Networks and Spatial Economics

, Volume 19, Issue 3, pp 731–761 | Cite as

Detecting Organization-Targeted Socialbots by Monitoring Social Network Profiles

  • Abigail ParadiseEmail author
  • Asaf Shabtai
  • Rami Puzis


Advanced attackers use online social networks in order to extract useful information about targeted organizations, including the names of the organization’s members, their connections, affiliations, positions, etc. Using artificial profiles (socialbots) attackers connect to real members of the organization, thus establishing a foothold inside the organization and greatly increasing the amount of sensitive information they can collect. The connection methods used by attackers are versatile, ranging from random friend requests to carefully crafted, manually operated social engineering attempts. In this paper we provide an analysis of the cost-effectiveness of strategies used to monitor organizational social networks and detect the socialbots that penetrate a target organization. These strategies were evaluated against heterogeneous attackers with different levels of knowledge about the monitoring strategies, using simulation on actual social network data and data from a real scenario of socialbot intrusion. The results demonstrate the efficacy of the monitoring strategies in detecting less sophisticated attackers and slowing down attackers that deliberately avoid the monitored profiles.


Social network Social network security Reconnaissance Socialbots 


  1. Aichner T, Jacob F (2015) Measuring the degree of corporate social media use. Int J Mark Res 57(2):257–276CrossRefGoogle Scholar
  2. Aiello LM, Deplano M, Schifanella R, Ruffo G (2012) People are strange when you’re a stranger: impact and influence of bots on social networks. Links 697(483,151):1–566Google Scholar
  3. Alpcan T, Basar T (2006) An intrusion detection game with limited observations. In: 12th Int. Symp. on Dynamic Games and Applications, Sophia Antipolis, France (Vol. 26)Google Scholar
  4. An B, Kempe D, Kiekintveld C, Shieh E, Singh S, Tambe M, Vorobeychik Y (2012) Security games with limited surveillance. Ann Arbor 1001:48109Google Scholar
  5. Benevenuto F, Magno G, Rodrigues T, Almeida V (2010) Detecting spammers on twitter. In: Collaboration, electronic messaging, anti-abuse and spam conference (CEAS) (Vol. 6, p. 12)Google Scholar
  6. Bilge L, Strufe T, Balzarotti D, Kirda E (2009) All your contacts are belong to us: automated identity theft attacks on social networks. In: Proceedings of the 18th international conference on World wide web (pp. 551–560). ACMGoogle Scholar
  7. Bnaya Z, Puzis R, Stern R, Felner A (2013) Social network search as a volatile multi-armed bandit problem. HUMAN 2(2):84Google Scholar
  8. Boldi P, Vigna S (2013) Axioms for centrality. arXiv 1308:2140Google Scholar
  9. Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2011) Thesocialbot network: when bots socialize for fame and money. In:Proceeding of the 27th Annual Computer Security Applications Conference. 93–102Google Scholar
  10. Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social botnet. Comput Netw 57(2):556–578CrossRefGoogle Scholar
  11. Boshmaf Y, Logothetis D, Siganos G, Lería J, Lorenzo J, Ripeanu M, Beznosov K (2016) Íntegro: leveraging victim prediction for robust fake account detection in large scale OSNs. Comput Sec 61:142–168CrossRefGoogle Scholar
  12. Cats O, Jenelius E (2014) Dynamic vulnerability analysis of public transport networks: mitigation effects of real-time information. Network and Spatial Economics 14(3):435–463Google Scholar
  13. Cao Q, Yang X, Yu J, Palow C (2014) Uncovering large groups of active malicious profiles in online social networks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 477–488Google Scholar
  14. Danezis G, Mittal P (2009) SybilInfer: Detecting Sybil Nodes using Social Networks. In: NDSSGoogle Scholar
  15. De Choudhury M, Counts S (2013) Understanding affect in the workplace via social Media. In: Proceedings of the 2013 conference on Computer supported cooperative work (pp. 303–316). ACMGoogle Scholar
  16. Egele M, Stringhini G, Kruegel C, Vigna G (2017) Towards detecting compromised accounts on social networks. IEEE Transactions on Dependable and Secure Computing 14(4):447–460Google Scholar
  17. Elyashar A, Fire M, Kagan D, Elovici Y (2013) Homing socialbots: intrusion on a specific organization's employee using Socialbots. In: Proc. of the 2013 IEEE/ACM International Conf. on ASONAM. 1358–1365Google Scholar
