International Journal of Information Security

, Volume 15, Issue 5, pp 475–491 | Cite as

If it looks like a spammer and behaves like a spammer, it must be a spammer: analysis and detection of microblogging spam accounts

  • Abdullah AlmaatouqEmail author
  • Erez Shmueli
  • Mariam Nouh
  • Ahmad Alabdulkareem
  • Vivek K. Singh
  • Mansour Alsaleh
  • Abdulrahman Alarifi
  • Anas Alfaris
  • Alex ‘Sandy’ Pentland
Regular Contribution


Spam in online social networks (OSNs) is a systemic problem that imposes a threat to these services in terms of undermining their value to advertisers and potential investors, as well as negatively affecting users’ engagement. As spammers continuously keep creating newer accounts and evasive techniques upon being caught, a deeper understanding of their spamming strategies is vital to the design of future social media defense mechanisms. In this work, we present a unique analysis of spam accounts in OSNs viewed through the lens of their behavioral characteristics. Our analysis includes over 100 million messages collected from Twitter over the course of 1 month. We show that there exist two behaviorally distinct categories of spammers and that they employ different spamming strategies. Then, we illustrate how users in these two categories demonstrate different individual properties as well as social interaction patterns. Finally, we analyze the detectability of spam accounts with respect to three categories of features, namely content attributes, social interactions, and profile properties.


