVM to recognize spam
clustering algorithm, drawing a clear demarcation between spam and
campaigns on the platform.
Transitioning to the domain of Convolutional Neural Networks non-spam tweets. Their method’s mettle was significantly reflected in
(CNNs) (Albawi, Mohammed, & Al-Zawi, 2017), various innovative the nuanced adjustments of the epsilon parameter. Pivoting to broader
approaches have been presented. Dionísio, Alves, Ferreira, and Bessani horizons, the SONAR framework (Sceller, Karbab, Debbabi, & Iqbal,
(2019) employed deep learning to identify cyber threats on Twit- 2017) champions real-time detection, geolocation, and categorization
ter, particularly security-related tweets about IT infrastructures. Shin, of Twitter-centric cybersecurity incidents. This robust framework takes
Kwon, and Ryu (2020) harnessed a CNN classifier to gather cyberse- advantage of the nuances of Locality-Sensitive Hashing (LSH) (Indyk &
curity intelligence from multiple sources on Twitter. Furthering the Motwani, 1998) to make its mark in the field.
use of CNN, Alves, Andongabo, Gashi, Ferreira, and Bessani (2020) Time Series
highlighted the potential of Twitter as a hub for security alerts, while
Amin Mahmood, Mustafa Ali Abbasi, Abbasi, and Zaffar (2020) rec-
Simran, Balakrishna, Vinayakumar, and Soman (2019) underscored a
ognized the power of time series analysis (Chatfield, 2003; Hamilton,
CNN-GRU-Keras model’s proficiency in detecting threats. Alguliyev,
2020; Lin, Keogh, Lonardi, & Chiu, 2003) and harnessed it to anticipate
Aliguliyev, and Abdullayeva (2019) combined CNN with an LSTM
phishing attacks on big-league brands, such as AOL and Facebook, delv-
model to pinpoint DDoS attacks, and Lida et al. (2020) illustrated
ing deep into the PhishMonger dataset. Meanwhile, Gerber (Gerber,
CNN’s potency in classifying emergency-related posts on Sina Weibo.
2014) elegantly amalgamated Twitter data with Chicago crime records,
Adding to the ensemble techniques, an ensemble CNN+Bi-GRU model
was employed to tackle the challenge of COVID-19 misinformation on setting the stage for enhanced crime prediction—a move that under-
Twitter (Mulahuwaish et al., 2022). scored the prospect of optimized resource deployment. Goyal et al.
Focusing on Long Short-Term Memory (LSTM) networks (Hochreiter (2018) conducted a comprehensive analysis of various web signals,
& Schmidhuber, 1997), Wang and Zhang (2017) zeroed in on DDoS at- ranging from Twitter to the hidden areas of the dark web. Their goal
tack detection on social media, praising the hierarchical LSTM model’s was to accurately predict cyberattacks, emphasizing the importance
commendable performance. In the Random Forest (RF) algorithm land- of tailored monitoring strategies. This was especially evident during
scape (Breiman, 2001), Maziku, Rahiman, Mohammed, and Abdullah significant events such as Euro 2016, Javed, Burnap, and Rana (2019)
(2020) used RF for Twitter spam detection, while Fazil and Abulaish channeled Twitter data, architecting a forward-looking system poised
(2018) emphasized the RF classifier’s superiority in detecting Twitter against drive-by download assaults. Drawing from the Hackmageddon
spammers amidst class imbalances. Master List dataset, the insights in Perera, Hwang, Bayas, Dorr, and
In exploring other classifier models within social cybersecurity, Wilks (2018) brought to the fore the prowess of time series prediction
several research endeavors are noteworthy. Gupta and Kaushal (2015) techniques in the evaluation of cyber onslaughts. Not to be left behind,
utilized the Naïve Bayes (NB) approach (Lewis, 1998) for Twitter spam Potha and Maragoudakis (2014) ventured into the realm of cyberbul-
detection and observed enhanced accuracy with a unified strategy. lying detection, rigorously sifting through diverse feature extraction
Sharif, Hoque, Kayes, Nowrozy, and Sarker (2020), by leveraging the approaches and classifiers, all backed by data from Perverted-Justice.
Stochastic Gradient Descent (SGD) method (Bottou, 2012), successfully
pinpointed suspicious Bengali tweets, emphasizing the compatibility of Text Analysis Techniques in Social Cybersecurity
the SGD classifier with ’tf-idf’. Meanwhile, Le, Wang, Nasim, and Babar In the realm of social cybersecurity, researchers have employed
(2019) turned to the Nearest Centroid strategy (Han & Karypis, 2000) various text analysis techniques. Mittal, Das, Mulwad, Joshi, and Finin
to extract cyber threat intelligence from Twitter, highlighting their clas- (2016) harnessed Named Entity Recognition (NER) to generate cyber-
sifier’s robust performance. Finally, Zong, Ritter, Mueller, and Wright security threat alerts from a dataset of English tweets. Vadapalli, Hsieh,
(2019) integrated the Logistic Regression (LR) classifier (Wright, 1995) and Nauer (2018) developed an Open Source Intelligence (OSINT) sys-
with a one-dimensional Convolutional Neural Network (CNN) for a tem that automatically detects and analyzes cybersecurity intelligence
nuanced Twitter threat assessment, innovating with a severity scoring from Twitter. Chambers, Fry, and McMasters (2018) employed Latent
model and spotlighting trustworthy warning accounts. Dirichlet Allocation (LDA) (Blei, Ng, & Jordan, 2003) and other NLP

12
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

techniques to detect Distributed Denial of Service (DDoS) attacks from 10. Model Deployment: Deploy the model in a real-world environ-
Twitter data, with a notable emphasis on their proposed PLDAttack ment, integrating it into systems that monitor social media plat-
model. Seed queries have been instrumental for researchers like Ritter forms and communication channels for proactive defense and
et al. (2015), Khandpur et al. (2017b), and Sceller et al. (2017) in early threat detection. Continuously analyze incoming data to
gathering event-specific information, with examples such as the Sarah provide timely detections of social cybersecurity attacks.
Palin hacking incident. Khandpur et al. (2017b) further explored the 11. Model Updating: Regularly update and retrain the model with
potential of Query Expansion (QE) (Vechtomova & Wang, 2006) in new data to adapt to evolving attack techniques and changing
detecting cyber attacks using social media, introducing a Dynamic threat landscapes. Incorporate feedback mechanisms and contin-
Query Expansion (DQE) algorithm for refined query selection. Lastly, uous learning to improve the model’s detection capabilities over
Mukunthan and Arunkrishna (2021) utilized URL Blacklists to identify time.
Twitter spam and delved into the analysis of user behavior patterns
linked to spamming. By refining the steps to focus on the detecting aspects, you can
better align the process with the specific goal of anticipating and
Summary
mitigating social cybersecurity attacks.
This section covered research already conducted in social cybersecu-
rity using various ML approaches. Diverse techniques such as classifiers,
4.2. Discrete models in social cybersecurity
clustering models, and other technologies have been employed for
tasks including threat detection, malicious activity identification, spam
classification, cybersecurity event monitoring, and information extrac- This section focuses on discrete models used in social cybersecurity
tion from social media data. Within the field of social cybersecurity, attack detection. We explore graph models such as attack graphs,
particularly in the subdomain of detecting attacks, a conventional Markov models, and Bayesian networks, as well as the application of
methodology mirroring standard ML practices are widely adopted. This game theory principles. Table 5 and the summary section offer an
methodology, depicted in Fig. 4, encompasses a pipeline consisting of overview of the methods discussed and relevant research papers in this
the following steps: category.
Graph Models
1. Data Collection: Gather relevant data specifically focused on
In this section, we will explore various graph models, including
historical, social cybersecurity attacks, including attack details,
attack graphs, Markov models, and Bayesian Networks, and their ap-
attack vectors, social media platforms targeted, and affected
plication in the context of detecting social cybersecurity attacks.
users. This data will serve as the foundation for training the
Attack graphs (Li, Lei, Wang, & Li, 2007; Phillips & Swiler, 1998;
detection model.
Sheyner, Haines, Jha, Lippmann, & Wing, 2002) offer visual insights
2. Data Preprocessing: Clean and preprocess the collected data, giv-
into potential attack paths, especially within social platforms. Markov
ing special attention to features that are indicative of social
models (Farhadi, AmirHaeri, & Khansari, 2011; Gagniuc, 2017; Kin-
cybersecurity attacks. Handle missing values, outliers, and in-
consistencies while preserving the integrity of attack patterns for dermann, 1980; Rabiner, 1989; Sendi, Dagenais, Jabbarifar, & Cou-
accurate detection. ture, 2012) capture the sequential dynamics of attacks, providing in-
3. Feature Extraction: Extract features that have strong predictive sights based on historical data and aiding in anticipatory measures.
power for social cybersecurity attacks. Consider incorporating Bayesian Networks (BNs) (Ben-Gal, 2008) model the interdependencies
domain-specific knowledge and expertise to identify relevant among critical factors, using probabilistic reasoning to handle uncer-
features, such as specific linguistic patterns used in social engi- tainties. Together, these methods form a comprehensive approach to
neering attacks or behavioral indicators of malicious accounts. understanding, predicting, and strategizing against threats in social
4. Dataset Splitting: Split the preprocessed data into training and cybersecurity.
testing datasets, ensuring that the distribution of social cyberse- Below, we will review the literature on detecting social cyber-
curity attacks is properly represented in both sets. This enables security attacks using attack graphs, Markov Models, and Bayesian
reliable evaluation of the model’s detection performance. Networks.
5. Model Selection: Choose ML algorithms that are effective in detec- In the realm of attack graphs, several noteworthy studies stand
tion tasks and suitable for capturing temporal patterns in social out. Chen, Liu, Park, and Subrahmanian (2019) utilized a CVE-Author-
cybersecurity attacks. Consider models like recurrent neural net- Tweet (CAT) graph derived from Twitter data to predict the exploita-
works (RNNs), long short-term memory networks (LSTMs), or tion of Common Vulnerabilities and Exposures (CVEs). Feng, Wan,
time-series forecasting algorithms. Wang, and Luo (2021) introduced the BotRGCN model for Twitter,
6. Model Training: Train the selected model using the training leveraging a Relational Graph Convolutional Network (RGCN). Gao
dataset, emphasizing its ability to detect future social cybersecu- et al. (2010) employed clustering and graph theory techniques to detect
rity attacks. Enable the model to learn the underlying patterns social spam campaigns on Facebook, emphasizing the identification of
and dynamics that contribute to accurate detections. potential spam based on user posts. Lastly, Lippmann et al. (2015)
7. Model Evaluation: Evaluate the model’s performance using eval- endeavored to pinpoint malicious cyber discussions across platforms
uation metrics specifically designed for detection tasks in social such as Twitter, Stack Exchange, and Reddit by harnessing Human
cybersecurity. Assess its ability to identify new attack patterns, Language Technologies (HLT) and constructing various graphs to depict
detect attacks within a given timeframe, and accurately identify the communication dynamics.
emerging threats. In the domain of Markov models, several studies have made signifi-
8. Hyperparameter Tuning: Fine-tune the model’s hyperparameters cant contributions. El-Mawass, Honeine, and Vercouter (2020) concen-
with a focus on optimizing its detection capabilities for social cy- trated on detecting spammers on Twitter, examining a dataset that cov-
bersecurity attacks. Adjust parameters related to temporal mod- ered 767 users across four unique categories. They relied on symmetric
eling, regularization, and learning rate to enhance the model’s and asymmetric Markov Random Fields (MRFs) for their classification.
performance. Aleroud, Abu-Alsheeh, and Al-Shawakfa (2020), aiming to identify pro-
9. Detection: Utilize the trained model to make detection on new, ISIS accounts on Twitter, analyzed datasets linked to the 2015 Paris
unseen data, specifically targeting the likelihood and occurrence terrorist incidents and tweets with ISIS-associated keywords. Their
of social cybersecurity attacks. Leverage the model’s ability to methodology combined a Markov Chain (MC) with a Topic Model
capture temporal dynamics and emerging patterns for more (TM) and an SVM classifier. Further, Li, Mukherjee, Liu, Kornfield, and
accurate detections. Emery (2014) worked on recognizing health campaign promoters on

13
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Twitter, particularly those championing anti-smoking campaigns. They 1. Data Collection: Gather relevant data from communication chan-
adopted the Typed Markov Random Field (T-MRF) algorithm for their nels targeted in social cybersecurity attacks. This includes email,
classification process. Rounding out the list, Qiao et al. (2017) applied a social media, and instant messaging platforms. The collected
Hidden Markov Model (HMM) with the goal of predicting social unrest data should encompass both benign and malicious activities to
events, sourcing their data from a segment of the Global Database of train the discrete models effectively.
Events, Language, and Tone (GDELT) project. 2. Data Preprocessing: Clean and transform the collected data to en-
In the realm of Bayesian Networks, significant contributions can be sure its quality and suitability for analysis with discrete models.
found in the literature. Okutan, Werner, McConky, and Yang (2017) Handle missing values, correct inconsistencies, and standardize
embarked on the task of developing a predictive model for a spectrum the data to maintain its integrity during preprocessing.
of cyber attack types—including malware, scan, defacement, malicious 3. Feature Extraction: Extract features from the preprocessed data
email, malicious URL, and Denial of Service (DoS). Their approach that have strong detective power for social cybersecurity attacks.
hinged on datasets sourced from GDELT, Twitter, and documented Consider features such as specific phrases, sentiment analysis
cyber incidents, all processed through Bayesian Networks (BNs). An- scores, communication frequency, network-based features, or
other research (Okutan, Yang, & McConky, 2017) tapped into data from other elements indicative of malicious activity. These features
Twitter, Hackmageddon, and GDELT. serve as inputs to the discrete models.
Their goal was to engineer a Bayesian Network (BN) tailored for 4. Modeling: Develop and train discrete models such as graph at-
the detection of cyber attacks, with a special emphasis on types like tacks, Markov models, or Bayesian networks using the prepro-
defacement, Denial of Service (DoS), and malicious emails or URLs. cessed data and extracted features. Graph attacks can model
Game Theory social networks and identify suspicious behaviors within them.
In this section, we examine the use of the Game Theory approach Markov models can capture transitions between different com-
in the detection of social cybersecurity attacks. munication patterns, while Bayesian networks can model the
Game theory (Aumann, 2019; Kontogiannis & Spirakis, 2010; Nash, probabilistic relationships between different features.
1951; Sandholm, 2002; Tsaknakis & Spirakis, 2007) offers a mathemat- 5. Detection: Utilize the trained discrete models to detect potential
ical approach to analyze strategic interactions between attackers and social cybersecurity attacks. Analyze current behavior patterns
defenders in the realm of social cybersecurity. It captures the attacker- and compare them to the models to identify possible threats and
defender dynamics, considering the strategic decisions, trade-offs, risks, make informed detections about the type of attack, potential
and rewards inherent in these engagements. Through game theory, targets, and likely timing. Each discrete model can offer unique
researchers can predict likely attack vectors, ascertain optimal defense insights into the detection process.
strategies, and estimate the outcomes of cybersecurity confrontations. 6. Evaluation: Assess the accuracy and effectiveness of the discrete
This enables effective resource allocation, prioritized defense measures, models in detecting social cybersecurity attacks. Compare the
and the crafting of proactive security tactics. models’ predictions with real-world outcomes and utilize ap-
Below, we will review the literature on detecting social cybersecu- propriate evaluation metrics to measure their performance. This
rity attacks using game theory. evaluation helps identify areas for improvement and fine-tuning
Griffin and Squicciarini (2012) explored user behavior related to of the models.
deception in social media by proposing a game theoretical model to 7. Model Deployment: Deploy the trained discrete models in a de-
analyze user tendencies in identity disclosure influenced by peer behav- tection environment that can handle real-time data processing
ior. Kamhoua, Kwiat, and Park (2012) introduced a game theoretical and classification. This could involve deploying the models on
approach to guide users in social networks towards an optimal data- cloud servers with appropriate resources or on edge devices for
sharing policy, weighing the conflicting interests between users and real-time analysis and response to social cybersecurity threats.
attackers. Liang et al. (2012) used game theory to devise an optimal 8. Updating Model: Regularly update the discrete models with new
data-forwarding strategy aimed at preserving privacy in mobile so- data as social engineering tactics evolve. Incorporate mecha-
cial networks. Mohammadi, Manshaei, Moghaddam, and Zhu (2016) nisms to continuously retrain and update the models, ensuring
utilized a signaling game in social networks to differentiate between their relevance and effectiveness in detecting social cybersecu-
regular users and attackers, strategically deploying fake avatars to rity attacks over time.
bait and identify malicious intents, drawing inspiration from concepts
in Harsanyi (1967, 1968). In Moscato, Picariello, and Sperli (2019), By incorporating discrete models into the steps and considering
community detection in online social networks was approached us- their specific capabilities, the process becomes more focused on the
ing an algorithm rooted in game theory. The study in White, Park, detection task for social cybersecurity attacks. This approach allows for
Kamhoua, and Kwiat (2013) presented a game theoretical approach to a nuanced analysis of social behavior within the security context and
analyzing attacks on social network services, emphasizing the dynamics facilitates improved prediction accuracy and proactive threat detection.
of user-controlled data sharing. White, Park, Kamhoua, and Kwiat
(2014) developed a game theoretic model for online social networks, 4.3. Metaheuristic algorithms in social cybersecurity
focusing on the balance between information sharing and security. Fi-
nally, Zhao, Lin, and Liu (2012) introduced a game theoretic framework This section delves into the application of metaheuristic algorithms
to study the dynamics of colluders and the cooperation amongst attack- in detecting social cybersecurity attacks. We examine methodologies
ers in multimedia social networks, especially concerning multimedia that belong to two categories: trajectory-based and population-based
fingerprinting and unauthorized content usage during collisions. metaheuristics. The latter encompasses concepts derived from nature,
Summary such as biological and swarm-based approaches, as well as those
This section presents an overview of the research conducted in grounded in evolutionary theory. To gain a comprehensive understand-
social cybersecurity utilizing discrete models, including graph attacks, ing, Table 6 presents a comprehensive compilation of the methods
Markov models, Bayesian networks, and game theory. These mod- discussed in this segment, along with the corresponding scholarly
els play a crucial role in detecting social cybersecurity attacks. By articles. Further insights can be found in the subsequent summary
capturing state transitions and behavioral patterns, they facilitate the section.
analysis of social behavior within the security context. The pipeline for Metaheuristic algorithms (Alweshah, 2019; Crainic & Toulouse,
leveraging these models involves several key steps, as illustrated in Fig. 2003; Yang, 2010), including genetic algorithms, particle swarm op-
5. These steps include: timization, and others, offer robust methods for optimizing prediction

