Conference PaperPDF Available

The Socialbot Network: When bots socialize for fame and money

Authors:

Abstract and Figures

Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web users. Unfortunately, in the wrong hands, OSNs can be used to run astroturf campaigns to spread misinformation and propaganda. Such campaigns usually start off by infiltrating a targeted OSN on a large scale. In this paper, we evaluate how vulnerable OSNs are to a large-scale infiltration by socialbots: computer programs that control OSN accounts and mimic real users. We adopt a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion. We operated such an SbN on Facebook---a 750 million user OSN---for about 8 weeks. We collected data related to users' behavior in response to a large-scale infiltration where socialbots were used to connect to a large number of Facebook users. Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users' privacy settings, a successful infiltration can result in privacy breaches where even more users' data are exposed when compared to a purely public access, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs.
Content may be subject to copyright.
A preview of the PDF is not available
... Boshmaf et al. [53] studied the vulnerability of OSNs' to large-scale infiltration by socialbots. They created a Socialbot Network (SbN), that is, a community of fake users that form many connections among each other to generate attraction from regular users. ...
... Then, to avoid detection due to anomalous structure, or due to the detection of one fake user who presented anomalous behavior, the SbN decomposes by deleting connections between the fake users. Finally, the SbN performs an attack of choice, usually information harvesting for spreading fake news [53]. ...
... Inspired by Boshmaf et al. [53], we utilized our network generator (see Section 3.2) to evaluate CMMAC on synthetic networks that simulate different points in the progress of the SbN decomposition and different networks' properties, by generating 1,000 anomaly-infused community-structured random networks. ...
Preprint
Nowadays, detecting anomalous communities in networks is an essential task in research, as it helps discover insights into community-structured networks. Most of the existing methods leverage either information regarding attributes of vertices or the topological structure of communities. In this study, we introduce the Co-Membership-based Generic Anomalous Communities Detection Algorithm (referred as to CMMAC), a novel and generic method that utilizes the information of vertices co-membership in multiple communities. CMMAC is domain-free and almost unaffected by communities' sizes and densities. Specifically, we train a classifier to predict the probability of each vertex in a community being a member of the community. We then rank the communities by the aggregated membership probabilities of each community's vertices. The lowest-ranked communities are considered to be anomalous. Furthermore, we present an algorithm for generating a community-structured random network enabling the infusion of anomalous communities to facilitate research in the field. We utilized it to generate two datasets, composed of thousands of labeled anomaly-infused networks, and published them. We experimented extensively on thousands of simulated, and real-world networks, infused with artificial anomalies. CMMAC outperformed other existing methods in a range of settings. Additionally, we demonstrated that CMMAC can identify abnormal communities in real-world unlabeled networks in different domains, such as Reddit and Wikipedia.
... Twitter is widely used by governments and is highly renowned for spreading fake news and propaganda (Boshmaf et al., 2011) through bots and fake accounts. These accounts are used to manipulate public opinion and narratives, polarizing people in the political domain . ...
... The use of bots, echo chambers and suspicious accounts in today's politics is indisputable (Boshmaf et al., 2011;Ferrara et al., 2016). Governments use these methods to widely spread political falsehood (Weeks, 2018). ...
Article
Full-text available
This research explores the Iranian state narrative through Twitter after the flight PS752 incident. The IRGC downed an airliner jet amid the tension with America creating a narrative battle on social media and social media users tried to counter this weaponization of social media. Understanding this weaponization might help the civil society in the future. Information dominance in social media leads to creatin of a state fabricated truth. To this end, 13517 tweets were scraped using the R program 14 days after the incident. After refining the tweet pool, 4947 tweets were used to identify the state narratives. Thematic analysis and narrative analysis are integrated to obtain a multidimensional understanding. Four narratives are identified, the enemy narrative, the intimidation narrative, the threat narrative, and the fake news narrative. Narratives’ functions and structures are also discussed to present a better understanding of these state narratives and how the Internet and social media Are used as a weapon against civil society. The findings reveal how social media might be used to portray a desired propaganda narrative of reality
... The interpersonal communication capabilities of social bots can even increase the social presence of human users more than human-tohuman interactions and activities [29]. However, interaction with social bots may also mislead human behavior and even cause negative problems such as privacy leakage [30]. ...