Online social networks Microblogging Account abuse Spam detection Spam analysis 


  1. 1.
    Almaatouq, A., Alabdulkareem, A., Nouh, M., Alsaleh, M., Alarifi, A., Sanchez, A., Alfaris, A., Williams, J.: A malicious activity detection system utilizing predictive modeling in complex environments. In: 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 371–379 (2014). doi: 10.1109/CCNC.2014.6866597
  2. 2.
    Almaatouq, A., Alabdulkareem, A., Nouh, M., Shmueli, E., Alsaleh, M., Singh, V.K., Alarifi, A., Alfaris, A., Pentland, A.S.: Twitter: Who gets caught? Observed trends in social micro-blogging spam. In: Proceedings of the 2014 ACM Conference on Web Science, WebSci ’14, pp. 33–41. ACM, New York, NY, USA (2014). doi: 10.1145/2615569.2615688
  3. 3.
    Altshuler, Y., Aharony, N., Pentland, A., Elovici, Y., Cebrian, M.: Stealing reality: when criminals become data scientists (or vice versa). IEEE Intell. Syst. 26(6), 22–30 (2011). doi: 10.1109/MIS.2011.78 CrossRefGoogle Scholar
  4. 4.
    Altshuler, Y., Fire, M., Shmueli, E., Elovici, Y., Bruckstein, A., Pentland, A., Lazer, D.: The social amplifier reaction of human communities to emergencies. J. Stat. Phys. 152(3), 399–418 (2013). doi: 10.1007/s10955-013-0759-z MathSciNetCrossRefGoogle Scholar
  5. 5.
    Alvisi, L., Clement, A., Epasto, A., Lattanzi, S., Panconesi, A.: Sok: The evolution of sybil defense via social networks. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 382–396. IEEE (2013)Google Scholar
  6. 6.
    Benevenuto, F., Magno, G., Rodrigues, T., Almeida, V.: Detecting spammers on twitter. In: Collaboration, Electronic Messaging, Anti-abuse and Spam Conference (CEAS), vol. 6, p. 12 (2010)Google Scholar
  7. 7.
    Benevenuto, F., Magno, G., Rodrigues, T., Almeida, V.: Detecting spammers on Twitter. In: Proceedings of the Seventh Annual Collaboration, Electronic messaging, Anti-abuse and Spam Conference (CEAS) (2010)Google Scholar
  8. 8.
    Beutel, A., Xu, W., Guruswami, V., Palow, C., Faloutsos, C.: Copycatch: stopping group attacks by spotting lockstep behavior in social networks. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 119–130. International World Wide Web Conferences Steering Committee (2013)Google Scholar
  9. 9.
    Borondo, J., Morales, A.J., Losada, J.C., Benito, R.M.: Characterizing and modeling an electoral campaign in the context of Twitter: 2011 Spanish Presidential election as a case study. Chaos Interdiscip. J. Nonlinear Sci. 22(2), 023138 (2012)CrossRefGoogle Scholar
  10. 10.
    Boshmaf, Y., Muslukhov, I., Beznosov, K., Ripeanu, M.: Design and analysis of a social botnet. Comput. Netw. 57(2), 556–578 (2013)CrossRefGoogle Scholar
  11. 11.
    Brandes, U.: A faster algorithm for betweenness centrality. J. Math. Sociol. 25, 163–177 (2001)CrossRefzbMATHGoogle Scholar
  12. 12.
    Cao, Q., Sirivianos, M., Yang, X., Pregueiro, T.: Aiding the detection of fake accounts in large scale social online services. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, pp. 15–15. USENIX Association (2012)Google Scholar
  13. 13.
    Cao, Q., Yang, X., Yu, J., Palow, C.: Uncovering large groups of active malicious accounts in online social networks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 477–488. ACM (2014)Google Scholar
  14. 14.
    Cassa, C.A., Chunara, R., Mandl, K., Brownstein, J.S.: Twitter as a sentinel in emergency situations: lessons from the Boston marathon explosions. PLoS Curr 5 (2013).
  15. 15.
    Chhabra, S., Aggarwal, A., Benevenuto, F., Kumaraguru, P.:\({\$}\)ocial: The phishing landscape through short urls. In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS ’11, pp. 92–101. ACM, New York, NY, USA (2011). doi: 10.1145/2030376.2030387
  16. 16.
    Conover, M., Ratkiewicz, J., Francisco, M., Gonçalves, B., Flammini, A., Menczer, F.: Political polarization on twitter. In: Proceedings of the 5th International AAAI Conference on Weblogs and Social Media (ICWSM) (2011)Google Scholar
  17. 17.
    Edwards, C., Edwards, A., Spence, P.R., Shelton, A.K.: Is that a bot running the social media feed? Testing the differences in perceptions of communication quality for a human agent and a bot agent on Twitter. Comput. Hum. Behav. 33, 372–376 (2014). doi: 10.1016/j.chb.2013.08.013 CrossRefGoogle Scholar
  18. 18.