  18. Elyashar A, Fire M, Kagan D, Elovici Y (2014) Guided socialbots: infiltrating the social networks of specific organizations’ employees. AI Commun 29(1):87–106CrossRefGoogle Scholar
  19. Esfahani PM, Vrakopoulou M, Margellos K, Lygeros J, Andersson G (2010) A robust policy for automatic generation control cyber attack in two area power network. In: Decision and Control (CDC), 2010 49th IEEE Conference on (pp. 5973–5978). IEEEGoogle Scholar
  20. Fire M, Puzis R (2016) Organization mining using online social networks. Networks and Spatial Economics 16(2):545–578Google Scholar
  21. Fisher RA (1921) On the probable error of a coefficient of correlation deduced from a small sample. Metron 1:3–32Google Scholar
  22. Freitas CA, Benevenuto F, Ghosh S, Veloso A (2014) Reverse engineering socialbot infiltration strategies in twitter. arXiv preprint arXiv: 1405.4927Google Scholar
  23. Freitas C, Benevenuto F, Veloso A, Ghosh S (2016) An empirical study of socialbot infiltration strategies in the twitter social network. Soc Netw Anal Min 6(1):1–16CrossRefGoogle Scholar
  24. Huberman BA, Romero DM, Wu F (2008) Social networks that matter: Twitter under the microscope. arXiv preprint arXiv:0812.1045Google Scholar
  25. Hwang T, Pearce I, Nanis M (2012) Socialbots: voices from the fronts. Interactions 19(2):38–45CrossRefGoogle Scholar
  26. Illenberger J, Nagel K, Flötteröd G (2013) The role of spatial interaction in social networks. Networks and Spatial Economics 13(3):255–282Google Scholar
  27. Irani D, Balduzzi M, Balzarotti D, Kirda, E, Pu C (2011) Reverse social engineering attacks in online social networks. International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 55–74). Springer, Berlin, HeidelbergGoogle Scholar
  28. Jeun I, Lee Y, Won DA (2012) A practical study on advanced persistent threats. Computer applications for security, control and system engineering. Springer, Heidelberg, pp 144–152CrossRefGoogle Scholar
  29. Ji Y, He Y, Jiang X, Cao J, Li Q (2016) Combating the evasion mechanisms of social bots. Comput Sec 58:230–249CrossRefGoogle Scholar
  30. Joinson AN (2008) Looking at, looking up or keeping up with people?: motives and use of facebook. In: Proceedings of the SIGCHI conference on Human Factors in Computing Systems (pp. 1027–1036). ACMGoogle Scholar
  31. Kitti M (2012) Axioms for Centrality Scoring with Principal Eigenvectors. No. 79Google Scholar
  32. Koll D, Schwarzmaier M, Li J, Li XY, Fu X (2017) Thank you for being a friend: an attacker view on online-social-network-based Sybil defenses. In Distributed Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference on (pp. 157-162). IEEEGoogle Scholar
  33. Krombholz K, Merkl D, Weippl E (2012) Fake identities in social media: a case study on the sustainability of the Facebook business model. J Serv Sci Res 4(2):175–212CrossRefGoogle Scholar
  34. Lee K, Caverlee J, Webb S (2010) Uncovering social spammers: social honeypots+ machine learning. In: Proc. of the 33rd international ACM SIGIR conf. on Research and development in information retrieval. 435–442Google Scholar
  35. Lesser O, Tenenboim-Chekina L, Rokach L, Elovici Y (2013) Intruder or Welcome Friend: Inferring Group Membership in Online Social Networks. SBPGoogle Scholar
  36. Li M, Koutsopoulos I, Poovendran R (2007) Optimal jamming attacks and network defense policies in wireless sensor networks. In: INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE (pp. 1307–1315). IEEEGoogle Scholar
  37. Mann I (2017) Hacking the human: social engineering techniques and security countermeasures. Routledge, London‏Google Scholar
  38. Messias J, Schmidt L, Oliveira R, Benevenuto F (2013) You followed my bot! Transforming robots into influential users in Twitter. First Monday, Volume 18, Number 7–1 July 2013Google Scholar
  39. Molok N, Chang S, Ahmad A (2010) Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats, 8th Australian Information Security ManagementGoogle Scholar
  40. Mulamba D, Ray I, Ray I (2016) SybilRadar: A graph-structure based framework for sybil detection in on-line social networks. In IFIP International Information Security and Privacy Conference 179–193Google Scholar
  41. Nagle F, Singh L (2009) Can Friends Be Trusted? Exploring Privacy in Online Social Networks. ASONAM, 312–315Google Scholar
  42. Page L, Brin S, Motwani R, Winograd T (1999) The PageRank citation ranking: Bringing order to the webGoogle Scholar