Article
Full-text available
In the field of social media, the systematic impact that bot users bring to the dissemination of public opinion has been a key concern of the research. To achieve more effective opinion management, it is important to understand how and why behavior differs between bot users and human users. The study compares the differences in behavioral characteristics and diffusion mechanisms between bot users and human users during public opinion dissemination, using public health emergencies as the research target, and further provides specific explanations for the differences. First, the study classified users with bot characteristics and human users by establishing the relevant formulas of user indicator characteristics. Secondly, the study used deep learning methods such as Top2Vec and BERT to extract topics and sentiments, and used social network analysis methods to construct network graphs and compare network attribute features. Finally, the study further compared the differences in information dissemination between posts published by bot users and human users through multi-factor ANOVA. It was found that there were significant differences in behavioral characteristics and diffusion mechanisms between bot users and human users. The findings can help guide the public to pay attention to topic shifting and promote the diffusion of positive emotions in social networks, which in turn can better achieve emergency management of emergencies and the maintenance of online orders.
... Having full availability of navigation and communication data in Social Lab allows researchers to investigate behaviour in social media on an individual and group level. Automated artificial users ("social bots", for a similar concept of socialbots not native to a SNS see, e.g., Boshmaf et al., 2011) are 476 available to the researcher to simulate and stimulate social networking situations. These bots respond dynamically to situations as they unfold and they have a memory for their previous interactions. ...
... Um esforço equivocadamente empregado nas redes digitais para o aumento do Capital Social é o aumento artificial (não-natural ou não-orgânico) do número de seguidores, quer seja pela adoção inapropriada de estratégias ligadas ao marketing de influência [8] por exemplo, ou até mesmo pela aquisição de número de seguidores, geralmente, robôs ou perfis de usuários não autênticos [9]. O insucesso desse esforço é evidente, pois não basta ter muitos seguidores (uma rede de conexões ampla) sem que esses indivíduos interajam entre si, estimulados incessantemente por um agente. ...
Article
Full-text available
We present in this paper a novel approach for measuring Bourdieusian Social Capital (BSC) within Institutional Pages and Profiles. We analyse Facebook's Institutional Pages and Twitter's Institutional Profiles. Supported by Pierre Bourdie's theory, we search for directions to identify and capture data related to sociability practices, i. e. actions performed such as Like, Comment and Share. The system of symbolic exchanges and mutual recognition treated by Pierre Bourdieu is represented and extracted automatically from these data in the form of generalized sequential patterns. In this format, the social interactions captured from each page are represented as sequences of actions. Next, we also use such data to measure the frequency of occurrence of each sequence. From such frequencies, we compute the effective mobilization capacity. Finally, the volume of BSC is computed based on the capacity of effective mobilization, the number of social interactions captured and the number of followers on each page. The results are aligned with Bourdieu's theory. The approach can be generalized to institutional pages or profiles in Online Social Networks.
... The literature on the detection and analysis of bots principally defines and annotates bots either by their nature or their primary function. The popular term "social bot" in reference to "bots mimicking human behavior" is an example of the former (Boshmaf et al. 2011;Ferrara et al. 2016), which are usually reliant on human annotation, which we know to be unreliable (Cresci et al. 2019b). The latter, e.g., spammers (Chu, Widjaja, and Wang 2012;Yardi et al. 2010;Herzallah, Faris, and Adwan 2018), fake followers (Cresci et al. 2015), and astroturfing bots , are usually less reliant on human annotation since the function of an account is more straightforward to define and detect based on specific behavior. ...
