Skip to main content
SpringerLink
Log in

If it looks like a spammer and behaves like a spammer, it must be a spammer: analysis and detection of microblogging spam accounts

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Spam in online social networks (OSNs) is a systemic problem that imposes a threat to these services in terms of undermining their value to advertisers and potential investors, as well as negatively affecting users’ engagement. As spammers continuously keep creating newer accounts and evasive techniques upon being caught, a deeper understanding of their spamming strategies is vital to the design of future social media defense mechanisms. In this work, we present a unique analysis of spam accounts in OSNs viewed through the lens of their behavioral characteristics. Our analysis includes over 100 million messages collected from Twitter over the course of 1 month. We show that there exist two behaviorally distinct categories of spammers and that they employ different spamming strategies. Then, we illustrate how users in these two categories demonstrate different individual properties as well as social interaction patterns. Finally, we analyze the detectability of spam accounts with respect to three categories of features, namely content attributes, social interactions, and profile properties.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Almaatouq, A., Alabdulkareem, A., Nouh, M., Alsaleh, M., Alarifi, A., Sanchez, A., Alfaris, A., Williams, J.: A malicious activity detection system utilizing predictive modeling in complex environments. In: 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 371–379 (2014). doi:10.1109/CCNC.2014.6866597

  2. Almaatouq, A., Alabdulkareem, A., Nouh, M., Shmueli, E., Alsaleh, M., Singh, V.K., Alarifi, A., Alfaris, A., Pentland, A.S.: Twitter: Who gets caught? Observed trends in social micro-blogging spam. In: Proceedings of the 2014 ACM Conference on Web Science, WebSci ’14, pp. 33–41. ACM, New York, NY, USA (2014). doi:10.1145/2615569.2615688

  3. Altshuler, Y., Aharony, N., Pentland, A., Elovici, Y., Cebrian, M.: Stealing reality: when criminals become data scientists (or vice versa). IEEE Intell. Syst. 26(6), 22–30 (2011). doi:10.1109/MIS.2011.78

    Article  Google Scholar 

  4. Altshuler, Y., Fire, M., Shmueli, E., Elovici, Y., Bruckstein, A., Pentland, A., Lazer, D.: The social amplifier reaction of human communities to emergencies. J. Stat. Phys. 152(3), 399–418 (2013). doi:10.1007/s10955-013-0759-z

    Article  MathSciNet  Google Scholar 

  5. Alvisi, L., Clement, A., Epasto, A., Lattanzi, S., Panconesi, A.: Sok: The evolution of sybil defense via social networks. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 382–396. IEEE (2013)

  6. Benevenuto, F., Magno, G., Rodrigues, T., Almeida, V.: Detecting spammers on twitter. In: Collaboration, Electronic Messaging, Anti-abuse and Spam Conference (CEAS), vol. 6, p. 12 (2010)

  7. Benevenuto, F., Magno, G., Rodrigues, T., Almeida, V.: Detecting spammers on Twitter. In: Proceedings of the Seventh Annual Collaboration, Electronic messaging, Anti-abuse and Spam Conference (CEAS) (2010)

  8. Beutel, A., Xu, W., Guruswami, V., Palow, C., Faloutsos, C.: Copycatch: stopping group attacks by spotting lockstep behavior in social networks. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 119–130. International World Wide Web Conferences Steering Committee (2013)

  9. Borondo, J., Morales, A.J., Losada, J.C., Benito, R.M.: Characterizing and modeling an electoral campaign in the context of Twitter: 2011 Spanish Presidential election as a case study. Chaos Interdiscip. J. Nonlinear Sci. 22(2), 023138 (2012)

    Article  Google Scholar 

  10. Boshmaf, Y., Muslukhov, I., Beznosov, K., Ripeanu, M.: Design and analysis of a social botnet. Comput. Netw. 57(2), 556–578 (2013)

    Article  Google Scholar 

  11. Brandes, U.: A faster algorithm for betweenness centrality. J. Math. Sociol. 25, 163–177 (2001)

    Article  MATH  Google Scholar 

  12. Cao, Q., Sirivianos, M., Yang, X., Pregueiro, T.: Aiding the detection of fake accounts in large scale social online services. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, pp. 15–15. USENIX Association (2012)

  13. Cao, Q., Yang, X., Yu, J., Palow, C.: Uncovering large groups of active malicious accounts in online social networks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 477–488. ACM (2014)