14
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 4
A summary of detection methods. Approaches based on machine learning.
Ref. Objective Approach/Model Dataset Limitation Year
Dionísio et al. (2019) Detect cyber threats NER, SVM, MLP, Twitter Trained on a limited dataset 2019
CNN+random, CNN+GloVE,
CNN+Word2Vec
Ritter et al. (2015) Extract computer security Seed queries, SVM, EM, NER, Twitter Inadequate performance due to 2015
events LR non-random sampling of seeds
Khandpur et al. (2017b) Detect cyber attacks Seed queries, AP, NER, DQE Twitter Low precision and recall for DoS 2017
attacks and account hijacking
Mittal et al. (2016) Generate alerts for NER Twitter Incorrect discarding of tweets due to 2016
cybersecurity threats various factors
Sabottke et al. (2015b) Predict real-world exploits SVM Twitter Security systems without the need for 2015
secrets or confidential information
Sceller et al. (2017) Automatically detect LSH Twitter Inability to identify the target and 2017
cybersecurity events source of an attack
Shin et al. (2020) Detect cybersecurity CNN, RNN, LSTM Twitter No significant weaknesses 2020
intelligence on Twitter
Vadapalli et al. (2018) Automatically detect and NER Twitter Limited to a single OSINT source 2018
analyze cyberse- curity (Twitter)
intelligence
Dionísio, Alves, Ferreira, and Bessani (2020) Cyberthreat detection CNN, RNN, LSTM, NER Twitter Trained on a limited or small-scale 2020
dataset
Alves et al. (2020) Provide evidence of timely CNN Twitter Possible failure to capture additional 2020
and impactful security alerts cases, potential human error in
on Twitter manual data processing
Simran et al. (2019) Detect cybersecurity threats SVM, CNN, DNN, RNN, GRU, Twitter No significant weaknesses 2019
fastText
Le et al. (2019) Gather cyber threat SVM, NC Twitter Lack of specific Named-Entity 2019
intelligence using novelty Recognition (NER) phase for
classifiers identifying entities related to
vulnerabilities
Zong et al. (2019) Analyze severity of LR, CNN Twitter Low severity scores for high severity 2019
cybersecurity attacks threats lacking detailed tweet
contents
Chambers et al. (2018) Detect DDoS attacks LDA, LR Twitter Low recall, manual monitoring 2018
required for identifying false
positives
Maziku et al. (2020) Spam detection RF Twitter Longer classification process 2020
compared to existing solutions
Gupta and Kaushal (2015) Spam detection NB, DT, unsupervised Benevenuto Poor performance of DT for 2015
clustering et al. (2010) non-spam accounts
Mukunthan and Arunkrishna (2021) Analysis of spam and user URL blacklist Twitter Difficulty detecting spam using URL 2021
behavior shorteners like Bitly
Shao et al. (2019) Monitor and detect malicious Kernel Filter, EM-based GMM, Twitter No significant weaknesses 2019
activity of cybercriminals K-Means, hierarchical
agglomerative clustering
Benevenuto et al. (2010) Spam detection SVM Twitter No significant weaknesses 2010
Eshraqi et al. (2015) Spam detection DenStream Clustering Twitter No significant weaknesses 2015
Wang and Zhang (2017) Detect DDoS Attacks SVM, LSTM, NER Twitter No significant weaknesses 2017
Alguliyev et al. (2019) Detect DDoS Attacks CNN, LSTM Twitter No significant weaknesses 2019
El-Mawass et al. (2018) Spam detection Similarity approach with SVM Twitter No significant weaknesses 2018
and MRF
Lida et al. (2020) Classify emergencies CNN, kNN, DT, NB, SVC Sina Weibo Use of seed words may result in 2010
missing relevant tweets, highly
imbalanced dataset, reliance on a
single data source
Mostafa et al. (2020) Spam campaign detection SVM Twitter System does not consider temporal 2020
similarity of post timings
Sharif et al. (2020) Detect suspicious tweets RF, NB, DT, SGD, LR Twitter Low accuracy 2020
Sharif et al. (2019) Identify extreme behavior RF, NB, DT, SVM, kNN, Twitter System does not incorporate semantic 2019
bagging, boosting analysis in processing
Tundis, Jain, Bhatia, and Mühlhäuser (2019) Detect crime RF AboutIsis System does not utilize associated 2019
images and videos in tweets
Fazil and Abulaish (2018) Spam detection BN, DT, RF Twitter No significant weaknesses 2018

(continued on next page)

15
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 4 (continued).
Amin Mahmood et al. (2020) Phishing attack forecasting MLP, Prophet, Linear LSTM, PhishMonger No obvious weaknesses 2020
ARIMA, linear regression, RF project
Gerber (2014) Crime detection LDA, LR Chicago crime Limited analysis of tweet structure 2014
data and temporal effects
Goyal et al. (2018) Cyber attack signal discovery ARIMA, ARIMAX, LSTM, GRU Dark web, No obvious weaknesses 2018
Twitter, blogs,
vulnerability DB,
honeypots
Javed et al. (2019) Drive-by download attack NB, Bayes Net, J48, MLP Twitter Potential failure in detecting 2019
prediction short-lived cyber-criminals
Perera et al. (2018) Cyber attack prediction NER, Classifier Hackmageddon Lack of multiple reports for the same 2018
through text analysis Master List attack in the dataset
Potha and Maragoudakis (2014) Cyberbullying detection MLP, SVM Perverted-Justice Absence of victim’s response to 2014
dataset cyberbullying messages
Mulahuwaish et al. (2022) Fake news detection CNN+Bi-GRU Twitter The research’s focus on COVID-19 2022
tweets may limit its applicability to
broader misinformation contexts

Fig. 4. The ML system design starts with raw data collection and ends with selecting trustworthy ML models for detecting social cybersecurity attacks.

Fig. 5. The discrete model design starts with raw data collection and ends with model evaluation for detecting social cybersecurity attacks.

Fig. 6. The ML system with a metaheuristic algorithm starts with raw data collection and ends with model evaluation for detecting social cybersecurity attacks.

models in social cybersecurity. By efficiently exploring the solution out. Particularly adept at feature selection (Almomani, Alweshah, Al
space, these algorithms refine prediction models, enhancing their ac- Khalayleh, Al-Refai, & Qashi, 2019; Martin-Bautista & Vila, 1999),
curacy in detecting attacks (Beheshti & Shamsuddin, 2013; Blum & WOA optimizes cybersecurity prediction models, bolstering their effi-
Roli, 2003; Calvet, de Armas, Masip, & Juan, 2017; Kaveh, 2014). cacy. Its unique attributes and minimal parameter adjustments make it
They excel in processing vast datasets, unveiling hidden patterns crucial an indispensable tool in refining social cybersecurity strategies.
for threat identification (Alweshah & Abdullah, 2015; Boussaïd, Lepag- Below, we will review the literature on detecting social cybersecu-
not, & Siarry, 2013; Talbi, 2009). Consequently, metaheuristics assist rity attacks using metaheuristic algorithms.
researchers in decision-making and proactive defense formulation. In the burgeoning field of social media analysis integrated with
Among these, the Whale Optimization Algorithm (WOA) (Mirjalili & metaheuristic algorithms, myriad noteworthy studies have emerged.
Lewis, 2016), inspired by humpback whales’ hunting behavior, stands For instance, Sánchez-Oro Calvo and Duarte (2018) drew a comparison

16
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 5
A summary of detection methods. Approaches based on discrete models.
Ref. Objective Approach/Model Dataset Limitation Year
El-Mawass et al. (2020) Spam detection MRF Twitter Additional models evaluated for 2020
improved accuracy in real-world
applications
Chen et al. (2019) Detecting vulnerability Multi-layered graph Twitter (Limited) Incorporation of cross-platform 2019
exploitation via Twitter dataset to predict vulnerabilities
Lippmann et al. (2015) Detecting malicious cyber Graph database Twitter, Stack Limited cross-domain performance 2015
discussions Exchange, Reddit
Feng, Wan, Wang, and Luo (2021) Bot account detection Relational graph Twitter No obvious weaknesses 2021
convolutional network
Gao et al. (2010) Detecting social spam Clustering, graph Facebook Uncertain effectiveness in enticing 2010
campaigns theory users to click malicious URLs
Aleroud et al. (2020) Identifying terrorist accounts MC, RAF, kNN, and Twitter Focus on English tweets and periodic 2020
SVM retraining
Li et al. (2014) Detecting promoters of T-MRF Twitter No obvious weaknesses 2014
campaigns
Qiao et al. (2017) Detecting events of social HMM GDELT Inability to differentiate between 2017
unrest widespread and localized news
coverage
Okutan, Werner, et al. (2017) Detecting cyber-attacks BN GDELT, reported cyber No obvious weaknesses 2017
incidents, Twitter
Okutan, Yang, and McConky (2017) Detecting cyber-attacks BN GDELT, Twitter, Inaccurate long-range predictions 2017
Hackmageddon
Griffin and Squicciarini (2012) Modeling deception in social Game theory Survey data Need for further research on user 2012
media actions and impact of outcomes on
social image
Kamhoua et al. (2012) Optimal data sharing on social Game theory, None No obvious weaknesses 2012
networks two-player zero-sum
Markov game
Liang et al. (2012) Privacy-preserving data Game theory None No obvious weaknesses 2012
forwarding on mobile social
networks
Mohammadi et al. (2016) Analysis of deception in social Game theory, signaling None No obvious weaknesses 2016
networks game
Moscato et al. (2019) Community detection Game theory Karate, Dolphins, Limited results and slow run-time 2019
Football, Polbooks without parallelism
White et al. (2013), White et al. (2014) Analysis of social network Game theory None Need for further research on 2014, 2013
services honeytokens, deployment strategies,
and distribution monitoring
Zhao et al. (2012) Analyzing user dynamics in Game theory None No obvious weaknesses 2012
social networks

between the Multi-Start Iterated Greedy (MSIG) method and the Ant network connections, and Yılmaz et al.’s (Günay Yılmaz et al., 2020)
Colony Optimization (ACO) algorithm, focusing on community detec- incorporation of PSO for feature selection in face spoofing detection.
tion. On the other hand, Sangwan and Bhatia (2020) delved into rumor In the context of Facebook spam detection, Sohrabi and Karimi
detection, utilizing the Wolf Search Algorithm (WSA) and Decision (2017) tapped into a suite of metaheuristic algorithms, prominently
Trees (DT) to analyze comments from renowned global personalities. PSO. However, a notable void exists in harnessing evolutionary-based
Cyberbullying, a pressing concern in today’s digital age, saw in- algorithms for predicting social cybersecurity threats, and signposting
novative approaches from Singh and Kaur (2020) and Al-Ajlan and promising directions for future inquiries.
Ykhlef (2018). While Singh and his team combined the Cuckoo Search
Summary
Algorithm (CSA) with a Support Vector Machine (SVM) for detec-
This section of the research paper focused on existing studies
tion, Al-Ajlan and collaborators harnessed an insect behavior-inspired
conducted in social cybersecurity using metaheuristic algorithms for de-
algorithm and paired it with a Convolutional Neural Network (CNN).
tecting social cybersecurity attacks. Both trajectory-based and
Shifting the lens to spam detection, Al-Zoubi et al. (2018) differen- population-based metaheuristics were examined, with the population-
tiated between spam and non-spam tweets using a blend of algorithms based category encompassing nature-inspired techniques such as bio
and SVM, and Aswani et al. (2018) employed the Levy flight Firefly and swarm algorithms and evolutionary-based approaches. It is impor-
Algorithm (LFA) alongside K-means clustering for Twitter spam de- tant to note the identified research gap regarding the lack of studies
tection. Tackling other security threats, Baydogan and Alatas (2021) on evolutionary-based methods. In the field of social cybersecurity
focused on hate speech classification, and Villar-Rodriguez et al. (2017) research, a common approach was observed, which aligns with the typ-
targeted impersonation attacks on social platforms using a bio-inspired ical utilization of metaheuristic algorithms. This approach is illustrated
approach. in Fig. 6. The associated pipeline involves the following steps:
Other innovative applications include Singh and Kaur’s (Singh &
Kaur, 2019) use of the Cuckoo Search Algorithm (CSA) for broader so- 1. Data Collection: Gather data specifically related to social cyber-
cial media cybercrime, Rezaeipanah et al.’s (Rezaeipanah et al., 2020) security attacks, focusing on areas commonly targeted, such as
employment of Particle Swarm Optimization (PSO) for predicting social emails, social media platforms, and instant messaging services.

17
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 6
A summary of detection methods. Approaches based on metaheuristic algorithms.
Ref. Objective Approach/Model Dataset Limitation Year
Sánchez-Oro Calvo and Duarte Community detection Integrated Greedy Facebook, Twitter No obvious weaknesses 2018
(2018) Algorithm
Sangwan and Bhatia (2020) Rumor detection WSA, DT PHEME dataset, Low classification accuracy 2020
Twitter/Instagram
Singh and Kaur (2020) Cyberbully detection CSA, SVM Twitter, ASKfm, No obvious weaknesses 2020
FormSpring
Al-Ajlan and Ykhlef (2018) Cyberbully detection Insect-inspired Twitter Does not support Arabic text 2018
metaheuristic
algorithm, CNN
Al-Zoubi, Faris, Alqatawna, and Spam profile detection WOA, PSA, GA, SVM Twitter No obvious weaknesses 2018
Hassonah (2018)
Aswani, Kar, and Vigneswara Spammer detection LFA, k-means clustering Twitter Content and semantic analysis 2018
Ilavarasan (2018) impacted by satire and slang.
Ignores useful features from
user profiles. Does not
examine shared links in-depth
Baydogan and Alatas (2021) Hate speech detection ALO, MFO, SSO, TSA, Twitter Metaheuristic runtime 2021
kNN, DT, SMO, MCC, increases with dataset size and
J48, NB, RF, Ridor class imbalance. Multiple runs
required to determine optimal
parameters
Villar-Rodriguez, Del Ser, Impersonation attack Bio-inspired WOSN 2009 conference No obvious weaknesses 2017
Gil-Lopez, Bilbao, and detection metaheuristic Facebook user
Salcedo-Sanz (2017) algorithm, k-means repository
clustering
Singh and Kaur (2019) Cybercrime detection CSA, SVM, NB Twitter, ASKfm, Framework implemented for 2019
FormSpring specific classifiers
Rezaeipanah, Mokhtari, and Link prediction PSO, SVM Twitter No obvious weaknesses 2020
Zadeh (2020)
Günay Yılmaz, Turhal, and Face spoofing detection PSA, ACO, SA, SVM NUAA PID dataset No obvious weaknesses 2020
Nabiyev (2020)
Sohrabi and Karimi (2017) Spam detection PSO, SA, ACO, DE, Facebook No obvious weaknesses 2017
SVM, DT

This ensures that the collected data is relevant to the detection set and evaluate its fitness using the algorithm’s objective func-
task. tion. This assesses the model’s performance in detecting social
2. Data Preprocessing: Emphasize the cleaning and transformation cybersecurity attacks.
of the collected data to maintain its integrity and suitability 8. Optimization: Continuously optimize the feature selection process
for analysis with metaheuristic algorithms. Address missing data and tune the parameters of the ML model using the metaheuristic
and outliers and normalize the data to ensure consistency and algorithm. This iterative optimization process aims to identify
improve the algorithms’ performance. patterns, relationships, and optimal configurations that enhance
the model’s detection capabilities.
3. Feature Extraction: Identify and extract features that are highly
9. Detection: Utilize the optimized model to forecast and predict
indicative of social cybersecurity attacks. These features could
social cybersecurity attacks using the testing set. The trained
include specific phrases, sentiment analysis scores, communi-
model analyzes the current state, patterns, and features to pro-
cation frequency, network-related elements, or other relevant
vide insights into potential threats and their likelihood within
attributes that capture the essence of malicious activity. the specified timeframe.
4. Problem Formulation: Formulate the detection problem with a 10. Evaluation: Compare the model’s detections against actual out-
clear focus on social cybersecurity attacks. Define the objective comes to assess its performance in forecasting and predicting
function, constraints, and decision variables specific to detect social cybersecurity attacks. Analyze the model’s accuracy, pre-
these attacks. This ensures the metaheuristic algorithm is aligned cision, recall, F1 score, or other relevant metrics to measure its
with the desired outcomes. effectiveness and identify areas for improvement.
5. Algorithm Selection and Parameter Tuning: Choose a suitable meta- 11. Model Deployment: Deploy the trained and evaluated model for
heuristic algorithm, such as Genetic Algorithms, Particle Swarm real-world use, considering the specific requirements and con-
Optimization, or Simulated Annealing, based on the problem for- straints of the deployment environment. This may involve inte-
mulation and complexity. Optimize the algorithm’s parameters grating the model into existing security systems or deploying it
to enhance its ability to forecast and predict social cybersecurity on cloud servers or edge devices for real-time predictions and
attacks effectively. proactive defense measures.
6. Dataset Partitioning: Split the dataset into training and test- 12. Model Updating: Regularly update the model with new data
ing sets, using techniques like cross-validation, to evaluate the as social engineering tactics evolve and new attack patterns
emerge. This ensures the model remains accurate, adaptable,
model’s performance robustly. This allows for accurate assess-
and effective in detecting social cybersecurity attacks in dynamic
ment of unseen data and helps avoid overfitting.
threat landscapes.
7. Modeling and Fitness Evaluation: Develop and train a model using
the selected metaheuristic algorithm and the preprocessed data. By incorporating these considerations, the steps become more closely
Train an ML classifier or regression model using the training aligned with the detection task for social cybersecurity attacks using

