
Citation
Share
Abstract
Botnet detection on Twitter represents a critical yet under-explored research problem,as botnets programmed with malicious intent threaten the platform’s security and credibility. Although Twitter has implemented mitigation strategies, such as imposing restrictions andbans, these measures remain insufficient due to botnets’ rapid creation and expansion. Existing solutions proposed by researchers for manual and automated botnet detection typically rely on individual metrics commonly used for detecting bots. However, these approaches lack the necessary group-oriented analysis and metrics critical for effectively identifying botnets of varying sizes and objectives. To address this issue, we have developed an innovative botnet detection mechanism based on similarity, which significantly enhances the detection rate of botnets on Twitter. Each bot, regardless of its complexity, leaves detectable traces of automation in its creation, behavior, or interactions with other accounts. By characterizing these traces, we can establish relationships between bots, enabling effective botnet detection. Our mechanism constructs a regression model to quantify the similarity between bots, leveraging features from user data, tweet patterns, and social interactions on the platform. Then, it uses this similarity measure to build a distance matrix, enabling the formation of groups with shared attributes, connections, and objectives through clustering methods. Our botnet detection mechanism achieved extraordinary success, evidenced by high scores on external Clustering Validation Indices (CVIs) and the Area under the ROC Curve (AUC) compared to existing solutions from the literature. Furthermore, the mechanism proved effective when confronted with unknown botnets with varied objectives. Our experimental findings suggest that this work is well-positioned to strengthen future botnet detection mechanisms, having shown the value of incorporating social interaction features. This integration offers a strategic advantage in the ongoing arms race against botmasters and their malicious objectives. Additionally, our mechanism consistently outperforms other approaches across various metrics, configurations, and algorithms, underscoring its effectiveness and adaptability in different detection scenarios.
Description
https://orcid.org/0000-0002-3465-995X