Presentation is loading. Please wait.

Presentation is loading. Please wait.

Suspended Accounts in Retrospect: An Analysis of Twitter Spam Kurt Thomas, Chris Grier, Vern Paxson, Dawn Song University of California, Berkeley International.

Published byKelly Gallagher Modified over 8 years ago

Similar presentations

Presentation on theme: "Suspended Accounts in Retrospect: An Analysis of Twitter Spam Kurt Thomas, Chris Grier, Vern Paxson, Dawn Song University of California, Berkeley International."— Presentation transcript:

1 Suspended Accounts in Retrospect: An Analysis of Twitter Spam Kurt Thomas, Chris Grier, Vern Paxson, Dawn Song University of California, Berkeley International Computer Science Institute

2 Motivation Social networks are regular targets for abuse – 26% of URLs on Twitter lead to spam – 10% of URLs on Facebook Underground economy targeting social networks remains obscure – Account behavior – Challenges faced by spammers

3 Our Study We examine 7 months of Twitter spam: – Accounts, techniques used to distribute spam – Emerging support infrastructure – Sophistication of campaigns Characterize performance of existing defenses – Hostile environment for spammers – Low barriers, persistent attacks

4 Outline Dataset Accounts, URLs, Tools Spam as a service Campaigns

5 DATASET

6 Sample Size Daily sample from Twitter, 12M tweets/day – Limit to tweets with URLs – Some days missing: network outages, crashes 1.8 billion 32.8 million Tweets: Accounts:

7 Sample Rate Fraction of all tweets with URLs:

8 Identifying Spam Which of 1.8 billion tweets are spam? Previous approaches: – Blacklisting [ Grier et al, CCS 2010 ] – Heuristics (bursty, distributed) [ Gao et al. IMC 2010 ] Our approach: – Identify accounts suspended by Twitter – Only 8% of their URLs appear in blacklists

9 Suspended Accounts

10 Suspended.equals(Spam)? True positives: 93% of suspended accounts were spammers – Remaining 7% aggressive marketing, following – None were false positives False negatives: 6% of active accounts were uncaught spammers Twitter catches 37% of spam accounts

11 Spam Dataset 1.1 million 80 million 37 million Spam Accounts: Spam Tweets: Spam URLs:

12 TOOLS OF THE SPAM TRADE

13 Taxonomy of Social Spam Three components to social network spam: @Tobiasgrundesjo

14 Taxonomy of Social Spam Three components to social network spam: – Accounts @Tobiasgrundesjo

15 Taxonomy of Social Spam Three components to social network spam: – Accounts – Engagement Social graph @Tobiasgrundesjo

16 Taxonomy of Social Spam Three components to social network spam: – Accounts – Engagement Social graph Mention @Tobiasgrundesjo

17 Taxonomy of Social Spam Three components to social network spam: – Accounts – Engagement Social graph Mention Hashtag @Tobiasgrundesjo

18 Taxonomy of Social Spam Three components to social network spam: – Accounts – Engagement Social graph Mention Hashtag – Monetizable URLs @Tobiasgrundesjo

19 Accounts Of 1.1 million spam accounts, median stats: 1 day Lifetime: From first sampled tweet to last tweet 2 Followers: Users receiving a spammers content 13 Tweets: Total tweets sent; not just those sampled

20 Tweets Two strategies for tweeting: – Short-lived, bursty posting – Long-lived, low daily posting

21 Engagement Spam accounts forgo social graph for distribution – 89% of accounts < 10 followers Unsolicited @mentions: 52% of accounts #Hashtags, trends: 17% of accounts Alternatives: – Direct messages – Search

22 Social Activity Regular Twitter UserSpam Account Following

23 Spam URLs Of 37 million URLs, two strategies:

24 URLs – Shorteners 60% of spam tweets contain shortened URLs – Over 317 shorteners Shortening ServiceFraction of Tweets Bit.ly35% Tinyurl.com7% Is.gd2% Goo.gl2% Ow.ly2%

25 SPAM AS A SERVICE

26 Centralized Distribution Spammer URL Generation Tweeting Spam Content Twitter Account

27 Spam-as-a-Service Content Controller Account Controller

28 $$$$ Spam-as-a-Service Affiliate Service Content Controller Account Controller Job Posting $$ Job Accepted

29 Affiliate Programs Examples: – Clickbank.com – affiliate paid per click – Amazon.com – affiliate paid per purchase Identify mapping between affiliates, Twitter accounts

30 Affiliate Programs Clickbank affiliate – Median: 565 tweets – Max: 217,686 tweets ProgramTweetsTwitter Accounts Affiliates Clickbank.com3 million16,309203 Amazon.com1 million8,129919 Amazon affiliate – Median: 2 tweets – Max: 324,613 tweets

31 Alternative Services Account sellers, controllers – Ex: spn.tw, Assetize – Mediate access to accounts – 200,000 tweets, 1600 accounts Ad-based URL shorteners – Ex: vur.me, eca.sh – Embed shortened URL in iFrame, surround by ads – 360,000 tweets, 400 accounts