18
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 7
A summary of detection methods. Approaches based on agent-based modeling.
Ref. Objective Approach/Model Dataset Limitation Year
Serrano et al. (2015) Detect spread of rumors ABM Twitter No obvious weaknesses 2015
Beskow and Carley (2019a) Determine bot maneuvers in ABM Twitter Cannot validate believably 2019
spreading misinformation
Onuchowska (2020) Detect malicious behavior ABM Twitter Limited to Spain, Iran, Russia, and 2020
Venezuela. Incomplete communication
modeling. Preferential attachment for
relationship formation
Tseng and Son Nguyen (2020) Rumor detection ABM N/A Limited interaction modeling. Not a hybrid 2020
model. No specific simulation period
Gausen et al. (2021) Develop countermeasures ABM Twitter Non-realistic population size. Verification 2021
against misinformation spread lacking. Limited datasets
Calay et al. (2023) Examined team formation’s ABM N/A The study uses Agent-Based Modeling 2023
effect on cybersecurity and without empirical validation, limiting
introduced CCTF framework real-world applicability

metaheuristic algorithms. This approach leverages optimization tech- applying agent-based modeling in social cybersecurity research. The
niques and ML models to improve accuracy, enable proactive defense associated pipeline involves the following steps:
measures, and enhance overall cybersecurity posture.
1. Problem Definition: Clearly define the problem you want to ad-
4.4. Agent-based modeling in social cybersecurity dress using agent-based modeling in the context of detecting
social cybersecurity attacks. This step focuses the modeling effort
In this section, we thoroughly investigate the use of Agent-based on the specific objective of detection.
Modeling in detecting social cybersecurity attacks. Table 7, along with 2. Identify Agents: Identify the relevant agents involved in the so-
the summary section, provides a synopsis of the methods examined and cial cybersecurity ecosystem, such as individuals, organizations,
the pertinent research papers in this particular field. attackers, defenders, etc. This step ensures that the model in-
Agent-based modeling (ABM) (Grimm & Railsback, 2013; Macal & cludes all the necessary entities to accurately represent the social
North, 2005; Niazi & Hussain, 2011) offers a computational simulation dynamics of cybersecurity.
method to understand systems via individual agent interactions. In de- 3. Agent Behaviors and Interactions: Define the behaviors and in-
tecting social cybersecurity attacks, ABM captures the nuances of social teraction rules of the agents based on real-world observations
behaviors, enabling simulations of users, attackers, and defenders in and expert knowledge of social cybersecurity attacks. Specify
online platforms (Groff, 2007; Rahmandad & Sterman, 2008). Through how agents communicate, exchange information, launch attacks,
this, it unveils emergent properties and patterns from these interac- defend against attacks, and make decisions related to cyberse-
tions, facilitating analysis of attack spread, defense effectiveness, and curity. These rules and behaviors shape the model’s detection
cybersecurity dynamics. This helps researchers detect attacks, assess capabilities.
varied scenarios, and devise proactive defense strategies. 4. Agent Attributes and Data: Determine the attributes or variables
Below, we will review the literature on detecting social cybersecu- associated with each agent that are relevant to detecting social
rity attacks using agent-based modeling. cybersecurity attacks. Consider attributes such as susceptibility
Serrano, Iglesias, and Garijo (2015) propose an agent-based social to attacks, awareness level, security measures in place, historical
simulation model to detect rumors on social media, contrasting it with a attack data, or any other factors that affect the likelihood and
baseline model. Beskow and Carley (2019a) introduces an agent-based impact of attacks.
model, Twitter sim, to investigate bot disinformation tactics on Twitter 5. Model Design and Implementation: Design and implement the
and delve into emergent behaviors like supporting key influencers. agent-based model using appropriate software or simulation
Onuchowska (2020) uses agent-based modeling to analyze malicious platforms. Utilize tools like Mesa (the agent-based modeling in
behaviors on social media with the intent to mitigate the influence Python 3+), NetLogo (Tisue & Wilensky, 2004), Repast (Collier
of malicious actors. Tseng and Son Nguyen (2020) apply agent-based & North, 2011), or MASON (Luke, Cioffi-Revilla, Panait, Sulli-
modeling to simulate rumor propagation on social media, highlighting van, & Balan, 2005). to create the environment for agent-based
its fidelity in portraying the dynamics of rumor spread. In Gausen, Luk, modeling. Implement the rules, mechanisms, and algorithms
and Guo (2021), agent-based modeling is utilized to assess counter- that govern agent behaviors, interactions, and decision-making
measures against misinformation on social media, particularly those processes specific to social cybersecurity attacks.
that curtail misinformation while promoting true information dissem- 6. Validation and Calibration: Validate the agent-based model by
ination. Finally, Calay, Qolomany, Mulahuwaish, Hossain, and Abdo comparing its outputs with real-world data or known scenar-
(2023) employ Agent-Based Modeling to scrutinize the impact of team ios. Calibrate the model parameters to ensure they accurately
formation strategies on cybersecurity team performance, culminating in represent the observed behaviors and dynamics of the social
the Collaborative Cyber Team Formation (CCTF) framework that offers cybersecurity system. This step ensures the model’s accuracy and
a comprehensive understanding of cyber team dynamics. reliability in detection.
Summary 7. Experimentation and Sensitivity Analysis: Conduct experiments us-
This section provides an overview of the existing research conducted ing the agent-based model to simulate different scenarios and
in social cybersecurity using agent-based modeling for detecting social observe the effects of various factors on the occurrence and
cybersecurity attacks. While spam detection has received considerable spread of social cybersecurity attacks. Perform sensitivity anal-
attention, other areas like crime and cyber-attack detection remain ysis to understand the model’s sensitivity to changes in input
less explored. The full potential of agent-based modeling in social parameters and identify influential factors.
cybersecurity is yet to be realized, as comprehensive research in this 8. Detection: Utilize the agent-based model to detect social cyberse-
area is still lacking. Fig. 7 illustrates the typical approach followed in curity attacks based on different scenarios and inputs. Analyze

19
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Fig. 7. The agent-based modeling design starts with problem definition and ends with evaluation and interpretation for detecting social cybersecurity attacks.

the model’s outputs to understand the potential impact and like- by the summary section, offers a synopsis of the surveyed tools in this
lihood of future attacks, considering the dynamic interactions section, facilitating easy reference and understanding.
and behaviors of the agents.
Desktop and Mobile Applications
9. Evaluation and Interpretation: Evaluate the performance of the
Batagelj and Mrvar (2023) is designed for social network analy-
agent-based model by comparing its detection with real-world
sis and visualization, aiding in identifying patterns and connections
events and data. Interpret the findings to gain insights into the
pertinent to cybersecurity threats within social networks. Bastian and
dynamics of social cybersecurity attacks, identify potential pre-
Heymann (2025) provides capabilities for visualizing and manipulating
ventive measures, and understand the effectiveness of different
dynamic graphs, facilitating the tracking of the evolution of cyber
strategies. This evaluation ensures the model’s effectiveness in
threats. Carley, Columbus, and Landwehr (2025), specializing in text
detection.
mining and analysis, is apt for extracting and interpreting cybersecurity
10. Model Refinement and Iteration: Refine and improve the agent-
themes from unstructured text on social platforms, and it integrates
based model based on feedback, additional data, and new in-
with ORA-LITE (ORA, 2023) for visualization and statistical analysis.
sights. Iterate through the steps to enhance the accuracy and
UCINET (Borgatti, Everett, & Freeman, 2002) offers tools for data
effectiveness of the model in detecting social cybersecurity at-
manipulation and analysis, crucial for understanding extensive datasets
tacks. Update the model to adapt to evolving social engineering
associated with social cybersecurity incidents. Kalamaras (2025) fo-
tactics and incorporate new findings.
cuses on the visualization and analysis of social networks, allowing
By incorporating these considerations, the steps become more closely experts to delineate cyber threat networks. CFinder (Adamcsek, Palla,
aligned with the detection task for social cybersecurity attacks using Farkas, Derényi, & Vicsek, 2006) is instrumental in discovering and
agent-based modeling. This approach allows researchers to gain valu- visualizing communities within graphs, giving insights into community-
able insights into the dynamics of social cybersecurity threats, simulate centric cybersecurity issues. Concluding, Hootsuite (Hootsuite, 2023)
different scenarios, and develop proactive strategies for prevention and merges metrics from diverse social media platforms, providing a unified
mitigation. view of cybersecurity trends and anomalies across platforms.
Libraries, APIs, and Plugins
5. Social cybersecurity tools and public datasets NetworkX (Hagberg, Swart, & Schult, 2025) is tailored for creat-
ing and visualizing complex networks, which can be instrumental in
In the field of social cybersecurity, the right tools and access to rel- visualizing cyber threat landscapes on digital platforms. The igraph
evant datasets are pivotal for both research and practical applications. library (Csárdi & Nepusz, 2025) provides extensive tools for graph
This section introduces both vital components. Initially, we examine creation and analysis, pivotal for understanding cyber interactions
prominent tools in social cybersecurity and social network analysis, and potential vulnerabilities in the cyber realm. JUNG (O’Madadhain,
helping readers make well-informed decisions based on literature re- Fisher, Nelson, White, & Boey, 2025) serves as an API for model-
views and expert feedback. Subsequently, we outline publicly available ing and analyzing networks, which can be beneficial in cybersecu-
datasets, emphasizing their sources and utility in the realm of social rity for pattern recognition and anomaly detection. NodeXL (Smith
cybersecurity. et al., 2010) focuses on social connections and interactions, mak-
ing it pertinent for analyzing cybersecurity threats within social me-
5.1. Social cybersecurity tools dia ecosystems. JGraphT (JGraphT , 2023) offers functionalities crucial
for visualizing cyber interactions and potential threat points in the
This section aims to provide a comprehensive comparison of the digital realm. The Twitter API (Twitter Inc., 2023), by fetching real-
popular tools employed in the domains of social cybersecurity and time data from Twitter, can be employed to monitor cybersecurity
social network analysis. Through a meticulous examination of the threats and information dissemination in real-time on this platform.
characteristics and functionalities of these tools, researchers and practi- TensorFlow (Tensorflow, 2023) and PyTorch (PyTorch, 2023) are both
tioners can make well-informed decisions when opting for appropriate pivotal for developing machine learning classifiers, enabling threat
tools for visualization and analysis. The evaluations are based on intelligence and predictive cybersecurity through data analysis. Lastly,
a comprehensive literature survey (Batrinca & Treleaven, 2015; Ma- MuxViz (MuxViz, 2023) provides a framework to understand multi-
jeed, Uzair, Qamar, & Farooq, 2020a; Nanda & Kumar, 2021; Rani layer social networks, shedding light on complex cyber interactions
& Shokeen, 2021) and expert opinions, ensuring the reliability of the across various platforms, thus assisting in multi-platform cybersecurity
insights presented here. For a concise overview, Table 8, accompanied assessment and mitigation (Majeed, Uzair, Qamar, & Farooq, 2020b).

20
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Programming Languages
R Project (2023), with its comprehensive libraries like igraph and
SNA, serves as a potent tool for data analysis and visualization cru-
cial for deciphering complex patterns in social cybersecurity. MAT-
LAB (MatLab, 2023), traditionally used in engineering, extends its
prowess to social network analysis, making it essential for detecting
and counteracting potential cyber threats through its node metrics
and ML classifiers. Python (2023), versatile in its essence, empowers
social cybersecurity with its vast array of libraries, such as TensorFlow,
PyTorch, and NetworkX. This robust combination facilitates in-depth
network analyses, predictive modeling, and intricate visualizations,
offering a holistic approach to understanding and mitigating cyber
vulnerabilities and threats in the realm of social networks.
Summary
This section provides an overview of the tools commonly utilized
in social cybersecurity and social network analysis. It covers tools for
visualizing social network graphs, ML libraries like TensorFlow and
PyTorch, and the Twitter API for data collection. It also highlights
popular programming languages such as R, MATLAB, and Python,
Fig. 8. The system starts with raw data collection and ends with meta-network analysis.
renowned for their extensive libraries and capabilities in social network
analysis. The common approach depicted in Fig. 8 encompasses the
following steps in utilizing these tools:
Facebook. Each dataset is tailored to address a specific use case, en-
1. Dataset Collection: Collect the necessary data from social me- compassing tasks like friendship link prediction, rumor detection, and
dia platforms, such as Twitter, by registering an application, cyberbullying detection. To aid researchers and practitioners in their
obtaining access keys and tokens, and using APIs to retrieve work, we also provide details regarding the feature set and size of
relevant tweets based on social-cybersecurity keywords. Process each dataset for reference. For a succinct summary of all the discussed
and select a subset of the data for further analysis. datasets in this section, Table 9 offers a convenient overview.
2. Data Preprocessing: Preprocess and clean the dataset using Python In the context of Twitter datasets, several have been meticulously
packages like NumPy, pandas, and Matplotlib or tools like Au- curated to aid various research endeavors. The Twitter dataset So-
toMap. Apply techniques such as stemming, list deletion, concept cial Circles (McAuley & Leskovee, 2012) from the Stanford Network
generalization, thesaurus classification, and feature selection to Analysis Project is aptly fashioned for impersonation attack detection
eliminate unnecessary text and prepare the data for analysis. or friendship link prediction. The rumor dataset from the PHEME
3. Meta-Network Analysis: Identify textual elements and link them Project (Zubiaga, Liakata, Procter, Wong, & Tolmie, 2016) zeroes in
to network nodes. Use tools like Gephi, ORA-LITE, or SocNetV on rumor detection. The TwiBot20 dataset (Feng, Wan, Wang, Li,
to perform meta-network analysis. This involves: & Luo, 2021) is inherently constructed for bot detection. The Sen-
timent 140 dataset curated by Stanford University (Perkins, Tavory,
• Network analysis: Map the relationships that connect tex- Luce, & Sanders, 2025) predominantly serves spam detection and sen-
tual elements as a network. Identify key components (in- timent analysis tasks. The COVID-19 Rumor dataset (Cheng et al.,
dividuals and groups) and their associations to understand 2021) is instrumental in detecting rumors and fake news. The Cyber-
the community structure. Tweets dataset (Behzadan, Aguirre, Bose, & Hsu, 2018) is laser-focused
• Network visualization: Transform the textual data into a on cyber threat detection. The How ISIS Uses Twitter dataset (Kag-
visual representation that helps visualize relationships and gle, 2016) is purpose-built for terrorism detection. The FakeNews-
patterns that may be difficult to discern in textual form. Net dataset (Shu, Mahudeswaran, Wang, Lee, & Liu, 2018) emerges
Visualizations aid in understanding the network structure as a cornerstone for fake news detection tasks. Finally, the Twitter
and characteristics. Bots Accounts dataset (Gutierrez, 2025) stands out as a vital tool for
• Building ML models: Utilize simulation tools like Tensor- differentiating between human and bot accounts.
Flow, Python library (PyTorch), or MATLAB to build ML When it comes to Facebook datasets, there are a couple of sig-
models. These models can detect social cybersecurity at- nificant resources available for researchers. The Social Circles dataset
tacks based on the analyzed meta-network data. ML algo- from Facebook (McAuley & Leskovee, 2012), a contribution from the
rithms can leverage the insights from network analysis to Stanford Network Analysis Project (SNAP), is primarily tailored for
enhance detection accuracy. impersonation attack detection and friendship link prediction. Simi-
larly, the Facebook WOSN dataset (Facebook friendships network dataset
– KONECT , 2023), offering an undirected subgraph of user friend-
By following these steps, researchers can effectively collect, prepro- ships, aligns well with these tasks, underscoring the essence of user
cess, analyze, and model social media data for detecting social cyber- relationships and interactions.
security attacks. The combination of meta-network analysis, network In the realm of Vulnerability datasets, social media serves as a
visualization, and ML modeling provides a comprehensive approach to pivotal touchstone for early detection, given the swift emergence of
understanding and predicting social cybersecurity threats. related discussions. Cybersecurity greatly profits from datasets tailored
for vulnerability detection and severity assessment.
5.2. Public social cybersecurity datasets The ExploitDB (ExploitDB, 2023) database showcases a trove of
exploits instrumental for vulnerability analysis. The Microsoft Security
In this section, we present a compilation of publicly available Response Center (MSRC) (Microsoft Security Response Center (MSRC),
datasets in the field of social cybersecurity. These datasets have been 2023), on the other hand, has meticulously compiled a vulnerability
sourced from diverse social media platforms, including Twitter and CVE database, divulging essential particulars concerning a multitude