Preprint
Malicious Twitter bots are detrimental to public discourse on social media. Past studies have looked at spammers, fake followers, and astroturfing bots, but retweet bots, which artificially inflate content, are not well understood. In this study, we characterize retweet bots that have been uncovered by purchasing retweets from the black market. We detect whether they are fake or genuine accounts involved in inauthentic activities and what they do in order to appear legitimate. We also analyze their differences from human-controlled accounts. From our findings on the nature and life-cycle of retweet bots, we also point out several inconsistencies between the retweet bots used in this work and bots studied in prior works. Our findings challenge some of the fundamental assumptions related to bots and in particular how to detect them.
Article
Full-text available
Botnets are conglomerations of traded PCs (bots) that are remotely controlled by its originator (botmaster) under a command-and-control (C&C) foundation. Botnets are the making dangers against cutting edge security. They are the key vehicles for several Internet assaults, for example, spam, distributed denial-of-service (DDoS) attack, rebate distortion, malware spreading, and phishing. This review paper depicts the botnet examined in three domains: preview of botnets, observation, and analysis of botnets, apart from keeping track of them and protecting against them too. We have also attempted to the various ways to indicate differing countermeasures to the botnet dangers and propose future heading for botnet affirmation look into a consolidated report on the energy investigation and future headings for botnet break down are also been presented in this paper.
Article
Full-text available
With the increasing use of social networking site, there are increments in the malicious, fake, and viruses. Daily approximately 20 million users will register in one day on different social networking site. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. And now days this problem is more critical, as our survey find that at least 13% of apps in our dataset are malicious. And due to this the research community has focused on detecting malicious posts and campaigns. In this paper, we took the survey of some social networking sites and application and malicious activity relates to it. Also we mention the different techniques to control malicious activities for different social networking sites like Twitter, Facebook.
Article
With the increasing use of social networking site, there are increments in the malicious, fake, and viruses. Daily approximately 20 million users will register in one day on different social networking site. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. And now days this problem is more critical, as our survey find that at least 13% of apps in our dataset are malicious. And due to this the research community has focused on detecting malicious posts and campaigns. In this paper, we took the survey of some social networking sites and application and malicious activity relates to it. Also we mention the different techniques to control malicious activities for different social networking sites like Twitter, Facebook.
Article
Full-text available
Popular Internet sites are under attack all the time from phishers, fraudsters, and spammers. They aim to steal user information and expose users to unwanted spam. The attackers have vast resources at their disposal. They are well-funded, with full-time skilled labor, control over compromised and infected accounts, and access to global botnets. Protecting our users is a challenging adversarial learning problem with extreme scale and load requirements. Over the past several years we have built and deployed a coherent, scalable, and extensible realtime system to protect our users and the social graph. This Immune System performs realtime checks and classifications on every read and write action. As of March 2011, this is 25B checks per day, reaching 650K per second at peak. The system also generates signals for use as feedback in classifiers and other components. We believe this system has contributed to making Facebook the safest place on the Internet for people and their information. This paper outlines the design of the Facebook Immune System, the challenges we have faced and overcome, and the challenges we continue to face.
Chapter
Full-text available
The ability to tell humans and computers apart is imperative to protect many services from misuse and abuse. For this purpose, tests called CAPTCHAs or HIPs have been designed and put into production. Recent history shows that most (if not all) can be broken given enough time and commercial interest: CAPTCHA design seems to be a much more difficult problem than previously thought. The assumption that difficult-AI problems can be easily converted into valid CAPTCHAs is misleading. There are also some extrinsic problems that do not help, especially the big number of in-house designs that are put into production without any prior public critique. In this paper we present a state-of-the-art survey of current HIPs, including proposals that are now into production. We classify them regarding their basic design ideas. We discuss current attacks as well as future attack paths, and we also present common errors in design, and how many implementation flaws can transform a not necessarily bad idea into a weak CAPTCHA. We present examples of these flaws, using specific well-known CAPTCHAs. In a more theoretical way, we discuss the threat model: confronted risks and countermeasures. Finally, we introduce and discuss some desirable properties that new HIPs should have, concluding with some proposals for future work, including methodologies for design, implementation and security assessment.