    Egele, M., Stringhini, G., Kruegel, C., Vigna, G.: COMPA: Detecting compromised accounts on social networks. In: ISOC Network and Distributed System Security Symposium (NDSS) (2013)Google Scholar
  19. 19.
    Elyashar, A., Fire, M., Kagan, D., Elovici, Y.: Homing socialbots: intrusion on a specific organization’s employee using socialbots. In: Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 1358–1365. ACM (2013)Google Scholar
  20. 20.
    Ferrara, E., Varol, O., Davis, C., Menczer, F., Flammini, A.: The rise of social bots. arXiv preprint arXiv:1407.5225 (2014)
  21. 21.
    Freeman, L.C.: A set of measures of centrality based on betweenness. Sociometry 40(1), 35–41 (1977)CrossRefGoogle Scholar
  22. 22.
    Ghosh, S., Viswanath, B., Kooti, F., Sharma, N.K., Korlam, G., Benevenuto, F., Ganguly, N., Gummadi, K.P.: Understanding and combating link farming in the twitter social network. In: Proceedings of the 21st International Conference on World Wide Web, WWW ’12, pp. 61–70. ACM, New York, NY, USA (2012). doi: 10.1145/2187836.2187846
  23. 23.
  24. 24.
    González-Bailón, S., Borge-Holthoefer, J., Rivero, A., Moreno, Y.: The dynamics of protest recruitment through an online network. Sci. Rep. (2011). doi: 10.1038/srep00197
  25. 25.
    Grier, C., Thomas, K., Paxson, V., Zhang, M.: @spam: The underground on 140 characters or less. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS ’10, pp. 27–37. ACM, New York, NY, USA (2010). doi: 10.1145/1866307.1866311
  26. 26.
    Hua, W., Zhang, Y.: Threshold and associative based classification for social spam profile detection on twitter. In: 2013 Ninth International Conference on Semantics, Knowledge and Grids (SKG), pp. 113–120. IEEE (2013)Google Scholar
  27. 27.
    Kato, S., Koide, A., Fushimi, T., Saito, K., Motoda, H.: Network analysis of three twitter functions: favorite, follow and mention. In: Richards, D., Kang, B. (eds.) Knowledge Management and Acquisition for Intelligent Systems, Lecture Notes in Computer Science, vol. 7457, pp. 298–312. Springer, Berlin (2012)CrossRefGoogle Scholar
  28. 28.
    Lumezanu, C., Feamster, N., Klein, H.: bias: Measuring the tweeting behavior of propagandists. In: ICWSM (2012)Google Scholar
  29. 29.
    Marcus, A., Bernstein, M.S., Badar, O., Karger, D.R., Madden, S., Miller, R.C.: Twitinfo: aggregating and visualizing microblogs for event exploration. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’11, pp. 227–236. ACM, New York, NY, USA (2011). doi: 10.1145/1978942.1978975
  30. 30.
    McCord, M., Chuah, M.: Spam detection on twitter using traditional classifiers. In: Proceedings of the 8th International Conference on Autonomic and Trusted Computing, ATC’11, pp. 175–186. Springer, Berlin (2011).
  31. 31.
    Morstatter, F., Pfeffer, J., Liu, H., Carley, K.M.: Is the sample good enough? Comparing data from Twitter’s streaming API with Twitter’s Firehose. In: Proceedings of ICWSM (2013).
  32. 32.
    Newman, M.E.J.: Power laws, pareto distributions and Zipf’s law. Contemp. Phys. 46, 323–351 (2005)CrossRefGoogle Scholar
  33. 33.
    Nguyen, H.: 2013 State of Social Media Spam. Technical report, Nexgate (2013)Google Scholar
  34. 34.
    Passerini, A., Pontil, M., Frasconi, P.: New results on error correcting output codes of kernel machines. IEEE Trans. Neural Netw. 15(1), 45–54 (2004). doi: 10.1109/TNN.2003.820841 CrossRefGoogle Scholar
  35. 35.
    Phelps, A.: OpenFuego: Nieman Journalism Lab. (2013). Accessed 16 Sept 2014 (online)
  36. 36.
    Sanzgiri, A., Hughes, A., Upadhyaya, S.: Analysis of malware propagation in twitter. In: 2013 IEEE 32nd International Symposium on Reliable Distributed Systems (SRDS), pp. 195–204. IEEE (2013)Google Scholar
  37. 37.
    Sharma, P., Biswas, S.: Identifying spam in twitter trending topics. In: American Association for Artificial Intelligence (2011)Google Scholar
  38. 38.
    Snitzer, B.: EarthQuakes Bot. (2009). Accessed 16 Sept 2014 (online)
  39. 39.
    Song, J., Lee, S., Kim, J.: Spam filtering in twitter using sender-receiver relationship. In: Recent Advances in Intrusion Detection, pp. 301–317. Springer (2011)Google Scholar
  40. 40.
    Stein, T., Chen, E., Mangla, K.: Facebook immune system. In: Proceedings of the 4th Workshop on Social Network Systems, p. 8. ACM (2011)Google Scholar
  41. 41.