21
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

of vulnerabilities. In a similar vein, the CVE Details (Vulnerability Current Solutions: The quest to pinpoint a reliable ground truth
List , 2023) database unfolds a comprehensive roster of vulnerability for evaluation, considering the human-centric and psychological
CVEs, facilitating granular analysis, be it vendor or product-specific, elements woven into these attacks, necessitates a multifaceted
reinforcing its value for vulnerability detection. approach. A potent solution is rooted in data sharing and stan-
In the category of Other datasets, cyberbullying research has seen dardized benchmarking. As prediction paradigms become more
significant contributions from a couple of pivotal datasets. The Chat intricate, there is an amplified call for metrics that can be
Coder Formspring Cyberbullying dataset (Edwards & Edwards, 2023) effortlessly interpreted and expounded upon. Leveraging tools
from Formspring emerges as a primary tool for detecting cyberbul- such as explainable AI and rule-based reasoning have emerged
lying, grounded in user inquiries and responses. In a similar vein, as viable routes to amplify the interpretability quotient of these
the Chat Coder MySpace Cyberbullying dataset (Edwards & Edwards, metrics (Xu, 2019).
2023) extracted from MySpace is designed to aid the pinpointing of Future Directions: There is an imminent need to continue
cyberbullying events by scrutinizing user profiles and wall exchanges. refining and amplifying the robustness of metrics tailored for
social cybersecurity. Emphasis should pivot towards solidifying
6. Challenges in social cybersecurity, current solutions and future evaluation techniques that marry precision with practical rele-
directions vance. A sustained focus on ensuring that metrics are not just
numerically rigorous but also intuitively comprehensible will
In the subsequent section, we delve into the salient challenges be paramount. Collaborative interdisciplinary research should
currently faced in the field of social cybersecurity. Despite notable surge ahead, seeking to decode the complexities of human be-
progress, significant issues persist that have yet to be fully resolved. We haviors in cyber settings (Aiken, 2016).
also engage with the existing solutions to these challenges and chart 3. Time Complexity of Various Techniques
the prospective pathways for future developments. Addressing these Efficiently grappling with the time complexity inherent in tech-
challenges is of paramount importance, as it promises to significantly niques designed for detecting social cybersecurity attacks poses
reinforce the robustness and effectiveness of social cybersecurity mea- considerable challenges. As the sheer volume and velocity of
sures. Table 10 offers a concise overview, itemizing these challenges data intensify, there exists a compelling need for prediction
alongside their present solutions and envisaged future trajectories. models that excel in both efficiency and scalability. The intricate
nature of social cybersecurity attacks demands swift, real-time
1. Datasets
analysis, presenting substantial hurdles for researchers and prac-
The primary challenge in the domain of social cybersecurity
titioners (Shaukat, Luo, Varadharajan, Hameed, Chen, et al.,
datasets lies in the ever-evolving and often covert nature of
2020; Wiafe et al., 2020).
attacks. There is a dire need for datasets that encapsulate the
Current Solutions: The rapidly evolving landscape of social
full spectrum of changing social engineering tactics. The clan-
cybersecurity attacks, accompanied by overwhelming data quan-
destine nature of these attacks and the lack of standardized data
tities, necessitates continual advances in algorithm design, op-
collection methods pose substantial challenges, making it diffi-
cult to acquire and analyze data that would provide a holistic timization paradigms, and parallel computing. To strike a bal-
perspective (Alsharif, Mishra, & AlShehri, 2022; Cremer et al., ance between computational precision and efficiency, the fo-
2022; Samtani, Kantarcioglu, & Chen, 2020). cus has shifted towards the efficient design of algorithms and
Current Solutions: Interdisciplinary collaborations have taken data handling mechanisms (Tisdale, 2015). Techniques such as
the forefront in addressing these challenges. Central to these feature selection, dimensionality reduction, and tapping into
efforts is the development of shared frameworks for data acqui- distributed and cloud-based computing infrastructures have be-
sition and the establishment of cohesive protocols for dataset come quintessential. The aim is to design algorithms that not
standardization (Larriva-Novo, Villagrá, Vega-Barbas, Rivera, & only handle vast datasets but also scale efficiently, supported
Sanz Rodrigo, 2021). By streamlining the data collection and by computational platforms capable of parallel processing and
standardization process, and given the multifaceted nature of efficient data distribution.
the data — spanning realms like social media, online discourse, Future Directions: The future will demand further refinement
and behavioral patterns — the solutions focus on harnessing ad- of the delicate balance between algorithmic efficiency and scal-
vanced analytics and ensuring continuous engagement between ability. As cyber threats continue to evolve, there is a pressing
experts in the domain. need for algorithms that remain efficient under increasingly
Future Directions: Looking ahead, addressing the challenges complex conditions. There will be a pivot towards leveraging
posed by datasets in social cybersecurity will require innovative quantum computing, advancements in machine learning, and
approaches. There is a pressing need to develop methodologies innovative data representation techniques. Interdisciplinary col-
for data acquisition, standardization, and analysis that can adapt laborations will be vital, focusing on solutions that are both
to the growing intricacies of such data (Sivarajah, Kamal, Irani, reactive and proactive, fortifying our defenses against the relent-
& Weerakkody, 2017). Ensuring these methodologies are an- less evolution of social engineering attacks (Bethune, Buhalis, &
chored in ethical considerations, especially around user privacy, Miles, 2022).
will be crucial. By refining these techniques, the goal is to en- 4. Evolving Attack Methods and Human Behavior’s Complexity
hance the predictive capabilities of social cybersecurity models, The landscape of social cybersecurity is perpetually challenged
enabling them to preemptively identify and combat threats. by two interlinked dimensions: the rapid evolution of attack
2. Absence of data-driven Metrics methodologies and the intricate puzzle of human behavior. The
Detecting social cybersecurity attacks introduces challenges tied dynamic nature of technological advancements and human psy-
to the delineation and application of suitable metrics. Conven- chology complicates the prediction and detection of social cyber-
tional metrics such as accuracy or precision frequently miss security threats. Attackers not only exploit new communication
the mark in capturing the multifaceted dynamics inherent in technologies but also human vulnerabilities, making the fore-
social cyber threats. This underscores the demand for domain- casting of their next moves increasingly complex (Alqahtani &
specific metrics sculpted through cooperative research endeav- Sheldon, 2022; Bontrager, Roy, Togelius, Memon, & Ross, 2018;
ors (Bowen, Devarajan, & Stolfo, 2011; Scala, Reilly, Goethals, Dawson & Thomson, 2018; Helfstein & Wright, 2011; Nazario,
& Cukier, 2019). 2008; Nobles, 2018).

22
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Current Solutions: Addressing these challenges necessitates especially when they span across multiple digital platforms.
a multifaceted approach that combines vigilant monitoring of The ultimate objective is to build a more resilient digital space
evolving attack strategies with an in-depth understanding of hu- fortified against the crafty ploys of cyber attackers.
man behavior. This includes incorporating psychological, behav- Current Solutions: In the bid to counteract these meticulously
ioral, and sociological insights into predictive models, alongside orchestrated maneuvers, contemporary solutions have hinged on
real-time threat intelligence. Collaborative ecosystems, uniting the zenith of technological innovation. Foremost among them
academia, cybersecurity experts, and industry leaders, play a are real-time monitoring systems. Bolstered by machine learn-
crucial role in fostering an adaptable and informed response ing and big data paradigms, these systems perpetually trawl
mechanism. Bridging diverse academic disciplines and amassing through digital content, isolating aberrant patterns indicative of
culturally rich behavioral datasets, while upholding privacy and information maneuvers (Oussous, Benjelloun, Lahcen, & Belfkih,
ethical standards, are essential for developing effective coun- 2018). Adding depth to these solutions are sentiment and in-
termeasures (Alshamrani, Myneni, Chowdhary, & Huang, 2019; tent analysis algorithms. Beyond mere content analysis, they
Osman, 2010). delve into the deeper nuances, aiming to discern the actual
Future Directions: The future of social cybersecurity hinges sentiment or underlying intent, particularly when confronted
on enhancing the detection accuracy of models through the with content that bears the hallmarks of manipulation or sub-
integration of machine learning, AI, and culturally intelligent an- terfuge (Van Dijck, 2014). Given the omnipresence of digital
alytics. These models must be adaptive, capable of deciphering platforms, the introduction of cross-platform correlation tools
complex human behaviors and evolving technological contexts. has been a game-changer. These tools, adept at synthesizing data
Emphasizing ethical AI and robust data governance will en- and behavior across myriad social media channels, provide a
sure that advancements in cybersecurity respect human dignity holistic threat overview, ensuring comprehensive vigilance (Ca-
and privacy. As we navigate this ever-changing domain, the macho, Panizo-LLedot, Bello-Orgaz, Gonzalez-Pardo, & Cambria,
synergy between cutting-edge technology and deep human be- 2020).
havioral insights, underpinned by unwavering ethical principles, Future Directions: As cyber attackers refine their information
will be paramount in securing a safer digital world (Barry, 2020; maneuvers, the counter-strategies are bound to evolve in tan-
Sherman et al., 1997). dem. Poised on the horizon are adaptive analytics systems. An-
5. Adapting to Social Media Changes The perpetual evolution of chored in AI, these systems will incessantly adapt, always staying
the social media landscape presents a significant challenge in ac- a step ahead of the ever-mutating tactics of cyber adversaries.
curately detecting social cybersecurity attacks (Ford et al., 2016; With information warfare witnessing incessant sophistication,
Korda & Itani, 2013). As attackers leverage novel features and the corresponding counter-strategies will pursue heightened pre-
emerging communication channels, identifying vulnerabilities dictive acuity and instantaneous responsiveness. The fusion of
and potential attack vectors across numerous platforms becomes behavioral psychology with cybersecurity presents an intrigu-
increasingly complex. ing prospect. Through a more profound understanding of the
Current Solutions: The current efforts predominantly revolve psychological triggers attackers leverage, the potential to proac-
around continuous monitoring of social media platforms to de- tively stymie their maneuvers becomes increasingly tangible. As
tect anomalies and potential threats. Collaboration is also un- the tapestry of the digital universe gets more intricate, collabo-
derway between researchers, cybersecurity experts, and platform ration will emerge as the clarion call. United defense stratagems,
administrators to share insights and best practices. To keep pace spanning platforms, nations, and sectors, are projected to be the
with the speed of information dissemination on social media future bulwark against the ever-evolving realm of information
and the tactics used by adversaries, there is a reliance on ad- maneuvers (Katrakazas, Quddus, Chen, & Deka, 2015).
vanced threat intelligence tools and cutting-edge analytics. This 7. Motive Identification in Social Cybersecurity Attacks
approach aims to ensure that the most up-to-date and relevant Understanding the driving forces behind social cybersecurity
data is used to identify and counter threats in real time (Hatfield, attacks is paramount (Conteh & Schmick, 2016; Gandhi et al.,
2018). 2011; King et al., 2018). The motives, be they rooted in per-
Future Directions: As the social media terrain becomes even sonal amusement, quest for chaos, financial objectives, brand
more intricate, there will be an imperative for developing adap- promotion, wielding personal influence, or community creation,
tive modeling frameworks. These frameworks will need to dy- remain as diverse as they are intricate. Given the scale and rapid
namically adjust to the intricacies of new communication chan- evolution of cyber threats, the challenge rests on effectively
nels and features on various platforms. The next phase of defense discerning these motives in real-time. The pressing need, thus,
will focus heavily on leveraging AI and machine learning, not is to cultivate innovative methodologies that can delve deep and
just for detection but for proactive threat prediction. Antici- provide actionable insights into the motivations underpinning
pating an attacker’s move before they make it will become these cyber onslaughts.
crucial. Additionally, building a robust and more integrated Current Solutions: The contemporary approach to grasping
collaborative network, which includes not only security experts the psyche of cyber adversaries marries technological prowess
but also social media platform developers, will be pivotal. This with psychological acumen. Machine learning, specifically in the
collaboration will aim to introduce security measures at the very realm of behavior analytics, stands out as a primary tool to
design level of social platforms, ensuring that security becomes glean patterns potentially indicative of a cybercriminal’s moti-
an integral part of the social media evolution (Ahangama, 2023; vations (Martín, Fernández-Isabel, Martín de Diego, & Beltrán,
Bhimani, Mention, & Barlatier, 2019). 2021). The application of NLP has carved a niche, especially
6. Information Maneuvers in Social Cyber Attacks when malefactors articulate their objectives or leave behind tex-
The realm of information maneuvers in social cyber attacks tual breadcrumbs, thereby streamlining the motive identification
remains an intricate landscape (Blane, Moffitt, & Carley, 2021; process (Sarker, Furhad, & Nowrozy, 2021). In a bid to foster
Hadnagy, 2010; Wang, Carley, Zeng, & Mao, 2007). These ma- global collaboration, platforms have been inaugurated that rally
neuvers, both nuanced and multifaceted, highlight the deliberate cybersecurity mavens worldwide. This collaborative spirit has
strategies cyber adversaries deploy to achieve specific outcomes culminated in the creation of robust motive repositories, expedit-
or impacts. The challenge lies in enhancing detection capacities ing the process of associating discerned behaviors with probable
to swiftly and proactively pinpoint these information maneuvers, motivations.

23
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Future Directions: The realm of motive identification promises 2017; Defense Advanced Research Projects Agency (DARPA),
an exciting trajectory. Foreseen is the amalgamation of AI’s be- 2021; Dumitras & Neamtiu, 2011). With an increasing depen-
havioral analytics with the intricacies of deep learning, offering dence on open-source software in numerous sectors, the integrity
a refined lens to scrutinize motives (Rodgers, 2020). As cyber- and authenticity of such code have become paramount. Mali-
attacks manifest in multifarious shades, a converging path with cious actors, recognizing this reliance, have attempted to com-
disciplines such as sociology and psychology seems inevitable, promise systems by introducing backdoors, injecting malicious
laying the foundation for a more comprehensive grasp of mo- code, or presenting deceptive code repositories. This presents a
tivations. Innovations like real-time motive detection systems, dual problem: the need to ensure that open-source contributions
underpinned by edge computing and IoT integration, are on are genuine and free from harmful components and the chal-
the horizon, ensuring instant motive discernment during live lenge of detecting and countering attempts at misinformation
cyber events. In this hyper-connected digital epoch, interna- through code.
tional synergies are more pertinent than ever. The emergence of Current Solutions: Several solutions focus on ensuring code
standardized cyber platforms and consolidated motive databanks security. Code signing allows developers to attach digital sig-
is anticipated, ensuring a seamless, global collaborative effort natures to their code, which users can verify before execu-
to comprehend and neutralize cyber threats anchored in clear tion (Castro, Costa, & Harris, 2006). Tools like SAST and DAST
motive understanding. are employed to identify potential vulnerabilities (Li, 2020).
8. Diffusion in Social Cybersecurity Attacks Software Composition Analysis (SCA) tools trace open-source
Understanding the diffusion mechanisms in social cybersecurity components, ensuring they are up-to-date and free of known
attacks poses a multi-faceted challenge (Ahangama, 2023; Col- vulnerabilities (Imtiaz, Thorn, & Williams, 2021).
baugh & Glass, 2012; Shrestha et al., 2020). The crux of this Future Directions: Machine learning and AI could be har-
research lies in capturing the spread of influence campaigns, nessed for in-depth code analysis, identifying malicious code
which are often multi-modal, encompassing a diverse range of patterns (Bharadiya, 2023). Blockchain technologies suggest the
content from memes and videos to beliefs and ideas. Essential potential creation of decentralized code repositories, promoting
to this is the ability to trace the originators of these campaigns transparent code modification documentation (Nawari & Ravin-
and gauge the cascading effects as they resonate across various dran, 2019). Collaborative platforms emphasizing peer reviews
platforms. There is a distinct need for innovative methodologies and ratings could ensure secure code contributions. Emphasis
and live-monitoring systems that can adeptly detect diffusion might also be on educational initiatives, equipping developers
trajectories, spanning initiation, peak momentum, and eventual with knowledge on secure coding practices. A collaborative
decline. international approach could lead to the establishment of global
Current Solutions: The increasing prevalence of influence cam- standards for open-source software.
paigns has catalyzed the emergence of state-of-the-art diffusion 10. Ethical Implications of AI-based Cybersecurity
analysis tools. Pioneering analytics platforms now offer real- A significant challenge often overlooked in social cybersecu-
time tracking of content trajectories across social media ecosys- rity is the ethical dimension, particularly regarding AI-based
tems, buoyed by sophisticated AI algorithms (Bragazzi et al., detection and monitoring systems. The application of AI in this
2020). The insights gleaned from network analysis have been domain often involves extensive data collection, monitoring,
invaluable, shedding light on diffusion pathways and pinpoint- and profiling of users, which raises serious concerns about user
ing influential nodes or super-spreaders (Liu, Tang, Zhou, & privacy, digital rights, consent, and potential misuse of collected
Do, 2015). Sentiment analysis tools harnessing the capabilities data (Mittelstadt, 2019). These practices can lead to inadver-
of NLP provide a nuanced understanding of how content is tent surveillance and discrimination, potentially violating ethical
received, guiding adaptive strategies (Yue, Chen, Li, Zuo, & Yin, norms and user expectations.
2019). In response to the intricate web of interconnected so- Current Solutions: Recent studies advocate for the integration
cial platforms, cross-platform analytics have gained prominence, of ethical AI frameworks that incorporate fairness, accountabil-
offering a consolidated lens to view and comprehend diffusion ity, transparency, and explainability into social cybersecurity
dynamics. systems (Jobin, Ienca, & Vayena, 2019). Privacy-preserving tech-
Future Directions: As the digital sphere continues to expand niques, such as federated learning and differential privacy, are
and metamorphose, so will the paradigms of diffusion research increasingly being explored to reduce the amount of person-
in social cybersecurity. The horizon likely holds promise for ally identifiable information collected during monitoring activi-
quantum-powered real-time analytics, poised to revolutionize ties (Brakerski & Vaikuntanathan, 2014).
data processing speeds and accuracy (Brijwani, Ajmire, & Thawani, Future Directions: Future research should aim at designing
2023). The melding of Augmented Reality (AR) and Virtual Re- AI-driven social cybersecurity tools that balance the need for
ality (VR) with diffusion analytics is anticipated, paving the way security with fundamental ethical principles. There is a press-
for immersive and intuitive exploration of diffusion patterns. Ad- ing need to establish regulatory frameworks and standardized
vanced deep learning models capable of discerning and forecast- ethical guidelines to ensure responsible AI use (Floridi et al.,
ing content virality based on past patterns are on the cards (Jung 2018). Addressing issues such as bias mitigation, algorithmic
& tom Dieck, 2018). With the mounting sophistication of cross- accountability, and user consent will be essential to gaining
platform influence campaigns, global collaborative endeavors public trust and maintaining the legitimacy of AI-based social
are expected to take center stage. This could manifest as unified cybersecurity measures.
platforms that empower cybersecurity specialists worldwide to
collaboratively track, decipher, and counter diffusion mecha-
nisms, ensuring a cohesive defense against proliferating cyber 7. Conclusion and future directions
adversities.
9. Authenticity of Open-Source Code in Social Cybersecurity This research paper offers a thorough exploration of detection in
Attacks the context of social cybersecurity attacks. We systematically dissected
The challenge of ensuring the authenticity of open-source code a range of social cybersecurity attacks, providing an in-depth analysis
has become a pressing concern in the realm of social cybersecu- of potential countermeasures for each, giving readers a comprehensive
rity (Ansari, Akhlaq, & Rauf, 2013; Breda, Barbosa, & Morais, understanding of the field. A key highlight of our paper is the emphasis