32 SPAM CAMPAIGNS

33 All Together Now – Campaigns Cluster accounts, tweets into campaigns – Automated heuristics – Manual validation Identify 5 of the largest Twitter spam campaigns – 145,000 accounts (13% of dataset) – 18 million tweets (22% of dataset)

34 Campaign: Amazon Abuse Duration: 1 month Accounts: 848 Tweets: 129,600 Engagement: Mentions

35 Campaign: Clickbank Abuse Duration: 7 months Accounts: 16,000 Tweets: 3 million Engagement: Mentions, hashtags

36 Campaign: Pharmacy Duration: 1 day Accounts: 2,200 Tweets: 130,000 Engagement: Trend hijacking

37 Conclusion Variety of spam strategies Fledgling spam-as-a-service market – Affiliate programs – Account providers Complex spam campaigns – Low barrier to creating accounts – Weak defenses, slow response Solutions must target both social networks and the support infrastructure

Download ppt "Suspended Accounts in Retrospect: An Analysis of Twitter Spam Kurt Thomas, Chris Grier, Vern Paxson, Dawn Song University of California, Berkeley International."

Similar presentations

Presented by Amanda Groover Oct. 16 th, 2013. MBA- Marketing from Ashford University BBA- Management from University of North GA Previous Work Experience:

Presented by Amanda Groover Oct. 16 th, MBA- Marketing from Ashford University BBA- Management from University of North GA Previous Work Experience:
Influence and Passivity in Social Media Daniel M. Romero, Wojciech Galuba, Sitaram Asur, and Bernardo A. Huberman Social Computing Lab, HP Labs.

Influence and Passivity in Social Media Daniel M. Romero, Wojciech Galuba, Sitaram Asur, and Bernardo A. Huberman Social Computing Lab, HP Labs.
SOCIAL MEDIA & PHYSICAL ACTIVITY PROMOTION: MAKING THE CONNECTIONS Presented by: Sandra De Freitas

SOCIAL MEDIA & PHYSICAL ACTIVITY PROMOTION: MAKING THE CONNECTIONS Presented by: Sandra De Freitas
@ SPAM : T HE U NDERGROUND ON 140 C HARACTERS OR L ESS Chris Grier, Vern Paxson, Michael Zhang University of California, Berkeley Kurt Thomas University.

@ SPAM : T HE U NDERGROUND ON 140 C HARACTERS OR L ESS Chris Grier, Vern Paxson, Michael Zhang University of California, Berkeley Kurt Thomas University.
By Lee Betancourt Director of Communications and Public Relations Jane Myers Public Relations, Communications and Social Media Coordinator Social Media.

By Lee Betancourt Director of Communications and Public Relations Jane Myers Public Relations, Communications and Social Media Coordinator Social Media.
Twitter The Basics. What is Twitter? Tweets are: 140 characters or less Quick to follow and view updates Used to share links, photos, videos, music,hot.

Twitter The Basics. What is Twitter? Tweets are: 140 characters or less Quick to follow and view updates Used to share links, photos, videos, music,hot.
Design and Evaluation of a Real-Time URL Spam Filtering Service

Design and Evaluation of a Real-Time URL Spam Filtering Service
ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.

ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.
DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.

DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.
Social Media Intro to Business & Marketing. The most three most trusted forms of advertising are: Recommendations from people I know - 90% Consumer opinions.

Social Media Intro to Business & Marketing. The most three most trusted forms of advertising are: Recommendations from people I know - 90% Consumer opinions.
Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,

Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,
ACMI Social Media Strategy Introduction How can Facebook & Twitter be used for improving business? How can Facebook & Twitter be integ- rated into the.

ACMI Social Media Strategy Introduction How can Facebook & Twitter be used for improving business? How can Facebook & Twitter be integ- rated into the.
Victor Ivanov. Introduction  Definition  Unsolicited bulk messages  Concerns  Server load  Garbage content.

Victor Ivanov. Introduction  Definition  Unsolicited bulk messages  Concerns  Server load  Garbage content.
Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology.

Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology.
Cloud and Big Data Summer School, Stockholm, Aug., 2015 Jeffrey D. Ullman.

Cloud and Big Data Summer School, Stockholm, Aug., 2015 Jeffrey D. Ullman.
July 30th – August 1st, 2013 McCormick Place, Chicago, IL Integrating Social Media at Live Events David Brull July 30,

July 30th – August 1st, 2013 McCormick Place, Chicago, IL Integrating Social Media at Live Events David Brull July 30,
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
Detecting Spammers on Social Networks Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna (University of California) Annual Computer Security Applications.

Detecting Spammers on Social Networks Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna (University of California) Annual Computer Security Applications.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
Affordable Tools Social Media, Conversion & Best Picks By Patricia Hughes ePlus Marketing, LLC.

Affordable Tools Social Media, Conversion & Best Picks By Patricia Hughes ePlus Marketing, LLC.

Similar presentations

Ads by Google