Tesis de doctorado

Botnet detection on twitter: a novel similarity-based clustering mechanism

Loading...
Thumbnail Image

Citation

View formats

Share

Bibliographic managers

Abstract

Botnet detection on Twitter represents a critical yet under-explored research problem,as botnets programmed with malicious intent threaten the platform’s security and credibility. Although Twitter has implemented mitigation strategies, such as imposing restrictions andbans, these measures remain insufficient due to botnets’ rapid creation and expansion. Existing solutions proposed by researchers for manual and automated botnet detection typically rely on individual metrics commonly used for detecting bots. However, these approaches lack the necessary group-oriented analysis and metrics critical for effectively identifying botnets of varying sizes and objectives. To address this issue, we have developed an innovative botnet detection mechanism based on similarity, which significantly enhances the detection rate of botnets on Twitter. Each bot, regardless of its complexity, leaves detectable traces of automation in its creation, behavior, or interactions with other accounts. By characterizing these traces, we can establish relationships between bots, enabling effective botnet detection. Our mechanism constructs a regression model to quantify the similarity between bots, leveraging features from user data, tweet patterns, and social interactions on the platform. Then, it uses this similarity measure to build a distance matrix, enabling the formation of groups with shared attributes, connections, and objectives through clustering methods. Our botnet detection mechanism achieved extraordinary success, evidenced by high scores on external Clustering Validation Indices (CVIs) and the Area under the ROC Curve (AUC) compared to existing solutions from the literature. Furthermore, the mechanism proved effective when confronted with unknown botnets with varied objectives. Our experimental findings suggest that this work is well-positioned to strengthen future botnet detection mechanisms, having shown the value of incorporating social interaction features. This integration offers a strategic advantage in the ongoing arms race against botmasters and their malicious objectives. Additionally, our mechanism consistently outperforms other approaches across various metrics, configurations, and algorithms, underscoring its effectiveness and adaptability in different detection scenarios.

Description

https://orcid.org/0000-0002-3465-995X

Collections

Loading...

Document viewer

Select a file to preview:
Reload

logo

El usuario tiene la obligación de utilizar los servicios y contenidos proporcionados por la Universidad, en particular, los impresos y recursos electrónicos, de conformidad con la legislación vigente y los principios de buena fe y en general usos aceptados, sin contravenir con su realización el orden público, especialmente, en el caso en que, para el adecuado desempeño de su actividad, necesita reproducir, distribuir, comunicar y/o poner a disposición, fragmentos de obras impresas o susceptibles de estar en formato analógico o digital, ya sea en soporte papel o electrónico. Ley 23/2006, de 7 de julio, por la que se modifica el texto revisado de la Ley de Propiedad Intelectual, aprobado

Licencia