24
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 8
A summary of the social cybersecurity tools surveyed.
Ref. Tool Purpose Type Platform Open source Language Input formats Output formats
Batagelj and Mrvar (2023) Pajek Visualization, analysis of Desktop App Windows X .NET net, .pajek, dat, .eps, .svg, .html, .jpeg,
large networks .dl, .gml, .gdf, .bmp, .X3D, .KiNG,
.csv, .mol, .xls .mdl
Hagberg et al. (2025) NetworkX Visualization, analysis of Library Windows, ✓ Python .gml, .graphml, .gml, .ps, .dot,
networks & Graphs Linux net- graph6/sparse6, .net
workx,graph6, adjacency lists, edge
sparse6, .dot, lists, .jpg, .png,
.net, .gexf, .txt .graphml
Csárdi and Nepusz (2025) igraph Creation, analysis of Library Windows, ✓ C .net, .graphml, .net, GraphML
graphs Linux .gml, .text, .csv,
.dot, Graph db,
.txt
Bastian and Heymann Gephi Graph manipulation Desktop App Windows, ✓ Java .net, .graphml, .net, .dl, .gexf, .gdf,
(2025) Linux, Mac .net, .gml, .gml, node lists, edge lists,
.vna, .xls, .gdf, .graphml
.dot, .txt, .csv,
.tlp, .dl, .tpl,
.gexf, .vna
O’Madadhain et al. (2025) JUNG Manipulation, Library, API Windows, ✓ Java Pajek and Pajek, GraphML
visualization, analysis of Linux, Mac GraphML, .txt
graphs
Carley et al. (2025) AutoMap Text mining Desktop App Windows X Java .txt DyNetML, .csv
Borgatti et al. (2002) UCINET Visualization, analysis of Desktop App Windows X BASIC/ DOS .dl, .xls, vna, dl, .xls, .net, Mage,
social networks .net, .txt Metis, Netdraw (.net)
Kalamaras (2025) SocNetV Visualization, analysis of Desktop App Windows, ✓ C++ .graphml, .xml, GraphML, PDF, Pajek,
social networks Linux, Mac .dot, .net, .paj, .jpeg, .png, Adjacency
.sm, .csv, .adj, matrix
.dl, .list,
weighted lists
(.wlist)
Adamcsek et al. (2006) CFinder Discovery, visualization of Desktop App Windows, ✓ Java .txt .txt, .pfd, .gif, .jpg,
communities Linux, Mac .png, .bmp, .ps, .wbmp,
.svg, .emf
Smith et al. (2010) NodeXL Discovery, visualization of Plugin Windows ✓ .NET C# .txt, .csv, .net, .txt, .csv, .dl, .xls, .xslt,
networks .xls, .xslt, .dl, .graphml
.graphml
Hootsuite (2023) Hootsuite Management of social Desktop, Windows, X PHP N/A N/A
media Mobile App Linux, IOS, &
Android
JGraphT (2023) JGraphT Graph illustration Library Windows, ✓ C#, Java, Javascript N/A .dot, .txt
Linux, Mac,
& Android
R Project (2023) R Analysis of social networks Language Windows, ✓ C++, C, Fortran .R, .RData, .rds, .txt, csv, .html, .xml
Linux, Mac .rda
MatLab (2023) MATLAB Analysis of networks, Language Windows, X C, C++, Java .mat, .txt, .csv, .mat, .csv, .xls, .xltm,
numeric operations Linux, Mac .xls, .xltm, .ods, .ods, .xml, .cdf, .fits,
.xml, .daq, .cdf, .hdf, .bmp, .jpg, .png,
.avi, .hdf, .bmp, .pbm, .pcx, .tiff, .au,
.jpg, .png, .pbm, .wav, .mpg, .mp4, .avi
.pcx, .tiff, .au,
.wav, .mpg
Python (2023) Python Visualization, analysis of Library Windows, ✓ C csv, .xslx, .txt, csv, .xslx, .txt, .json,
social networks, text Linux .json, .docx, .docx, .jpeg, .mp3,
processing, ML .jpeg, .mp3, .mp4, .sql
.mp4, .sql
Twitter Inc. (2023) Twitter API Collect Twitter datasets API, Library Windows, ✓ Java, Javascript N/A .json
Linux, Mac,
IOS, Android
Tensorflow (2023) Tensorflow Creation of ML classifiers Library Windows, ✓ Python, C++, Cuda .pb, .json .pb, .json
Linux, Mac
PyTorch (2023) PyTorch Creation of ML classifiers Library Windows, ✓ Python, C++, Cuda .pt, .pth .pt, .pth
Linux, Mac
MuxViz (2023) MuxViz Visualization and analysis Library, Windows, ✓ R .dot, .paj, .txt, .net, .dl, .net, .gdf,
of multilayered networks Website Linux, Mac .json, .csv .xlsx, .png, .txt, .json,
.csv

25
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 9
A summary of the public datasets surveyed.
Ref. Name Source/Type Size Features Use cases
McAuley and Leskovee (2012) SNAP: Social circles on Twitter 81,306 nodes and 1,768,149 Various hashtags and mentions Impersonation attack detection
Twitter edges and friendship link prediction
Zubiaga et al. (2016) PHEME rumor dataset Twitter 330 threads (297 in English, Thread features, Tweet Rumor detection
33 in German) associated with features, and replying Tweet
nine breaking news stories features
Feng, Wan, Wang, Li, and Luo TwiBot20 Twitter 229,573 users, 33,488,192 User features, neighbors, Bot detection
(2021) tweets, 8,723,736 user domain, and label
properties, and 455,958 follow
relationships
Perkins et al. (2025) Sentiment140 Twitter 498 annotated tweets and 1.6 Tweet features and polarity Spam detection and sentiment
million processed tweets analysis
Cheng et al. (2021) COVID-19 Rumor Twitter and 4,129 news records and 2,705 Tweet features and news Rumor detection and fake
Dataset Web news tweets with replies features news detection
Behzadan et al. (2018) CyberTweets Twitter 21,368 tweets Tweet features, relevance, and Cyber threat detection
vulnerability type
Kaggle (2016) How ISIS uses Twitter Twitter 17k tweets from 112 pro-ISIS User features and tweet Terrorism detection
accounts features
Shu et al. (2018) FakeNewsNet Twitter Real-time growth News article features, Tweet Fake news detection
features, and user features
Gutierrez (2025) Twitter Bots Accounts Twitter 25,013 human accounts and Twitter user ID and label Bot detection
12,425 bot accounts
McAuley and Leskovee (2012) SNAP: Social Circles on Facebook 4,039 nodes and 88,234 edges User features Impersonation attack detection
Facebook and friendship link prediction
Facebook friendships network Facebook WOSN Facebook 63,731 nodes in an undirected Graph features Impersonation attack detection
dataset – KONECT (2023) subgraph of friendships and friendship link prediction
ExploitDB (2023) ExploitDB vulnerability N/A CVE features Vulnerability detection and
dataset severity rating
Microsoft Security Response Center Microsoft Security vulnerability N/A CVE features Vulnerability detection and
(MSRC) (2023) Response Center dataset severity rating
(MSRC)
Vulnerability List (2023) CVE Details vulnerability N/A CVE features Vulnerability detection and
dataset severity rating
Edwards and Edwards (2023) Chat Coder Formspring Formspring 18,554 users with questions User features and post features Cyberbullying detection
Cyberbullying Dataset and answers
Edwards and Edwards (2023) Chat Coder MySpace MySpace Profiles and walls of 127,974 User features and post features Cyberbullying detection
Cyberbullying Dataset users
Hackmageddon (2023) 2018 Master Table - Various 1,337 events Attack features Cybercrime detection and
Hackmageddon sources prediction
The GDELT Project (2023) The GDELT Project Various Real-time growth Event codes and locational Prediction of social unrest
sources features

on the importance of public datasets and specialized analytical tools • Public Awareness Campaigns: Investing in educational initiatives
for social cybersecurity. Such resources not only enhance the quality of to raise public awareness about social engineering tactics, phish-
research but also catalyze advancements in the discipline. ing attempts, and other threats is essential in building a resilient
Furthermore, we critically examined the vast array of existing de- digital society.
tection techniques. We brought to the fore the research challenges in • Technological Investments: Practitioners should focus on deploy-
social cybersecurity, ongoing solutions, and potential future pathways. ing advanced AI-driven detection algorithms and multi-layered
Our discourse illuminated the intricate challenges of countering social authentication mechanisms to proactively counter cybersecurity
engineering threats and underscored the urgent need for sustained threats.
innovation in the sector. • Collaboration and Intelligence Sharing: Establishing cross-platform
collaborations and intelligence-sharing networks among stake-
Looking forward, it is evident that the next phase in social cyberse-
holders is critical for identifying, predicting, and mitigating emerg-
curity requires delving into unexplored areas and pioneering innovative
ing threats.
research directions. By taking head-on the challenges we have iden-
tified, and by adopting cutting-edge approaches, the cybersecurity In essence, this survey serves as a guiding beacon for researchers,
community is poised to bolster its defenses against the ever-evolving professionals, and decision-makers immersed in social cybersecurity.
threats of malicious online actors. Our objective has been to shed light on the ever-changing landscape
This survey also highlights key policy implications and actionable of this domain, driving the design of advanced detection models,
recommendations for practitioners: enhancing defensive measures, and nurturing a more secure digital
space. Through the insights presented in this paper, we are rallying our
• Policy Implications: Governments and organizations should pri- collective efforts, aiming for a robust and resilient digital tomorrow. As
oritize the development and implementation of regulatory frame- we venture forward, it is apparent that the field of social cybersecurity
works that address social cybersecurity threats, ensuring platform is ripe for breakthroughs and daring exploration, especially in devising
accountability and fostering user trust. effective countermeasures against complex social engineering threats.

26
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Table 10
Summary of challenges, evaluations, current solutions, and potential solutions in social cybersecurity.
Challenge Evaluation Current solutions Future directions
Datasets The primary challenge in the Interdisciplinary collaborations focus Innovative approaches are needed for
domain of social cybersecurity on shared frameworks for data data acquisition, standardization, and
datasets lies in the covert acquisition (Larriva-Novo et al., analysis (Sivarajah et al., 2017).
nature of attacks (Alsharif 2021).
et al., 2022; Cremer et al.,
2022; Samtani et al., 2020).
Absence of data-driven Metrics Challenges tied to suitable Data sharing and standardized Refining and amplifying metrics
metrics for forecasting social benchmarking are essential. Use of tailored for social cybersecurity is
cybersecurity attacks (Bowen tools like explainable AI (Xu, 2019). essential (Aiken, 2016).
et al., 2011; Scala et al.,
2019).
Time Complexity of Various Time complexity challenges in Focus on algorithm design, Emphasis on leveraging quantum
Techniques techniques for detecting optimization paradigms, and parallel computing and machine learning
attacks (Shaukat, Luo, computing (Tisdale, 2015). advancements (Bethune et al., 2022).
Varadharajan, Hameed, Chen,
et al., 2020; Wiafe et al.,
2020).
Evolving Attack Methods and The interplay between the A multifaceted strategy that includes Embracing machine learning, AI, and
Human Behavior’s Complexity rapid evolution of attack vigilant monitoring of evolving heuristic-driven analytics, enhanced
methodologies that leverage attack strategies, real-time threat with deep insights into human
new technological intelligence, an interdisciplinary psychology, to develop adaptive,
breakthroughs and the approach that melds psychology, robust, and ethically guided
complexity of human behavioral sciences, and sociological predictive models that can navigate
behavior, including social insights, and fostering collaborative both the technological and
engineering attacks and ecosystems (Alshamrani et al., 2019; human-centric aspects of
cultural variances, presents a Osman, 2010). cybersecurity threats (Barry, 2020;
dual challenge (Alqahtani & Sherman et al., 1997).
Sheldon, 2022; Bontrager
et al., 2018; Dawson &
Thomson, 2018; Helfstein &
Wright, 2011; Nazario, 2008;
Nobles, 2018).
Adapting to Social Media Evolution of social media Continuous monitoring, Adaptive modeling frameworks,
Changes challenges accurate attack collaborations, and advanced threat leveraging AI for proactive detection,
detection (Ford et al., 2016; intelligence tools (Hatfield, 2018). and integrated collaborations
Korda & Itani, 2013). (Ahangama, 2023; Bhimani et al.,
2019).
Information Maneuvers in Challenging, especially when Real-time monitoring and Adaptive analytics systems and
Social Cyber Attacks spanning multiple platforms sentiment/intent analysis algorithms cross-platform, cross-nation
(Blane et al., 2021; Hadnagy, (Camacho et al., 2020; Oussous collaborations (Katrakazas et al.,
2010; Wang et al., 2007). et al., 2018; Van Dijck, 2014). 2015).
Motive Identification in Social Difficult due to diverse and ML behavior analytics and NLP for Integration of AI with deep learning
Cybersecurity Attacks rapidly evolving threats textual analysis (Martín et al., 2021; and real-time motive detection
(Conteh & Schmick, 2016; Sarker et al., 2021). systems (Rodgers, 2020).
Gandhi et al., 2011; King
et al., 2018).
Diffusion in Social Multi-faceted challenge in State-of-the-art diffusion analysis Quantum-powered real-time
Cybersecurity Attacks understanding spread of tools with real-time tracking, analytics, integration of AR/VR with
influence campaigns, which network analysis, sentiment analysis diffusion analytics, advanced deep
are multi-modal and diverse tools, and cross-platform analytics learning models, and global
(Ahangama, 2023; Colbaugh & (Bragazzi et al., 2020; Liu, Tang, collaborative endeavors (Brijwani
Glass, 2012; Shrestha et al., et al., 2015; Yue et al., 2019). et al., 2023; Jung & tom Dieck,
2020). 2018).
Authenticity of Open-Source Rising dependence on Code signing, SAST and DAST tools, ML and AI for code analysis,
Code in Social Cybersecurity open-source software, need to and Software Composition Analysis blockchain for decentralized
Attacks ensure code’s integrity, and tools (Castro et al., 2006; Imtiaz repositories, peer reviews, and global
challenges from et al., 2021; Li, 2020). standards for open-source (Bharadiya,
misinformation (Ansari et al., 2023; Nawari & Ravindran, 2019).
2013; Breda et al., 2017;
Defense Advanced Research
Projects Agency (DARPA),
2021; Dumitras & Neamtiu,
2011).
Ethical Implications of Use of AI in social Integration of ethical AI frameworks Establishing regulatory frameworks
AI-based Cybersecurity cybersecurity raises concerns emphasizing fairness, accountability, and standardized ethical guidelines,
about user privacy, digital transparency, privacy-preserving incorporating explainable AI, and
rights, potential bias, and techniques (e.g., federated learning, fostering public trust through
unintentional surveillance due differential privacy) (Brakerski & responsible AI practices (Floridi
to extensive data collection Vaikuntanathan, 2014). et al., 2018).
and monitoring (Jobin et al.,
2019; Mittelstadt, 2019).