Conference Paper
Full-text available
Within this paper we present our novel friend injection attack which exploits the fact that the great majority of social networking sites fail to protect the communication between its users and their services. In a practical evaluation, on the basis of public wireless access points, we furthermore demonstrate the feasibility of our attack. The friend injection attack enables a stealth infiltration of social networks and thus outlines the devastating consequences of active eavesdropping attacks against social networking sites. Keywordssocial networks-privacy-infiltration
Conference Paper
Full-text available
We propose Stegobot, a new generation botnet that communicates over probabilistically unobservable communication channels. It is designed to spread via social malware attacks and steal information from its victims. Unlike conventional botnets, Stegobot traffic does not introduce new communication endpoints between bots. Instead, it is based on a model of covert communication over a social-network overlay – bot to botmaster communication takes place along the edges of a social network. Further, bots use image steganography to hide the presence of communication within image sharing behavior of user interaction. We show that it is possible to design such a botnet even with a less than optimal routing mechanism such as restricted flooding. We analyzed a real-world dataset of image sharing between members of an online social network. Analysis of Stegobot’s network throughput indicates that stealthy as it is, it is also functionally powerful – capable of channeling fair quantities of sensitive data from its victims to the botmaster at tens of megabytes every month.
Conference Paper
Full-text available
In this paper, we present a case study describing the privacy and trust that exist within a small population of online social network users. We begin by formally characterizing different graphs in social network sites like Facebook. We then determine how often people are willing to divulge personal details to an unknown online user, an adversary. While most users in our sample did not share sensitive information when asked by an adversary, we found that more users were willing to divulge personal details to an adversary if there is a mutual friend connected to the adversary and the user. We then summarize the results and observations associated with this Facebook case study.
Article
Despite neglecting even basic security measures, close to two billion people use the Internet, and only a small fraction appear to be victimized each year. This paper suggests that an explanation lies in the economics of at-tacks. We distinguish between scalable attacks, where costs are almost independent of the number of users at-tacked, and non-scalable (or targeted) attacks, which involve per-user effort. Scalable attacks reach orders of magnitude more users. To compensate for her disad-vantage in terms of reach the targeted attacker must target users with higher than average value. To accomplish this she needs that value be both vis-ible and very concentrated, with few users having very high value while most have little. In this she is for-tunate: power-law longtail distributions that describe the distributions of wealth, fame and other phenomena are extremely concentrated. However, in these distribu-tions only a tiny fraction of the population have above average value. For example, fewer than 2% of people have above average wealth in the US. Thus, when at-tacking assets where value is concentrated, the targeted attacker ignores the vast majority of users, since at-tacking them hurts rather than helps her requirement to extract greater than average value. This helps explain why many users escape harm, even when they neglect security precautions: most users never experience most attacks. Attacks that involve per-user effort will be seen by only a tiny fraction of users. No matter how clever the exploit, unless the expected value is high, there is little place for per-user effort in this world of mass-produced attacks.
Article
A previously derived iteration formula for a random net was applied to some data on the spread of information through a population. It was found that if the axon density (the only free parameter in the formula) is determined by the first pair of experimental values, the predicted spread is much more rapid than the observed one. If the successive values of the “apparent axon density” are calculated from the successive experimental values, it is noticed that this quantity at first suffers a sharp drop from an initial high value to its lowest value and then gradually “recovers”. An attempt is made to account for this behavior of the apparent axon density in terms of the “assumption of transitivity”, based on a certain socio-structural bias, namely, that the likely contacts of two individuals who themselves have been in contact are expected to be strongly overlapping. The assumption of transitivity leads to a drop in the apparent axon density from an arbitrary initial value to the vicinity of unity (if the actual axon density is not too small). However, the “recovery” is not accounted for, and thus the predicted spread turns out to beslower than the observed.