  14. Cassa, C.A., Chunara, R., Mandl, K., Brownstein, J.S.: Twitter as a sentinel in emergency situations: lessons from the Boston marathon explosions. PLoS Curr 5 (2013). http://currents.plos.org/disasters/article/twitter-as-a-sentinel-in-emergencysituations-lessons-from-the-boston-marathon-explosions/

  15. Chhabra, S., Aggarwal, A., Benevenuto, F., Kumaraguru, P.: Phi.sh/\({\$}\)ocial: The phishing landscape through short urls. In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS ’11, pp. 92–101. ACM, New York, NY, USA (2011). doi:10.1145/2030376.2030387

  16. Conover, M., Ratkiewicz, J., Francisco, M., Gonçalves, B., Flammini, A., Menczer, F.: Political polarization on twitter. In: Proceedings of the 5th International AAAI Conference on Weblogs and Social Media (ICWSM) (2011)

  17. Edwards, C., Edwards, A., Spence, P.R., Shelton, A.K.: Is that a bot running the social media feed? Testing the differences in perceptions of communication quality for a human agent and a bot agent on Twitter. Comput. Hum. Behav. 33, 372–376 (2014). doi:10.1016/j.chb.2013.08.013

    Article  Google Scholar 

  18. Egele, M., Stringhini, G., Kruegel, C., Vigna, G.: COMPA: Detecting compromised accounts on social networks. In: ISOC Network and Distributed System Security Symposium (NDSS) (2013)

  19. Elyashar, A., Fire, M., Kagan, D., Elovici, Y.: Homing socialbots: intrusion on a specific organization’s employee using socialbots. In: Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 1358–1365. ACM (2013)

  20. Ferrara, E., Varol, O., Davis, C., Menczer, F., Flammini, A.: The rise of social bots. arXiv preprint arXiv:1407.5225 (2014)

  21. Freeman, L.C.: A set of measures of centrality based on betweenness. Sociometry 40(1), 35–41 (1977)

    Article  Google Scholar 

  22. Ghosh, S., Viswanath, B., Kooti, F., Sharma, N.K., Korlam, G., Benevenuto, F., Ganguly, N., Gummadi, K.P.: Understanding and combating link farming in the twitter social network. In: Proceedings of the 21st International Conference on World Wide Web, WWW ’12, pp. 61–70. ACM, New York, NY, USA (2012). doi:10.1145/2187836.2187846

  23. GlobalWebIndex: Global Web Index: Q4 2012 (2013). http://www.thesocialclinic.com/the-state-of-social-media-in-saudi-arabia-2012-2

  24. González-Bailón, S., Borge-Holthoefer, J., Rivero, A., Moreno, Y.: The dynamics of protest recruitment through an online network. Sci. Rep. (2011). doi:10.1038/srep00197

  25. Grier, C., Thomas, K., Paxson, V., Zhang, M.: @spam: The underground on 140 characters or less. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS ’10, pp. 27–37. ACM, New York, NY, USA (2010). doi:10.1145/1866307.1866311

  26. Hua, W., Zhang, Y.: Threshold and associative based classification for social spam profile detection on twitter. In: 2013 Ninth International Conference on Semantics, Knowledge and Grids (SKG), pp. 113–120. IEEE (2013)

  27. Kato, S., Koide, A., Fushimi, T., Saito, K., Motoda, H.: Network analysis of three twitter functions: favorite, follow and mention. In: Richards, D., Kang, B. (eds.) Knowledge Management and Acquisition for Intelligent Systems, Lecture Notes in Computer Science, vol. 7457, pp. 298–312. Springer, Berlin (2012)

    Chapter  Google Scholar 

  28. Lumezanu, C., Feamster, N., Klein, H.: bias: Measuring the tweeting behavior of propagandists. In: ICWSM (2012)

  29. Marcus, A., Bernstein, M.S., Badar, O., Karger, D.R., Madden, S., Miller, R.C.: Twitinfo: aggregating and visualizing microblogs for event exploration. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’11, pp. 227–236. ACM, New York, NY, USA (2011). doi:10.1145/1978942.1978975

  30. McCord, M., Chuah, M.: Spam detection on twitter using traditional classifiers. In: Proceedings of the 8th International Conference on Autonomic and Trusted Computing, ATC’11, pp. 175–186. Springer, Berlin (2011). http://dl.acm.org/citation.cfm?id=2035700.2035717