27
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

CRediT authorship contribution statement Alweshah, M. (2019). Construction biogeography-based optimization algorithm for
solving classification problems. Neural Computing and Applications, 31(10),
5679–5688.
Aos Mulahuwaish: Writing – review & editing, Writing – original
Alweshah, M., & Abdullah, S. (2015). Hybridizing firefly algorithms with a probabilistic
draft, Visualization, Supervision, Project administration, Methodology, neural network for solving classification problems. Applied Soft Computing, 35,
Investigation, Formal analysis. Basheer Qolomany: Writing – review 513–524.
& editing, Writing – original draft, Supervision, Project administra- Amin Mahmood, S. H., Mustafa Ali Abbasi, S., Abbasi, A., & Zaffar, F. (2020).
tion, Methodology, Formal analysis. Kevin Gyorick: Writing – review Phishcasting: Deep learning for time series forecasting of phishing attacks. In 2020
IEEE international conference on intelligence and security informatics (pp. 1–6).
& editing, Writing – original draft, Methodology, Formal analysis. Andrade, R. O., & Yoo, S. G. (2019). Cognitive security: A comprehensive study of
Jacques Bou Abdo: Methodology. Mohammed Aledhari: Resources, cognitive science in cybersecurity. Journal of Information Security and Applications,
Formal analysis. Junaid Qadir: Writing – original draft, Methodology. 48, Article 102352.
Kathleen Carley: Supervision. Ala Al-Fuqaha: Supervision. Ansari, F., Akhlaq, M., & Rauf, A. (2013). Social networks and web security: Implica-
tions on open source intelligence. In 2013 2nd national conference on information
assurance (pp. 79–82). IEEE.
Declaration of competing interest Ansolabehere, S., Iyengar, S., Simon, A., & Valentino, N. (1994). Does attack advertising
demobilize the electorate? American Political Science Review, 88(4), 829–838.
The authors declare that they have no known competing finan- Aswani, R., Kar, A. K., & Vigneswara Ilavarasan, P. (2018). Detection of spammers in
Twitter marketing: A hybrid approach using social media analytics and bio inspired
cial interests or personal relationships that could have appeared to
computing. Information Systems Frontiers, 20(3), 515–530.
influence the work reported in this paper. Aumann, R. J. (2019). Lectures on game theory. CRC Press.
Auter, Z. J., & Fine, J. A. (2016). Negative campaigning in the social media age: Attack
Data availability advertising on facebook. Political Behavior, 38, 999–1020.
Barry, B. M. (2020). How judges judge: Empirical insights into judicial decision-making.
Taylor & Francis.
No data was used for the research described in the article. Bastian, M., & Heymann, S. (2025). Gephi.
Batagelj, V., & Mrvar, A. (2023). Pajek. http://mrvar.fdv.uni-lj.si/pajek/. (Online:
Accessed 24 July 2023).
References Batrinca, B., & Treleaven, P. C. (2015). Social media analytics: a survey of techniques,
tools and platforms. Ai & Society, 30, 89–116.
Abdlhamed, M., Kifayat, K., Shi, Q., & Hurst, W. (2017). Intrusion prediction systems. Baydogan, C., & Alatas, B. (2021). Metaheuristic ant lion and moth flame optimization-
In Information fusion for cyber-security analytics (pp. 155–174). Springer. based novel approach for automatic detection of hate speech in online social
Adamcsek, B., Palla, G., Farkas, I. J., Derényi, I., & Vicsek, T. (2006). CFinder: networks. IEEE Access, 9, 110047–110062.
locating cliques and overlapping modules in biological networks. Bioinformatics, Bedi, P., & Sharma, C. (2016). Community detection in social networks. Wiley
22(8), 1021–1023. Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 6(3), 115–135.
Ahangama, S. (2023). Relating social media diffusion, education level and cybersecurity Beheshti, Z., & Shamsuddin, S. M. H. (2013). A review of population-based meta-
protection mechanisms to e-participation initiatives: Insights from a cross-country heuristic algorithms. International Journal of Advances in Soft Computing and its
analysis. Information Systems Frontiers, 1–17. Applications, 5(1), 1–35.
Ahmed, A. A., & Zaman, N. A. K. (2017). Attack intention recognition: A review. Behzadan, V., Aguirre, C., Bose, A., & Hsu, W. (2018). Corpus and deep learn-
International Journal Network Security, 19(2), 244–250. ing classifier for collection of cyber threat indicators in Twitter stream. (pp.
Aiken, M. (2016). The cyber effect: A pioneering cyber-psychologist explains how human 5002–5007).
behavior changes online. Spiegel & Grau. Ben-Gal, I. (2008). Bayesian networks. Encyclopedia of Statistics in Quality and Reliability,
Al-Ajlan, M. A., & Ykhlef, M. (2018). Optimized Twitter cyberbullying detection based 1.
on deep learning. In 2018 21st saudi computer society national computer conference Benevenuto, F., Magno, G., Rodrigues, T., & Almeida, V. (2010). Detecting spammers
(pp. 1–5). on Twitter. 6.
Al-Garadi, M. A., Hussain, M. R., Khan, N., Murtaza, G., Nweke, H. F., Ali, I., et Bertram, L. (2016). Terrorism, the internet and the social media advantage: Exploring
al. (2019). Predicting cyberbullying on social media in the big data era using how terrorist organizations exploit aspects of the internet, social media and how
machine learning algorithms: review of literature and open challenges. IEEE Access, these same platforms could be used to counter-violent extremism. Journal for
7, 70701–70718. Deradicalization, (7), 225–252.
Al-Qurishi, M., Al-Rakhami, M., Alamri, A., Alrubaian, M., Rahman, S. M. M., & Beskow, D. M., & Carley, K. M. (2019a). Agent based simulation of bot disinformation
Hossain, M. S. (2017). Sybil defense techniques in online social networks: a survey. maneuvers in Twitter. In 2019 winter simulation conference (pp. 750–761).
IEEE Access, 5, 1200–1219. Beskow, D., & Carley, K. (2019b). Social cybersecurity: An emerging national security
Al-Zoubi, A., Faris, H., Alqatawna, J., & Hassonah, M. (2018). Evolving support vector requirement.
machines using whale optimization algorithm for spam profiles detection on online Bethune, E., Buhalis, D., & Miles, L. (2022). Real time response (RTR): Conceptualizing
social networks in different lingual contexts. Knowledge-Based Systems, 153. a smart systems approach to destination resilience. Journal of Destination Marketing
Albawi, S., Mohammed, T. A., & Al-Zawi, S. (2017). Understanding of a convolutional & Management, 23, Article 100687.
neural network. In 2017 international conference on engineering and technology (pp. Bharadiya, J. (2023). Machine learning in cybersecurity: Techniques and challenges.
1–6). Ieee. European Journal of Technology, 7(2), 1–14.
Aleroud, A., Abu-Alsheeh, N., & Al-Shawakfa, E. (2020). A graph proximity feature Bhimani, H., Mention, A.-L., & Barlatier, P.-J. (2019). Social media and innovation: A
augmentation approach for identifying accounts of terrorists on twitter. Computers systematic literature review and future research directions. Technological Forecasting
& Security, 99, Article 102056. and Social Change, 144, 251–269.
Algarni, A., Xu, Y., Chan, T., & Tian, Y. (2017). Social engineering in cybersecurity: Bilge, L., Strufe, T., Balzarotti, D., & Kirda, E. (2009). All your contacts are belong to
The evolution of phishing attacks. Computers & Security, 73, 67–85. us: automated identity theft attacks on social networks. In Proceedings of the 18th
Alguliyev, R., Aliguliyev, R., & Abdullayeva, F. (2019). Deep learning method for international conference on world wide web (pp. 551–560).
prediction of DDoS attacks on social media. Advances in Data Science and Adaptive Blake, H. (2024). Generative AI in cyber security: New threats and solutions for
Analysis, 11. adversarial attacks. ResearchGate.
Allcott, H., & Gentzkow, M. (2017). Social media and fake news in the 2016 election. Blane, J. T., Moffitt, J., & Carley, K. M. (2021). Simulating social-cyber maneuvers to
Journal of Economic Perspectives, 31(2), 211–236. deter disinformation campaigns. In Social, cultural, and behavioral modeling: 14th
Almomani, A., Alweshah, M., Al Khalayleh, S., Al-Refai, M., & Qashi, R. (2019). international conference, SBP-BRiMS 2021, virtual event, July 6–9, 2021, proceedings
Metaheuristic algorithms-based feature selection approach for intrusion detection. 14 (pp. 153–163). Springer.
In Machine learning for computer and cyber security (pp. 184–208). CRC Press. Blei, D. M., Ng, A. Y., & Jordan, M. I. (2003). Latent dirichlet allocation. Journal of
Alqahtani, A., & Sheldon, F. T. (2022). A survey of crypto ransomware attack detection Machine Learning Research, 3(Jan), 993–1022.
methodologies: an evolving outlook. Sensors, 22(5), 1837. Blum, C., & Roli, A. (2003). Metaheuristics in combinatorial optimization: Overview
Alshamrani, A., Myneni, S., Chowdhary, A., & Huang, D. (2019). A survey on advanced and conceptual comparison. ACM Computing Surveys, 35(3), 268–308.
persistent threats: Techniques, solutions, challenges, and research opportunities. Bontrager, P., Roy, A., Togelius, J., Memon, N., & Ross, A. (2018). Deepmasterprints:
IEEE Communications Surveys & Tutorials, 21(2), 1851–1877. Generating masterprints for dictionary attacks via latent variable evolution. In 2018
Alsharif, M., Mishra, S., & AlShehri, M. (2022). Impact of human vulnerabilities on IEEE 9th international conference on biometrics theory, applications and systems (pp.
cybersecurity. Computer Systems Science and Engineering, 40(3), 1153–1166. 1–9). IEEE.
Alves, F., Andongabo, A., Gashi, I., Ferreira, P. M., & Bessani, A. (2020). Follow the Borgatti, S., Everett, M., & Freeman, L. (2002). UCINET for windows: Software for
blue bird: A study on threat data published on Twitter. In ESORICS. social network analysis.

28
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Bottou, L. (2012). Stochastic gradient descent tricks. In Neural networks: tricks of the Dionísio, N., Alves, F., Ferreira, P. M., & Bessani, A. (2020). Towards end-to-end
trade (pp. 421–436). Springer. cyberthreat detection from Twitter using multi-task learning. In 2020 international
Boussaïd, I., Lepagnot, J., & Siarry, P. (2013). A survey on optimization metaheuristics. joint conference on neural networks (pp. 1–8).
Information Sciences, 237, 82–117. Douceur, J. R. (2002). The sybil attack. In International workshop on peer-to-peer systems
Bowen, B. M., Devarajan, R., & Stolfo, S. (2011). Measuring the human factor of cyber (pp. 251–260). Springer.
security. In 2011 IEEE international conference on technologies for homeland security Dumitras, T., & Neamtiu, I. (2011). Experimental challenges in cyber security: A story
(pp. 230–235). IEEE. of provenance and lineage for malware. CSET, 11, 2011–2019.
Bragazzi, N. L., Dai, H., Damiani, G., Behzadifar, M., Martini, M., & Wu, J. (2020). How Edwards, A., & Edwards, L. (2023). Chat coder. https://www.chatcoder.com/. (Online:
big data and artificial intelligence can help better manage the COVID-19 pandemic. Accessed 24 July 2023).
International Journal of Environmental Research and Public Health, 17(9), 3176. El-Mawass, N., Honeine, P., & Vercouter, L. (2018). Supervised classification of social
Brakerski, Z., & Vaikuntanathan, V. (2014). Efficient fully homomorphic encryption spammers using a similarity-based Markov random field approach. In Proceedings
from (standard) LWE. In SIAM journal on computing, vol. 43, no. 2 (pp. 831–871). of the 5th multidisciplinary international social networks conference. New York, NY,
Breda, F., Barbosa, H., & Morais, T. (2017). Social engineering and cyber security. In USA: Association for Computing Machinery.
INTED2017 proceedings (pp. 4204–4211). IATED. El-Mawass, N., Honeine, P., & Vercouter, L. (2020). SimilCatch: Enhanced social
Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5–32. spammers detection on Twitter using Markov random fields. Information Processing
Brijwani, G. N., Ajmire, P. E., & Thawani, P. V. (2023). Future of quantum computing in & Management, 57(6), Article 102317.
cyber security. In Handbook of research on quantum computing for smart environments
Ellison, N. B., Vitak, J., Steinfield, C., Gray, R., & Lampe, C. (2011). Negotiating privacy
(pp. 267–298). IGI Global.
concerns and social capital needs in a social media environment. Privacy Online:
Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning
Perspectives on Privacy and Self-Disclosure in the Social Web, 19–32.
methods for cyber security intrusion detection. IEEE Communications Surveys &
Eshraqi, N., Jalali, M., & Moattar, M. H. (2015). Detecting spam tweets in Twitter using
Tutorials, 18(2), 1153–1176.
a data stream clustering algorithm. In 2015 international congress on technology,
Calay, T. J., Qolomany, B., Mulahuwaish, A., Hossain, L., & Abdo, J. B. (2023). CCTFv1:
communication and knowledge (pp. 347–351).
Computational modeling of cyber team formation strategies. In 16th international
ExploitDB. (2023). https://www.exploit-db.com/. (Online: Accessed 24 July 2023).
conference on social computing, behavioral-cultural modeling, & prediction and behavior
Facebook friendships network dataset – KONECT. (2023). http://konect.cc/networks/
representation in modeling and simulation.
facebook-wosn-links/. (Online: Accessed 24 July 2023).
Calvet, L., de Armas, J., Masip, D., & Juan, A. A. (2017). Learnheuristics: hybridizing
Farhadi, H., AmirHaeri, M., & Khansari, M. (2011). Alert correlation and prediction
metaheuristics with machine learning for optimization with dynamic inputs. Open
using data mining and HMM. ISeCure, 3(2).
Mathematics, 15(1), 261–280.
Camacho, D., Panizo-LLedot, A., Bello-Orgaz, G., Gonzalez-Pardo, A., & Cambria, E. Fazil, M., & Abulaish, M. (2018). A hybrid approach for detecting automated spam-
(2020). The four dimensions of social network analysis: An overview of research mers in Twitter. IEEE Transactions on Information Forensics and Security, 13(11),
methods, applications, and software tools. Information Fusion, 63, 88–120. 2707–2719.
Carley, K. (2020). Social cybersecurity: an emerging science. Computational and Feinberg, T., & Robey, N. (2009). Cyberbullying. The Education Digest, 74(7), 26.
Mathematical Organization Theory, 26, 365–381. Feng, S., Wan, H., Wang, N., Li, J., & Luo, M. (2021). TwiBot-20: A comprehensive
Carley, K., Columbus, D., & Landwehr, P. (2025). AutoMap: Extract, analyze and Twitter bot detection benchmark. In Proceedings of the 30th ACM international
represent relational data from texts. CASOS. conference on information & knowledge management.
Castro, M., Costa, M., & Harris, T. (2006). Securing software by enforcing data- Feng, S., Wan, H., Wang, N., & Luo, M. (2021). BotRGCN: Twitter bot detection
flow integrity. In Proceedings of the 7th symposium on operating systems design and with relational graph convolutional networks. CoRR abs/2106.13092URL https:
implementation (pp. 147–160). //arxiv.org/abs/2106.13092.
Chakraborty, M., Pal, S., Pramanik, R., & Chowdary, C. R. (2016). Recent developments Ferrara, E. (2015). " manipulation and abuse on social media" by Emilio Ferrara with
in social spam detection and combating techniques: A survey. Information Processing Ching-man Au Yeung as coordinator. ACM SIGWEB Newsletter, 2015(Spring), 1–9.
& Management, 52(6), 1053–1073. Ferrara, E. (2019). The history of digital spam. Communications of the ACM, 62(8),
Chambers, N., Fry, B., & McMasters, J. (2018). Detecting denial-of-service attacks 82–91.
from social media text: Applying NLP to computer security. In Proceedings of the Ferrara, E., Varol, O., Davis, C., Menczer, F., & Flammini, A. (2020). The rise of social
2018 conference of the North American chapter of the Association for Computational bots. Communications of the ACM, 63(6), 96–104.
Linguistics: human language technologies, volume 1 (long papers) (pp. 1626–1635). Fire, M., Kagan, D., Elyashar, A., & Elovici, Y. (2014). Friend or foe? Fake profile
New Orleans, Louisiana: Association for Computational Linguistics. identification in online social networks. Social Network Analysis and Mining, 4, 1–23.
Chatfield, C. (2003). The analysis of time series: an introduction. Chapman and hall/CRC. Floridi, L., et al. (2018). AI4People—An ethical framework for a good AI society:
Chen, H., Liu, R., Park, N., & Subrahmanian, V. (2019). Using Twitter to predict when Opportunities, risks, principles, and recommendations. Minds and Machines, 28,
vulnerabilities will be exploited. (pp. 3143–3152). 689–707.
Cheng, M., Wang, S., Yan, X., Yang, T., Wang, W., Huang, Z., et al. (2021). A COVID-19 Ford, J. D., Tilleard, S. E., Berrang-Ford, L., Araos, M., Biesbroek, R., Lesnikowski, A.
rumor dataset. Frontiers in Psychology, 12, 1566. C., et al. (2016). Big data has big potential for applications to climate change
Chesney, R., & Citron, D. (2019). Deepfakes and the new disinformation war: The adaptation. Proceedings of the National Academy of Sciences, 113(39), 10729–10732.
coming age of post-truth geopolitics. Foreign Affairs, 98, 147–155. Gagniuc, P. A. (2017). Markov chains: from theory to implementation and experimentation.
Colbaugh, R., & Glass, K. (2012). Early warning analysis for social diffusion events. John Wiley & Sons.
Security Informatics, 1, 1–26. Gandhi, R., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., & Laplante, P. (2011). Di-
Collier, N., & North, M. (2011). Repast HPC: A platform for large-scale agent-based
mensions of cyber-attacks: Cultural, social, economic, and political. IEEE Technology
modeling. Large-Scale Computing Techniques for Complex System Simulations, 81–110.
and Society Magazine, 30(1), 28–38.
Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and
Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., & Zhao, B. Y. (2010). Detecting and
countermeasures to prevent social engineering attacks. International Journal of
characterizing social spam campaigns. In Proceedings of the 10th ACM SIGCOMM
Advanced Computer Research, 6(23), 31.
conference on internet measurement (pp. 35–47). New York, NY, USA: Association
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology
for Computing Machinery.
Innovation Management Review, 4(10).
Gausen, A., Luk, W., & Guo, C. (2021). Can we stop fake news? Using agent-
Crainic, T. G., & Toulouse, M. (2003). Parallel strategies for meta-heuristics. In
based modelling to evaluate countermeasures for misinformation on social media.
Handbook of metaheuristics (pp. 475–513). Springer.
Association for the Advancement of Artificial Intelligence.
Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., et al.
Gerber, M. (2014). Predicting crime using Twitter and kernel density estimation.
(2022). Cyber risk and cybersecurity: A systematic review of data availability. The
Decision Support Systems, 61.
Geneva Papers on Risk and Insurance-Issues and Practice, 47(3), 698–736.
Csárdi, G., & Nepusz, T. (2025). igraph. The Igraph Core Team. Goolsby, R., Shanley, L., & Lovell, A. (2013). On cybersecurity, crowdsourcing, and
Dasgupta, D., Akhtar, Z., & Sen, S. (2022). Machine learning in cybersecurity: a social cyber-attack. Policy Memo Series, 1.
comprehensive survey. The Journal of Defense Modeling and Simulation, 19(1), Goyal, P., Hossain, K. S. M. T., Deb, A., Tavabi, N., Bartley, N., Abeliuk, A., et
57–106. al. (2018). Discovering signals from web sources to predict cyber attacks. CoRR
Dawson, J., & Thomson, R. (2018). The future cybersecurity workforce: going beyond abs/1806.03342.
technical skills for successful cyber performance. Frontiers in Psychology, 9, 744. Greenspan, D. (1973). Discrete models. Reading, MA: Addison-Wesley Publishing Co..
Defense Advanced Research Projects Agency (DARPA) (2021). Hybrid AI to protect Griffin, C., & Squicciarini, A. (2012). Toward a game theoretic model of information
integrity of open source code. DARPA. release in social media with experimental results.
Dhanalakshmi, T., Bharathi, N., & Monisha, M. (2014). Safety concerns of sybil attack in Grimm, V., & Railsback, S. F. (2013). Individual-based modeling and ecology. In
WSN. In 2014 international conference on science engineering and management research Individual-based modeling and ecology. Princeton University Press.
(pp. 1–4). IEEE. Groff, E. R. (2007). Simulation for theory testing and experimentation: An example
Dionísio, N., Alves, F., Ferreira, P. M., & Bessani, A. (2019). Cyberthreat detection from using routine activity theory and street robbery. Journal of Quantitative Criminology,
Twitter using deep neural networks. In 2019 international joint conference on neural 23(2), 75–103.
networks (pp. 1–8). Guiora, A., & Park, E. A. (2017). Hate speech on social media. Philosophia, 45, 957–971.