  43. Paradise A, Puzis R, Shabtai A (2014) Anti-reconnaissance tools: detecting targeted socialbots. IEEE Internet Comput 18(5):11–19CrossRefGoogle Scholar
  44. Paradise A, Shabtai A, Puzis R (2015) Hunting organization-targeted Socialbots. In: Proceedings of the 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2015. 537–540Google Scholar
  45. Paradise A, Shabtai A, Puzis R, Elyashar A, Elovici Y, Roshandel M, Peylo C (2017) Creation and Management of Social Network Honeypots for detecting targeted cyber attacks. IEEE Transactions on Computational Social Systems 4(3):65–79CrossRefGoogle Scholar
  46. Patil S (2012) Will you be my friend?: responses to friendship requests from strangers, the 2012 ACM iConference, 634–635Google Scholar
  47. Rao CR (1973) Linear statistical inference and its applications. Wiley, New YorkCrossRefGoogle Scholar
  48. Rashtian H, Boshmaf Y, Jaferian P, Beznosov K (2014) To Be friend Or Not? A Model of Friend Request Acceptance on Facebook. In: Symposium on Usable Privacy and Security (SOUPS)Google Scholar
  49. Raymond DR, Marchany RC, Brownfield MI, Midkiff SF (2009) Effects of denial-of-sleep attacks on wireless sensor network MAC protocols. IEEE Trans Veh Technol 58(1):367–380CrossRefGoogle Scholar
  50. Romero DM, Galuba W, Asur S, Huberman BA (2011) Influence and passivity in social media. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases (18–33). Springer, BerlinGoogle Scholar
  51. Samama-Kachko L, Puzis R, Stern R, Felner A (2014) Extended Framework for Target Oriented Network Intelligence Collection. In Seventh Annual Symposium on Combinatorial SearchGoogle Scholar
  52. Singh N, Chatterjee M (2017) BotDefender: A Framework to Detect Bots in Online Social Media. Journal of Network Communications and Emerging Technologies (JNCET) 7(9)Google Scholar
  53. Stein T, Chen E, Mangla K (2011) Facebook immune system. In: Proceedings of the 4th Workshop on Social Network Systems, p. 8Google Scholar
  54. Stern RT, Samama L, Puzis R, Beja T, Bnaya Z, Felner A (2013) TONIC: Target Oriented Network Intelligence Collection for the Social Web. In: AAAIGoogle Scholar
  55. Stringhini G, Kruegel, C, Vigna G (2010) Detecting spammers on social networks. In: Proc. of the 26th Annual Computer Security Applications Conference. 1–9Google Scholar
  56. Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 2011(8):16–19Google Scholar
  57. Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Decision and Control (CDC), 2010 49th IEEE Conference on (5991–5998). IEEEGoogle Scholar
  58. Wang AH (2010) Detecting spam bots in online social networking sites: a machine learning approach. In: IFIP Annual Conference on Data and Applications Security and Privacy. 335–342Google Scholar
  59. Wang D, Irani D, Pu C (2011) A social-spam detection framework. In: 8th Annual Conference on Collaboration, Electronic messaging, Anti-Abuse and Spam. 46–54Google Scholar
  60. Webb S, Caverlee J, Pu C (2008) Social Honeypots: Making Friends with a Spammer near You. In: CEASGoogle Scholar
  61. Wei W, Xu F, Tan CC, Li Q (2012) Sybildefender: Defend against sybil attacks in large social networks. In: INFOCOM, 2012 Proceedings IEEE, pp. 1951–1959Google Scholar
  62. Xie Y, Yu F, Ke Q, Abadi M, Gillum E, Vitaldevaria K, Mao ZM (2012) Innocent by association: early recognition of legitimate users. In: Proc. of the 2012 ACM conf. on Computer and communications security. 353–364Google Scholar
  63. Xue J, Yang, Z, Yang X, Wang X, Chen L, Dai Y (2013) Votetrust: Leveraging friend invitation graph to defend against social network sybils. In: INFOCOM, 2013 Proceedings IEEE. 2400–2408Google Scholar
  64. Yang J, Leskovec J (2012) Defining and Evaluating Network Communities based on Ground-truth. ICDMGoogle Scholar
  65. Yang Z, Wilson C, Wang X, Gao T, Zhao BY, Dai Y (2011) Uncovering Social Network Sybils in the Wild. arXiv preprint arXiv:1106.5321Google Scholar
  66. Yu H, Kaminsky M, Gibbons PB, Flaxman AD (2006) Sybilguard: defending against sybil attacks via social networks. IEEE/ACM Trans Networking 16(3):576–589CrossRefGoogle Scholar
  67. Yu H, Gibbons PB, Kaminsky M, Xiao F )2008) Sybillimit: A near-optimal social network defense against sybil attacks. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (3–17). IEEEGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Software and Information Systems EngineeringBen-Gurion University of the NegevBeer-ShevaIsrael

Personalised recommendations