    Stringhini, G., Egele, M., Kruegel, C., Vigna, G.: Poultry markets: on the underground economy of twitter followers. In: Proceedings of the 2012 ACM Workshop on Workshop on Online Social Networks, WOSN ’12, pp. 1–6. ACM, New York, NY, USA (2012). doi: 10.1145/2342549.2342551
  42. 42.
    Stringhini, G., Kruegel, C., Vigna, G.: Detecting spammers on social networks. In: Proceedings of the 26th Annual Computer Security Applications Conference, p. 1. ACM Press, New York, New York, USA (2010). doi: 10.1145/1920261.1920263.
  43. 43.
    Thelwall, M., Buckley, K., Paltoglou, G.: Sentiment in Twitter events. J. Am. Soc. Inf. Sci. Technol. 62(2), 406–418 (2011). doi: 10.1002/asi.21462 CrossRefGoogle Scholar
  44. 44.
    Thomas, K., Grier, C., Paxson, V.: Adapting social spam infrastructure for political censorship. In: Proceedings of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2012).
  45. 45.
    Thomas, K., Grier, C., Song, D., Paxson, V.: Suspended accounts in retrospect: an analysis of twitter spam. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC ’11, pp. 243–258. ACM, New York, NY, USA (2011). doi: 10.1145/2068816.2068840
  46. 46.
    Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: the role of the underground market in twitter spam and abuse. In: Proceedings of the 22nd Usenix Security Symposium (2013)Google Scholar
  47. 47.
    Twitter: Following Rules and Best Practices. (2012). Accessed 22 Oct 2013 (online)
  48. 48.
    Twitter: Public Stream. (2012). Accessed 1 Oct 2013 (online)
  49. 49.
    Twitter: Rules. (2012) Accessed 1 Oct 2013 (online)
  50. 50.
    Twitter: Initial Public Offering of Shares of Common Stock of Twitter, Inc (2013). Accessed 5 Oct 2013 (online)Google Scholar
  51. 51.
    Wagner, C., Mitter, S., Körner, C., Strohmaier, M.: When social bots attack: modeling susceptibility of users in online social networks. Making Sense of Microposts (# MSM2012) p. 2 (2012)Google Scholar
  52. 52.
    Wald, R., Khoshgoftaar, T.M., Napolitano, A., Sumner, C.: Predicting susceptibility to social bots on twitter. In: 2013 IEEE 14th International Conference on Information Reuse and Integration (IRI), pp. 6–13. IEEE (2013)Google Scholar
  53. 53.
    Wang, A.H.: Don’t follow me: spam detection in Twitter. In: Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT), pp. 1–10 (2010)Google Scholar
  54. 54.
    Wang, G., Konolige, T., Wilson, C., Wang, X., Zheng, H., Zhao, B.Y.: You are how you click: clickstream analysis for sybil detection. In: USENIX Security, pp. 241–256 (2013)Google Scholar
  55. 55.
    Wang, G., Mohanlal, M., Wilson, C., Wang, X., Metzger, M.J., Zheng, H., Zhao, B.Y.: Social turing tests: crowdsourcing sybil detection. In: NDSS. The Internet Society (2013)Google Scholar
  56. 56.
    Xie, Y., Yu, F., Ke, Q., Abadi, M., Gillum, E., Vitaldevaria, K., Walter, J., Huang, J., Mao, Z.M.: Innocent by association: early recognition of legitimate users. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp. 353–364. ACM, New York, NY, USA (2012). doi: 10.1145/2382196.2382235
  57. 57.
    Yang, C., Harkreader, R., Gu, G.: Die free or live hard? Empirical evaluation and new design for fighting evolving twitter spammers. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, vol. 6961, pp. 318–337. Springer, Berlin (2011)Google Scholar
  58. 58.
    Yang, C., Harkreader, R., Zhang, J., Shin, S., Gu, G.: Analyzing spammers’ social networks for fun and profit: a case study of cyber criminal ecosystem on Twitter. In: Proceedings of the 21st International Conference on World Wide Web, WWW ’12, pp. 71–80. ACM, New York, NY, USA (2012). doi: 10.1145/2187836.2187847
  59. 59.
    Zhang, C.M., Paxson, V.: Detecting and analyzing automated activity on Twitter. In: Proceedings of the 12th International Conference on Passive and Active Measurement, PAM’11, pp. 102–111. Springer, Berlin (2011).

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Abdullah Almaatouq
    • 1
    Email author
  • Erez Shmueli
    • 1
  • Mariam Nouh
    • 2
  • Ahmad Alabdulkareem
    • 1
  • Vivek K. Singh
    • 1
  • Mansour Alsaleh
    • 3
  • Abdulrahman Alarifi
    • 3
  • Anas Alfaris
    • 1
  • Alex ‘Sandy’ Pentland
    • 1
  1. 1.Massachusetts Institute of TechnologyCambridgeUSA
  2. 2.University of OxfordOxfordUK
  3. 3.King Abdualziz City for Science and TechnologyRiyadhSaudi Arabia

Personalised recommendations