29
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Günay Yılmaz, A., Turhal, U., & Nabiyev, V. (2020). Effect of feature selection with Kaveh, A. (2014). Advances in metaheuristic algorithms for optimal design of structures.
meta-heuristic optimization methods on face spoofing detection. (pp. 48–59). Springer.
Gupta, A., & Kaushal, R. (2015). Improving spam detection in online social networks. Kemmerer, R. A. (2003). Cybersecurity. In 25th international conference on software
In 2015 international conference on cognitive computing and information processing (pp. engineering, 2003. proceedings (pp. 705–715). IEEE.
1–6). Khandpur, R. P., Ji, T., Jan, S., Wang, G., Lu, C.-T., & Ramakrishnan, N. (2017a).
Gupta, S., Singhal, A., & Kapoor, A. (2016). A literature survey on social engineering at- Crowdsourcing cybersecurity: Cyber attack detection using social media. In Pro-
tacks: Phishing attack. In 2016 international conference on computing, communication ceedings of the 2017 ACM on conference on information and knowledge management
and automation (pp. 537–540). IEEE. (pp. 1049–1057).
Gutierrez, D. (2025). Twitter bots accounts: An updated dataset for Twitter bot account Khandpur, R. P., Ji, T., Jan, S., Wang, G., Lu, C.-T., & Ramakrishnan, N. (2017b).
detection. Kaggle. Crowdsourcing cybersecurity: Cyber attack detection using social media.
Hackmageddon (2023). 2018 master table. https://www.hackmageddon.com/2018- Kindermann, R. (1980). Markov random fields and their applications. American
master-table/. (Online: Accessed 24 July 2023). Mathematical Society.
Hadlington, L. (2017). Human factors in cybersecurity; examining the link be- King, Z. M., Henshel, D. S., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018).
tween internet addiction, impulsivity, attitudes towards cybersecurity, and risky Characterizing and measuring maliciousness for cybersecurity risk assessment.
cybersecurity behaviours. Heliyon, 3(7). Frontiers in Psychology, 9, 39.
Hadnagy, C. (2010). Social engineering: The art of human hacking. John Wiley & Sons. Kinsner, W. (2012). Towards cognitive security systems. In 2012 IEEE 11th international
Hagberg, A., Swart, P., & Schult, D. (2025). Networkx. NetworkX Developers. conference on cognitive informatics and cognitive computing (p. 539). IEEE.
Hamilton, J. D. (2020). Time series analysis. Princeton University Press. Kirichenko, L., Radivilova, T., & Carlsson, A. (2018). Detecting cyber threats through
Han, E.-H. S., & Karypis, G. (2000). Centroid-based document classification: Analysis social network analysis: short survey.
and experimental results. In European conference on principles of data mining and Klien, F., & Strohmaier, M. (2012). Short links under attack: geographical analysis of
knowledge discovery (pp. 424–431). Springer. spam in a URL shortener network. In Proceedings of the 23rd ACM conference on
Harsanyi, J. C. (1967). Games with incomplete information played by ‘‘Bayesian’’ hypertext and social media (pp. 83–88).
players, I–III part I. The basic model. Management Science, 14(3), 159–182. Kontogiannis, S. C., & Spirakis, P. G. (2010). Well supported approximate equilibria in
Harsanyi, J. C. (1968). Games with incomplete information played by ‘‘Bayesian’’ bimatrix games. Algorithmica, 57, 653–667.
players part II. Bayesian equilibrium points. Management Science, 14(5), 320–334. Korda, H., & Itani, Z. (2013). Harnessing social media for health promotion and
Hatfield, J. M. (2018). Social engineering in cybersecurity: The evolution of a concept. behavior change. Health Promotion Practice, 14(1), 15–23.
Computers & Security, 73, 102–113. Korolov, R., Lu, D., Wang, J., Zhou, G., Bonial, C., Voss, C., et al. (2016). On predicting
Helfstein, S., & Wright, D. (2011). Covert or convenient? Evolution of terror attack social unrest using social media. In 2016 IEEE/ACM international conference on
networks. Journal of Conflict Resolution, 55(5), 785–813. advances in social networks analysis and mining (pp. 89–95). IEEE.
Hinduja, S., & Patchin, J. W. (2010). Bullying, cyberbullying, and suicide. Archives of Krombholz, K., Merkl, D., & Weippl, E. (2012). Fake identities in social media: A case
Suicide Research, 14(3), 206–221. study on the sustainability of the facebook business model. Journal of Service Science
Hochreiter, S., & Schmidhuber, J. (1997). Long short-term memory. Neural Computation, Research, 4, 175–212.
9(8), 1735–1780. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M.
Hong, J., Cruz, I. F., & Kim, D. (2024). Justice behind the virtual mask: The influence (2021). An IoT-focused intrusion detection system approach based on preprocessing
of race of the virtual influencer and the creator on promoting the black lives matter characterization for cybersecurity datasets. Sensors, 21(2), 656.
movement. New Media & Society, Article 14614448241262806. Le, B.-D., Wang, G., Nasim, M., & Babar, M. (2019). Gathering cyber threat intelligence
Hong, J., Fischer, K., Kim, D., Cho, J. H., & Sun, Y. (2024). I am not your typical from Twitter using novelty classification. In 2019 international conference on
chatbot: Hedonic and utilitarian evaluation of open-domain chatbots. International cyberworlds (pp. 316–323).
Journal of Human-Computer Interaction, 1–12. Le Page, S., Jourdan, G.-V., Bochmann, G. V., Flood, J., & Onut, I.-V. (2018). Using url
Hootsuite. (2023). https://www.hootsuite.com/. (Online: Accessed 24 July 2023). shorteners to compare phishing and malware attacks. In 2018 APWG symposium on
Hsu, C.-W., Chang, C.-C., Lin, C.-J., et al. (2003). A practical guide to support vector electronic crime research (pp. 1–13). IEEE.
classification. Taipei, Taiwan. Lewis, D. D. (1998). Naive (Bayes) at forty: The independence assumption in
Hubbard, D. W. (2020). The failure of risk management: Why it’s broken and how to fix information retrieval. European conference on machine learning (pp. 4–15). Springer.
it. John Wiley & Sons. Li, J. (2020). Vulnerabilities mapping based on OWASP-SANS: a survey for static
Husák, M., Komárková, J., Bou-Harb, E., & Čeleda, P. (2019). Survey of attack application security testing (SAST). arXiv preprint arXiv:2004.03216.
projection, prediction, and forecasting in cyber security. IEEE Communications Li, J., Ji, R., Liu, H., Hong, X., Gao, Y., & Tian, Q. (2019). Universal perturbation attack
Surveys & Tutorials, 21(1), 640–660. against image retrieval. In Proceedings of the IEEE/CVF international conference on
Imtiaz, N., Thorn, S., & Williams, L. (2021). A comparative study of vulnerability computer vision (pp. 4899–4908).
reporting by software composition analysis tools. In Proceedings of the 15th Li, Z.-t., Lei, J., Wang, L., & Li, D. (2007). A data mining approach to generating
ACM/IEEE international symposium on empirical software engineering and measurement network attack graph for intrusion prediction. In Fourth international conference on
(pp. 1–11). fuzzy systems and knowledge discovery, vol. 4 (pp. 307–311). IEEE.
Indyk, P., & Motwani, R. (1998). Approximate nearest neighbors: towards removing Li, X., Li, J., Chen, Y., Ye, S., He, Y., Wang, S., et al. (2021). Qair: Practical query-
the curse of dimensionality. In Proceedings of the thirtieth annual ACM symposium efficient black-box attacks for image retrieval. In Proceedings of the IEEE/CVF
on theory of computing (pp. 604–613). conference on computer vision and pattern recognition (pp. 3330–3339).
Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Li, H., Mukherjee, A., Liu, B., Kornfield, R., & Emery, S. (2014). Detecting campaign
Communications of the ACM, 50(10), 94–100. promoters on Twitter using Markov random fields. In 2014 IEEE international
Jansson, K., & von Solms, R. (2013). Phishing for phishing awareness. Behaviour & conference on data mining (pp. 290–299).
Information Technology, 32(6), 584–593. Liang, X., Li, X., Luan, T. H., Lu, R., Lin, X., & Shen, X. (2012). Morality-driven data
Javed, A., Burnap, P., & Rana, O. (2019). Prediction of drive-by download attacks on forwarding with privacy preservation in mobile social networks. IEEE Transactions
Twitter. Information Processing & Management, 56(3), 1133–1145. on Vehicular Technology, 61(7), 3209–3222.
Javed, M. A., Younis, M. S., Latif, S., Qadir, J., & Baig, A. (2018). Community Lida, H., Liu, G., Chen, T., Yuan, H., Shi, P., & Miao, Y. (2020). Similarity-based
detection in networks: A multidisciplinary review. Journal of Network and Computer emergency event detection in social media. Journal of Safety Science and Resilience,
Applications, 108, 87–111. 2.
JGraphT. (2023). https://jgrapht.org/. (Online: Accessed 24 July 2023). Lin, J., Keogh, E., Lonardi, S., & Chiu, B. (2003). A symbolic representation of time
Ji, T., Luo, C., Guo, Y., Wang, Q., Yu, L., & Li, P. (2020). Community detection in series, with implications for streaming algorithms. In Proceedings of the 8th ACM
online social networks: A differentially private and parsimonious approach. IEEE SIGMOD workshop on research issues in data mining and knowledge discovery (pp.
Transactions on Computational Social Systems, 7(1), 151–163. 2–11).
Jobin, A., Ienca, M., & Vayena, E. (2019). The global landscape of AI ethics guidelines. Lippmann, R., Campbell, W., Weller-Fahy, D., Mensch, A., Zeno, G., & Campbell, J.
Nature Machine Intelligence, 1(9), 389–399. (2015). Finding malicious cyber discussions in social media. Defense Technical
Jung, T., & tom Dieck, M. C. (2018). Augmented reality and virtual reality. Ujedinjeno Information Center.
Kraljevstvo: Springer International Publishing AG. Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., et al. (2015). Cloudy
(2016). How isis uses twitter. Kaggle. with a chance of breach: Forecasting cyber security incidents. In 24th {USENIX}
Kalamaras, D. (2025). SocNetV: Social network visualizer. Social Network Analysis and Security Symposium (pp. 1009–1024).
Visualizer Software. Liu, Y., Tang, M., Zhou, T., & Do, Y. (2015). Core-like groups result in invalidation of
Kamhoua, C. A., Kwiat, K. A., & Park, J. S. (2012). A game theoretic approach for identifying super-spreader by k-shell decomposition. Scientific Reports, 5(1), 9602.
modeling optimal data sharing on Online Social Networks. In 2012 9th international Lu, W., Varna, A. L., Swaminathan, A., & Wu, M. (2009). Secure image retrieval through
conference on electrical engineering, computing science and automatic control (pp. 1–6). feature protection. In 2009 IEEE international conference on acoustics, speech and
Katrakazas, C., Quddus, M., Chen, W.-H., & Deka, L. (2015). Real-time motion planning signal processing (pp. 1533–1536). IEEE.
methods for autonomous on-road driving: State-of-the-art and future research Luke, S., Cioffi-Revilla, C., Panait, L., Sullivan, K., & Balan, G. (2005). Mason: A
directions. Transportation Research Part C: Emerging Technologies, 60, 416–442. multiagent simulation environment. Simulation, 81(7), 517–527.

30
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Macal, C. M., & North, M. J. (2005). Tutorial on agent-based modeling and simulation. Okutan, A., Werner, G., Yang, S. J., & McConky, K. (2018). Forecasting cyberattacks
In Proceedings of the winter simulation conference, 2005 (pp. 14–pp). IEEE. with incomplete, imbalanced, and insignificant data. Cybersecurity, 1, 1–16.
Majeed, S., Uzair, M., Qamar, U., & Farooq, A. (2020a). Social network analysis Okutan, A., Yang, S. J., & McConky, K. (2017). Predicting cyber attacks with Bayesian net-
visualization tools: A comparative review. In 2020 IEEE 23rd international multitopic works using unconventional signals. New York, NY, USA: Association for Computing
conference (pp. 1–6). IEEE. Machinery.
Majeed, S., Uzair, M., Qamar, U., & Farooq, A. (2020b). Social network analysis O’Madadhain, J., Fisher, D., Nelson, T., White, S., & Boey, Y.-B. (2025). Jung: Java
visualization tools: A comparative review. In 2020 IEEE 23rd international multitopic universal network/graph framework. The JUNG Framework Development Team.
conference (pp. 1–6). Onuchowska, A. A. (2020). Analysis of malicious behavior on social media platforms
Mallet, J.-L. (1997). Discrete modeling for natural objects. Mathematical Geology, 29, using agent-based modeling. Graduate Theses and Dissertations, 59–87.
199–219. ORA. (2023). http://www.casos.cs.cmu.edu/projects/ora/. (Online: Accessed 24 July
Malmasi, S., & Zampieri, M. (2017). Detecting hate speech in social media. arXiv 2023).
preprint arXiv:1712.06427. Osman, M. (2010). Controlling uncertainty: a review of human behavior in complex
Martín, A. G., Fernández-Isabel, A., Martín de Diego, I., & Beltrán, M. (2021). A dynamic environments.. Psychological Bulletin, 136(1), 65.
survey for user behavior analysis based on machine learning techniques: current Oussous, A., Benjelloun, F.-Z., Lahcen, A. A., & Belfkih, S. (2018). Big data technologies:
models and applications. Applied Intelligence: The International Journal of Artifi- A survey. Journal of King Saud University-Computer and Information Sciences, 30(4),
cial Intelligence, Neural Networks, and Complex Problem-Solving Technologies, 51(8), 431–448.
6029–6055. Paek, H.-J., Pan, Z., Sun, Y., Abisaid, J., & Houden, D. (2005). The third-person
Martin-Bautista, M. J., & Vila, M.-A. (1999). A survey of genetic feature selection in perception as social judgment: An exploration of social distance and uncertainty in
mining issues. In Proceedings of the 1999 congress on evolutionary computation-CEC99 perceived effects of political attack ads. Communication Research, 32(2), 143–170.
(cat. no. 99TH8406), vol. 2 (pp. 1314–1321). IEEE. Papadopoulos, S., Kompatsiaris, Y., Vakali, A., & Spyridonos, P. (2012). Community
Matamoros-Fernández, A., & Farkas, J. (2021). Racism, hate speech, and social media: detection in social media: Performance and application considerations. Data Mining
A systematic review and critique. Television & New Media, 22(2), 205–224. and Knowledge Discovery, 24, 515–554.
MatLab. (2023). https://www.mathworks.com/products/matlab.html. (Online: Accessed Perera, I., Hwang, J., Bayas, K., Dorr, B., & Wilks, Y. (2018). Cyberattack prediction
24 July 2023). through public text analysis and mini-theories. In 2018 IEEE international conference
Mazhar, T., Irfan, H. M., Khan, S., Haq, I., Ullah, I., Iqbal, M., et al. (2023). Analysis of on big data (pp. 3001–3010).
cyber security attacks and its solutions for the smart grid using machine learning Perkins, J., Tavory, R., Luce, L., & Sanders, N. (2025). Sentiment140. Stanford.
and blockchain methods. Future Internet, 15(2), 83. Phillips, C., & Swiler, L. P. (1998). A graph-based system for network-vulnerability
Maziku, S., Rahiman, A., Mohammed, A., & Abdullah, M. (2020). A novel framework analysis. In Proceedings of the 1998 workshop on new security paradigms (pp. 71–79).
for identifying twitter spam data using machine learning algorithms. Journal of Pinto, S. J., Siano, P., & Parente, M. (2023). Review of cybersecurity analysis in smart
Southwest Jiaotong University, 55. distribution systems and future directions for using unsupervised learning methods
McAuley, J., & Leskovee, J. (2012). Learning to discover social circles in ego networks. for cyber detection. Energies, 16(4), 1651.
NIPS. Potha, N., & Maragoudakis, M. (2014). Cyberbullying detection using time series
Microsoft security response center (MSRC). (2023). https://msrc.microsoft.com/update-
modeling. In 2014 IEEE international conference on data mining workshop (pp.
guide/vulnerability. (Online: Accessed 24 July 2023).
373–382).
Mirjalili, S., & Lewis, A. (2016). The whale optimization algorithm. Advances in
Python. (2023). https://www.python.org/. (Online: Accessed 24 July 2023).
Engineering Software, 95, 51–67.
PyTorch. (2023). https://pytorch.org/. (Online: Accessed 24 July 2023).
Mitchell, T. M., & Mitchell, T. M. (1997). Machine learning: vol. 1, (9), McGraw-hill
Qiao, F., Li, P., Zhang, X., Ding, Z., Cheng, J., & Wang, H. (2017). Predicting social
New York.
unrest events with hidden Markov models using GDELT. Discrete Dynamics in Nature
Mittal, S., Das, P. K., Mulwad, V., Joshi, A., & Finin, T. (2016). CyberTwitter: Using
and Society, 2017, 1–13.
Twitter to generate alerts for cybersecurity threats and vulnerabilities. In 2016
R project. (2023). https://www.r-project.org/about.html. (Online: Accessed 24 July
IEEE/ACM international conference on advances in social networks analysis and mining
2023).
(pp. 860–867).
Rabiner, L. R. (1989). A tutorial on hidden Markov models and selected applications
Mittelstadt, B. D. (2019). Principles alone cannot guarantee ethical AI. Nature Machine
in speech recognition. Proceedings of the IEEE, 77(2), 257–286.
Intelligence, 1(11), 501–507.
Radanliev, P., De Roure, D., van Kleek, M., & Cannady, S. (2020). Artificial intelligence
Mohammadi, A., Manshaei, M. H., Moghaddam, M. M., & Zhu, Q. (2016). A
and cyber risk super-forecasting. 2, (34704.56322), Pre-Print, http://dx.doi.org/10.
game-theoretic analysis of deception over social networks using fake avatars. In
13140/RG.
GameSec.
Rahman, T., Rohan, R., Pal, D., & Kanthamanon, P. (2021). Human factors in
Mondal, M., Silva, L. A., & Benevenuto, F. (2017). A measurement study of hate speech
cybersecurity: a scoping review. In The 12th international conference on advances
in social media. In Proceedings of the 28th ACM conference on hypertext and social
in information technology (pp. 1–11).
media (pp. 85–94).
Rahmandad, H., & Sterman, J. (2008). Heterogeneity and network structure in the
Moon, T. K. (1996). The expectation-maximization algorithm. IEEE Signal Processing
dynamics of diffusion: Comparing agent-based and differential equation models.
Magazine, 13(6), 47–60.
Moscato, V., Picariello, A., & Sperli, G. (2019). Community detection based on game Management Science, 54(5), 998–1014.
theory. Engineering Applications of Artificial Intelligence, 85, 773–782. Ramalingam, D., & Chinnaiah, V. (2018). Fake profile detection techniques in large-
Mostafa, M., Abdelwahab, A., & Sayed, H. (2020). Detecting spam campaign in twitter scale online social networks: A comprehensive review. Computers & Electrical
with semantic similarity. Journal of Physics: Conference Series, 1447, Article 012044. Engineering, 65, 165–177.
Mukunthan, B., & Arunkrishna, M. (2021). Spam detection and spammer behaviour Rani, P., & Shokeen, J. (2021). A survey of tools for social network analysis.
analysis in Twitter using content based filtering approach. Journal of Physics: International Journal of Web Engineering and Technology, 16(3), 189–216.
Conference Series, 1817, Article 012014. Rao, S., Verma, A. K., & Bhatia, T. (2021). A review on social spam detection:
Mulahuwaish, A., Osti, M., Gyorick, K., Maabreh, M., Gupta, A., & Qolomany, B. Challenges, open issues, and future directions. Expert Systems with Applications, 186,
(2022). CovidMis20: COVID-19 misinformation detection system on Twitter tweets Article 115742.
using deep learning models. In International conference on intelligent human computer Reynolds, D. A. (2009). Gaussian mixture models. Encyclopedia of Biometrics,
interaction (pp. 466–479). Springer. 741(659–663).
MuxViz. (2023). https://github.com/manlius/muxViz. (Online: Accessed 24 July 2023). Rezaeipanah, A., Mokhtari, M., & Zadeh, M. (2020). Providing a new method for link
Nanda, P., & Kumar, V. (2021). Social media analytics: tools, techniques and present prediction in social networks based on the meta-heuristic algorithm. Information
day practices. International Journal of Services Operations and Informatics, 11(4), Technology and Management, 1, 28–36.
422–436. Ritter, A., Wright, E., Casey, W., & Mitchell, T. (2015). Weakly supervised extraction
Nash, J. (1951). Non-cooperative games. Annals of Mathematics, 54(2). of computer security events from Twitter.
Nawari, N. O., & Ravindran, S. (2019). Blockchain and the built environment: Potentials Rodgers, W. (2020). Artificial intelligence in a throughput model: Some major algorithms.
and limitations. Journal of Building Engineering, 25, Article 100832. CRC Press.
Nazario, J. (2008). DDoS attack evolution. Network Security, 2008(7), 7–10. Sabottke, C., Suciu, O., & Dumitraş, T. (2015a). Vulnerability disclosure in the age of
Niazi, M., & Hussain, A. (2011). Agent-based computing from multi-agent systems to social media: Exploiting twitter for predicting {real-world} exploits. In 24th USeNIX
agent-based models: a visual survey. Scientometrics, 89(2), 479–499. security symposium (pp. 1041–1056).
Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. Sabottke, C., Suciu, O., & Dumitras, T. (2015b). Vulnerability disclosure in the age of
HOLISTICA–Journal of Business and Public Administration, 9(3), 71–88. social media: Exploiting Twitter for predicting real-world exploits. In 24th USeNIX
Oehri, C., & Teufel, S. (2012). Social media security culture. In 2012 information security security symposium (pp. 1041–1056). Washington, D.C.: USENIX Association.
for South Africa (pp. 1–5). IEEE. Samtani, S., Kantarcioglu, M., & Chen, H. (2020). Trailblazing the artificial intelli-
Okutan, A., Werner, G., McConky, K., & Yang, S. J. (2017). POSTER: Cyber attack gence for cybersecurity discipline: a multi-disciplinary research roadmap. ACM
prediction of threats from unconventional resources (CAPTURE). In Proceedings Transactions on Management Information Systems (TMIS), 11(4), 1–19.
of the 2017 ACM SIGSAC conference on computer and communications security (pp. Sánchez-Oro Calvo, J., & Duarte, A. (2018). Iterated greedy algorithm for performing
2563–2565). New York, NY, USA: Association for Computing Machinery. community detection in social networks. Future Generation Computer Systems, 88.

