Puchkov, OleksandrLande, DmytroSubach, IhorBoliukh, MykhailoNahornyi, Dmytro2023-04-112023-04-112021OSINT investigation to detect and prevent cyber attacks and cyber security incidents / Пучков Олександр Олександрович, Ланде Дмитро Володимирович, Субач Ігор Юрійович, Болюх Михайло Олександрович, Нагорний Дмитро Олександрович // Information Technology and Security. – 2021. – Vol. 9, Iss. 2 (17). – Pp. 209–218. – Bibliogr.: 11 ref.2411-1031https://ela.kpi.ua/handle/123456789/54450A methodology for investigatingand predicting cyber incidents based on the use of open sources of information and freely available open source software is offeredand substantiated. The suggestedmethodology refers to suchtypes of methodologies as Open Source Intelligence (OSINT). In addition, it is based on technologies of monitoring the modern Internet space, the concept of processing large amounts of data (Big Data), complex networks (Complex Networks), and extracting knowledge from text arrays (Text Mining). The components of the keyword detection technology (NLTK, Natural Language Toolkit), concepts (SpaCy, NLP), graph visualization and analysis systems are considered in detail. The main idea of analyzing large amounts of data on cybersecurity from the Internet space is to use methods and tools for collecting data using global search engines, aggregating information flows and mining the data obtained. The technique is based on the implementation of such functions as the collection of relevant information from certain information resources using the capabilities of global search engines; automatic scanning and primary processing of information from websites; formation of full-text arrays of information; analysis of text messages, determination of sentiment, formation of analytical reports; integration with a geographic information system; analysis and visualization of information reports; research of dynamics of thematic information flows; forecasting the development of events based on the analysis of the dynamics of publications in the Internet space. In the analytical mode, a number of tools are implemented for graphical presentation of data dynamics, displayed as a time series of the number of messages per day matching to a specific cyber incident,viewing plots from messages on the topic of cyber incidents, clusters grouped by the cluster analysis algorithm. Within the framework of the methodology, it is provided for the formation and inclusion of networks in operational reports from concepts matching to people, organizations, information sources, allowing to explorethe relationship between them.encyber securitycyber security incidentopen source intelligencebig dataкібербезпекакіберінцидентрозвідка з відкритих джерелвеликі даніArticlePp. 209-218https://doi.org/10.20535/2411-1031.2021.9.2.249921004[942+056.5]0000-0002-8585-10440000-0003-3945-11780000-0002-9344-713X0000-0001-8984-76860000-0002-3699-7880