  31. Morstatter, F., Pfeffer, J., Liu, H., Carley, K.M.: Is the sample good enough? Comparing data from Twitter’s streaming API with Twitter’s Firehose. In: Proceedings of ICWSM (2013). http://www.public.asu.edu/~fmorstat/paperpdfs/icwsm2013

  32. Newman, M.E.J.: Power laws, pareto distributions and Zipf’s law. Contemp. Phys. 46, 323–351 (2005)

    Article  Google Scholar 

  33. Nguyen, H.: 2013 State of Social Media Spam. Technical report, Nexgate (2013)

  34. Passerini, A., Pontil, M., Frasconi, P.: New results on error correcting output codes of kernel machines. IEEE Trans. Neural Netw. 15(1), 45–54 (2004). doi:10.1109/TNN.2003.820841

    Article  Google Scholar 

  35. Phelps, A.: OpenFuego: Nieman Journalism Lab. http://niemanlab.github.io/openfuego/ (2013). Accessed 16 Sept 2014 (online)

  36. Sanzgiri, A., Hughes, A., Upadhyaya, S.: Analysis of malware propagation in twitter. In: 2013 IEEE 32nd International Symposium on Reliable Distributed Systems (SRDS), pp. 195–204. IEEE (2013)

  37. Sharma, P., Biswas, S.: Identifying spam in twitter trending topics. In: American Association for Artificial Intelligence (2011)

  38. Snitzer, B.: EarthQuakes Bot. http://eqbot.com/ (2009). Accessed 16 Sept 2014 (online)

  39. Song, J., Lee, S., Kim, J.: Spam filtering in twitter using sender-receiver relationship. In: Recent Advances in Intrusion Detection, pp. 301–317. Springer (2011)

  40. Stein, T., Chen, E., Mangla, K.: Facebook immune system. In: Proceedings of the 4th Workshop on Social Network Systems, p. 8. ACM (2011)

  41. Stringhini, G., Egele, M., Kruegel, C., Vigna, G.: Poultry markets: on the underground economy of twitter followers. In: Proceedings of the 2012 ACM Workshop on Workshop on Online Social Networks, WOSN ’12, pp. 1–6. ACM, New York, NY, USA (2012). doi:10.1145/2342549.2342551

  42. Stringhini, G., Kruegel, C., Vigna, G.: Detecting spammers on social networks. In: Proceedings of the 26th Annual Computer Security Applications Conference, p. 1. ACM Press, New York, New York, USA (2010). doi:10.1145/1920261.1920263. http://portal.acm.org/citation.cfm?doid=1920261.1920263

  43. Thelwall, M., Buckley, K., Paltoglou, G.: Sentiment in Twitter events. J. Am. Soc. Inf. Sci. Technol. 62(2), 406–418 (2011). doi:10.1002/asi.21462

    Article  Google Scholar 

  44. Thomas, K., Grier, C., Paxson, V.: Adapting social spam infrastructure for political censorship. In: Proceedings of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2012). https://www.usenix.org/conference/leet12/adapting-social-spam-infrastructure-political-censorship

  45. Thomas, K., Grier, C., Song, D., Paxson, V.: Suspended accounts in retrospect: an analysis of twitter spam. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC ’11, pp. 243–258. ACM, New York, NY, USA (2011). doi:10.1145/2068816.2068840

  46. Thomas, K., McCoy, D., Grier, C., Kolcz, A., Paxson, V.: Trafficking fraudulent accounts: the role of the underground market in twitter spam and abuse. In: Proceedings of the 22nd Usenix Security Symposium (2013)

  47. Twitter: Following Rules and Best Practices. https://support.twitter.com/articles/68916-following-rules-and-best-practices (2012). Accessed 22 Oct 2013 (online)

  48. Twitter: Public Stream. https://dev.twitter.com/docs/streaming-apis/ (2012). Accessed 1 Oct 2013 (online)

  49. Twitter: Rules. https://support.twitter.com/articles/18311-the-twitter-rules (2012) Accessed 1 Oct 2013 (online)

  50. Twitter: Initial Public Offering of Shares of Common Stock of Twitter, Inc (2013). Accessed 5 Oct 2013 (online)

  51. Wagner, C., Mitter, S., Körner, C., Strohmaier, M.: When social bots attack: modeling susceptibility of users in online social networks. Making Sense of Microposts (# MSM2012) p. 2 (2012)