31
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Sanderson, J., Barnes, K., Williamson, C., & Kian, E. T. (2016). ‘How could anyone Talbi, E.-G. (2009). Metaheuristics: from design to implementation. John Wiley & Sons.
have predicted that# AskJameis would go horribly wrong?’Public relations, social Tensorflow. (2023). https://www.tensorflow.org/. (Online: Accessed 24 July 2023).
media, and hashtag hijacking. Public Relations Review, 42(1), 31–37. Tetlock, P. E., & Gardner, D. (2016). Superforecasting: The art and science of prediction.
Sandholm, V. C. T. (2002). Complexity results about Nash equilibria. Random House.
Sangwan, S. R., & Bhatia, M. (2020). Denigration bullying resolution using wolf search The GDELT project. (2023). https://www.gdeltproject.org/. (Online: Accessed 24 July
optimized online reputation rumour detection. Procedia Computer Science, 173, 2023).
305–314, International Conference on Smart Sustainable Intelligent Computing and Thomas, K., Li, F., Grier, C., & Paxson, V. (2014). Consequences of connectivity:
Applications under ICITETM2020. Characterizing account hijacking on twitter. In Proceedings of the 2014 ACM SIGSAC
Sarker, I. H., Furhad, M. H., & Nowrozy, R. (2021). Ai-driven cybersecurity: an conference on computer and communications security (pp. 489–500).
overview, security intelligence modeling and research directions. SN Computer Tisdale, S. M. (2015). Cybersecurity: Challenges from a systems, complexity, knowledge
Science, 2, 1–18. management and business intelligence perspective. Issues in Information Systems,
Scala, N. M., Reilly, A. C., Goethals, P. L., & Cukier, M. (2019). Risk and the five hard 16(3).
problems of cybersecurity. Risk Analysis, 39(10), 2119–2126. Tisue, S., & Wilensky, U. (2004). Netlogo: A simple environment for modeling
Sceller, Q., Karbab, E., Debbabi, M., & Iqbal, F. (2017). SONAR: Automatic detection complexity. In International conference on complex systems, vol. 21 (pp. 16–21).
of cyber security events over the Twitter stream. (pp. 1–11). Boston, MA.
Schneier, B. (2015). Secrets and lies: digital security in a networked world. John Wiley & Tolosana, R., et al. (2020). Deepfakes and beyond: A survey of face manipulation and
Sons. fake detection. Information Fusion, 64, 131–148.
Sendi, A. S., Dagenais, M., Jabbarifar, M., & Couture, M. (2012). Real time intrusion Tsaknakis, H., & Spirakis, P. G. (2007). An optimization approach for approximate
prediction based on optimized alerts with hidden Markov model. Journal of Nash equilibria. In Internet and network economics: third international workshop,
Networks, 7(2), 311. WINE 2007, San Diego, CA, USA, December 12-14, 2007. proceedings 3 (pp. 42–56).
Serrano, E., Iglesias, C. Á., & Garijo, M. (2015). A novel agent-based rumor spreading Springer.
model in Twitter. In WWW ’15 companion, Proceedings of the 24th international Tseng, S.-H., & Son Nguyen, T. (2020). Agent-based modeling of rumor propagation
conference on world wide web (pp. 811–814). New York, NY, USA: Association for using expected integrated mean squared error optimal design. Applied System
Computing Machinery. Innovation, 3(4).
Shao, S., Tunc, C., Al-Shawi, A., & Hariri, S. (2019). Automated Twitter author Tsesis, A. (2017a). Social media accountability for terrorist propaganda. Fordham Law
clustering with unsupervised learning for social media forensics. In 2019 IEEE/ACS Review, 86, 605.
16th international conference on computer systems and applications (pp. 1–8). Tsesis, A. (2017b). Terrorist speech on social media. Vanderbit Law Review, 70, 651.
Sharif, O., Hoque, M., Kayes, A. S. M., Nowrozy, R., & Sarker, I. (2020). Detecting Tsikerdekis, M., & Zeadally, S. (2014). Online deception in social media. Communications
suspicious texts using machine learning techniques. of the ACM, 57(9), 72–80.
Sharif, W., Mumtaz, S., Shafiq, Z., Riaz, O., Ali, T., Husnain, M., et al. (2019). Tufekci, Z., & Freelon, D. (2013). Introduction to the special issue on new media and
An empirical approach for extreme behavior identification through tweets using social unrest. American Behavioral Scientist, 57(7), 843–847.
machine learning. Applied Sciences, 9, 3723. Tundis, A., Jain, A., Bhatia, G., & Mühlhäuser, M. (2019). Similarity analysis of
Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., Chen, S., Liu, D., et al. criminals on social networks: An example on Twitter.
(2020). Performance comparison and current challenges of using machine learning Twitter inc.. (2023). https://developer.twitter.com/en/docs/twitter-api. (Online: Ac-
techniques in cybersecurity. Energies, 13(10), 2509. cessed 24 July 2023).
Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., & Xu, M. (2020). A survey on Vadapalli, S. R., Hsieh, G., & Nauer, K. S. (2018). TwitterOSINT: Automated cyberse-
machine learning techniques for cyber security in the last decade. IEEE Access, 8, curity threat intelligence collection and analysis using Twitter data. In Int’l conf.
222310–222354. security and management.
Sherman, S. L., DeFries, J. C., Gottesman, I. I., Loehlin, J. C., Meyer, J. M., Pelias, M. Van Dijck, J. (2014). Datafication, dataism and dataveillance: Big data between
Z., et al. (1997). Recent developments in human behavioral genetics: past accom- scientific paradigm and ideology. Surveillance & Society, 12(2), 197–208.
plishments and future directions. The American Journal of Human Genetics, 60(6), Various Authors (2023). An interdisciplinary approach to enhancing cyber threat
1265–1275. prediction utilizing forensic cyberpsychology and digital forensics. MDPI, 4(1), 8.
Sheyner, O., Haines, J., Jha, S., Lippmann, R., & Wing, J. M. (2002). Automated Vechtomova, O., & Wang, Y. (2006). A study of the effect of term proximity on query
generation and analysis of attack graphs. In Proceedings 2002 IEEE symposium on expansion. Journal of Information Science, 32(4), 324–333.
security and privacy (pp. 273–284). IEEE. Verdoliva, L. (2020). Media forensics and deepfakes: An overview. IEEE Journal of
Shin, H.-S., Kwon, H.-Y., & Ryu, S.-J. (2020). A new text classification model based Selected Topics in Signal Processing, 14(5), 910–932.
on contrastive word embedding for detecting cybersecurity intelligence in Twitter. Villar-Rodriguez, E., Del Ser, J., Gil-Lopez, S., Bilbao, N., & Salcedo-Sanz, S. (2017). A
Electronics, 9(9). meta-heuristic learning approach for the non-intrusive detection of impersonation
Shrestha, P., Sathanur, A., Maharjan, S., Saldanha, E., Arendt, D., & Volkova, S. attacks in social networks. International Journal of Bio-Inspired Computation, 10, 109.
(2020). Multiple social platforms reveal actionable signals for software vulnerability Villar-Rodriguez, E., Del Ser, J., & Salcedo-Sanz, S. (2015). On a machine learning
awareness: A study of GitHub, Twitter and reddit. Plos One, 15(3), Article approach for the detection of impersonation attacks in social networks. In Intelligent
e0230250. distributed computing VIII (pp. 259–268). Springer.
Shu, K., Mahudeswaran, D., Wang, S., Lee, D., & Liu, H. (2018). FakeNewsNet: A data Vulnerability list. (2023). https://www.cvedetails.com/vulnerability-list/. (Online:
repository with news content, social context and dynamic information for studying Accessed 24 July 2023).
fake news on social media. arXiv preprint arXiv:1809.01286. Wang, F.-Y., Carley, K. M., Zeng, D., & Mao, W. (2007). Social computing: From social
Shu, K., Mahudeswaran, D., Wang, S., Lee, D., & Liu, H. (2020). Fakenewsnet: A data informatics to social intelligence. IEEE Intelligent Systems, 22(2), 79–83.
repository with news content, social context, and spatiotemporal information for Wang, Z., & Zhang, Y. (2017). DDoS event forecasting using Twitter data. In Pro-
studying fake news on social media. Big Data, 8(3), 171–188. ceedings of the twenty-sixth international joint conference on artificial intelligence (pp.
Shu, K., Sliva, A., Wang, S., Tang, J., & Liu, H. (2017). Fake news detection on social 4151–4157).
media: A data mining perspective. ACM SIGKDD Explorations Newsletter, 19(1), Weidinger, L., et al. (2021). Ethical and social risks of harm from language models.
22–36. arXiv preprint arXiv:2112.04359.
Simran, K., Balakrishna, P., Vinayakumar, R., & Soman, K. (2019). Deep learning White, J., Park, J., Kamhoua, C., & Kwiat, K. (2013). Game theoretic attack analysis
approach for enhanced cyber threat indicators in Twitter stream. In SSCC. in online social network (OSN) services. (pp. 1012–1019).
Singh, A., & Kaur, M. (2019). Detection framework for content-based cybercrime in White, J., Park, J. S., Kamhoua, C. A., & Kwiat, K. A. (2014). Social network attack
online social networks using metaheuristic approach. Arabian Journal for Science simulation with honeytokens. Social Network Analysis and Mining, 4(1), 221.
and Engineering, 45. Whitman, M. E., & Mattord, H. J. (2013). Management of information security. Cengage
Singh, A., & Kaur, M. (2020). Intelligent content-based cybercrime detection in Learning.
online social networks using cuckoo search metaheuristic approach. Journal of Whittaker, E., & Kowalski, R. M. (2015). Cyberbullying via social media. Journal of
Supercomputing, 76. School Violence, 14(1), 11–29.
Sivarajah, U., Kamal, M. M., Irani, Z., & Weerakkody, V. (2017). Critical analysis of big Wiafe, I., Koranteng, F. N., Obeng, E. N., Assyne, N., Wiafe, A., & Gulliver, S. R.
data challenges and analytical methods. Journal of Business Research, 70, 263–286. (2020). Artificial intelligence for cybersecurity: a systematic mapping of literature.
Smith, M., Ceni, A., Milic-Frayling, N., Shneiderman, B., Mendes Rodrigues, E., IEEE Access, 8, 146598–146612.
Leskovec, J., et al. (2010). NodeXL: a free and open network overview, discovery Willemo, J., et al. (2019). Trends and developments in the malicious use of social media.
and exploration add-in for excel 2007/2010/2013/2016. Social Media Research NATO Strategic Communications Centre of Excellence.
Foundation. Wright, R. E. (1995). Logistic regression. American Psychological Association.
Sohrabi, M., & Karimi, F. (2017). A feature selection approach to detect spam in the Wu, P. (2015). Impossible to regulate: Social media, terrorists, and the role for the UN.
facebook social network. Arabian Journal for Science and Engineering, 43. Chicago Journal of International Law, 16, 281.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security manage- Wu, Y., Edwards, W. K., & Das, S. (2022). SoK: Social cybersecurity.
ment needs more holistic approach: A literature review. International Journal of Xu, S. (2019). Cybersecurity dynamics: A foundation for the science of cybersecurity.
Information Management, 36(2), 215–225. Proactive and Dynamic Network Defense, 1–31.

32
A. Mulahuwaish et al. Computers in Human Behavior Reports 18 (2025) 100668

Xu, J., & Chen, H. (2004). The topology of dark networks. Communications of the ACM, Zhang, Z., & Gupta, B. B. (2018). Social media security and trustworthiness: overview
47(6), 69–73. and new direction. Future Generation Computer Systems, 86, 914–925.
Yang, X.-S. (2010). Nature-inspired metaheuristic algorithms. Luniver Press. Zhao, H. V., Lin, W. S., & Liu, K. J. R. (2012). Cooperation and coalition in multimedia
Yang, S. J., Du, H., Holsopple, J., & Sudit, M. (2014). Attack projection. Cyber Defense fingerprinting colluder social networks. IEEE Transactions on Multimedia, 14(3),
and Situational Awareness, 239–261. 717–733.
Yue, L., Chen, W., Li, X., Zuo, W., & Yin, M. (2019). A survey of sentiment analysis Zong, S., Ritter, A., Mueller, G., & Wright, E. (2019). Analyzing the perceived severity
in social media. Knowledge and Information Systems, 60, 617–663. of cybersecurity threats reported on social media. arXiv:1902.10680.
Zellers, R., et al. (2019). Defending against neural fake news. In Advances in neural Zubiaga, A., Liakata, M., Procter, R., Wong, G. H. S., & Tolmie, P. (2016). PHEME
information processing systems (pp. 9051–9062). rumour scheme dataset: journalism use case.

33