  52. Wald, R., Khoshgoftaar, T.M., Napolitano, A., Sumner, C.: Predicting susceptibility to social bots on twitter. In: 2013 IEEE 14th International Conference on Information Reuse and Integration (IRI), pp. 6–13. IEEE (2013)

  53. Wang, A.H.: Don’t follow me: spam detection in Twitter. In: Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT), pp. 1–10 (2010)

  54. Wang, G., Konolige, T., Wilson, C., Wang, X., Zheng, H., Zhao, B.Y.: You are how you click: clickstream analysis for sybil detection. In: USENIX Security, pp. 241–256 (2013)

  55. Wang, G., Mohanlal, M., Wilson, C., Wang, X., Metzger, M.J., Zheng, H., Zhao, B.Y.: Social turing tests: crowdsourcing sybil detection. In: NDSS. The Internet Society (2013)

  56. Xie, Y., Yu, F., Ke, Q., Abadi, M., Gillum, E., Vitaldevaria, K., Walter, J., Huang, J., Mao, Z.M.: Innocent by association: early recognition of legitimate users. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, pp. 353–364. ACM, New York, NY, USA (2012). doi:10.1145/2382196.2382235

  57. Yang, C., Harkreader, R., Gu, G.: Die free or live hard? Empirical evaluation and new design for fighting evolving twitter spammers. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, vol. 6961, pp. 318–337. Springer, Berlin (2011)

  58. Yang, C., Harkreader, R., Zhang, J., Shin, S., Gu, G.: Analyzing spammers’ social networks for fun and profit: a case study of cyber criminal ecosystem on Twitter. In: Proceedings of the 21st International Conference on World Wide Web, WWW ’12, pp. 71–80. ACM, New York, NY, USA (2012). doi:10.1145/2187836.2187847

  59. Zhang, C.M., Paxson, V.: Detecting and analyzing automated activity on Twitter. In: Proceedings of the 12th International Conference on Passive and Active Measurement, PAM’11, pp. 102–111. Springer, Berlin (2011). http://dl.acm.org/citation.cfm?id=1987510.1987521

Download references

Author information

Author notes

    Authors and Affiliations

    1. Massachusetts Institute of Technology, Cambridge, MA, USA

      Abdullah Almaatouq, Erez Shmueli, Ahmad Alabdulkareem, Vivek K. Singh, Anas Alfaris & Alex ‘Sandy’ Pentland

    2. University of Oxford, Oxford, UK

      Mariam Nouh

    3. King Abdualziz City for Science and Technology, Riyadh, Saudi Arabia

      Mansour Alsaleh & Abdulrahman Alarifi

    Authors
    1. Abdullah Almaatouq
      View author publications

      You can also search for this author in PubMed Google Scholar

    2. Erez Shmueli
      View author publications

      You can also search for this author in PubMed Google Scholar

    3. Mariam Nouh
      View author publications

      You can also search for this author in PubMed Google Scholar

    4. Ahmad Alabdulkareem
      View author publications

      You can also search for this author in PubMed Google Scholar

    5. Vivek K. Singh
      View author publications

      You can also search for this author in PubMed Google Scholar

    6. Mansour Alsaleh
      View author publications

      You can also search for this author in PubMed Google Scholar

    7. Abdulrahman Alarifi
      View author publications

      You can also search for this author in PubMed Google Scholar

    8. Anas Alfaris
      View author publications

      You can also search for this author in PubMed Google Scholar

    9. Alex ‘Sandy’ Pentland
      View author publications

      You can also search for this author in PubMed Google Scholar

    Corresponding author

    Correspondence to Abdullah Almaatouq.

    Additional information

    Abdullah Almaatouq and Erez Shmueli have contributed equally to this work.

    Rights and permissions

    Reprints and permissions

    About this article

    Check for updates. Verify currency and authenticity via CrossMark

    Cite this article

    Almaatouq, A., Shmueli, E., Nouh, M. et al. If it looks like a spammer and behaves like a spammer, it must be a spammer: analysis and detection of microblogging spam accounts. Int. J. Inf. Secur. 15, 475–491 (2016). https://doi.org/10.1007/s10207-016-0321-5

    Download citation

    • Published:

    • Issue Date:

    • DOI: https://doi.org/10.1007/s10207-016-0321-5

    Keywords

    Search

    Navigation