Detecting Hacked Twitter Accounts based on Behavioural Change

Meike Nauta, Mena Habib, Maurice van Keulen

2017

Abstract

Social media accounts are valuable for hackers for spreading phishing links, malware and spam. Furthermore, some people deliberately hack an acquaintance to damage his or her image. This paper describes a classification for detecting hacked Twitter accounts. The model is mainly based on features associated with behavioural change such as changes in language, source, URLs, retweets, frequency and time. We experiment with a Twitter data set containing tweets of more than 100 Dutch users including 37 who were hacked. The model detects 99% of the malicious tweets which proves that behavioural changes can reveal a hack and that anomaly-based features perform better than regular features. Our approach can be used by social media systems such as Twitter to automatically detect a hack of an account only a short time after the fact allowing the legitimate owner of the account to be warned or protected, preventing reputational damage and annoyance.

References

  1. Ablon, L., Libicki, M. C., and Golay, A. A. (2014). Markets for Cybercrime Tools and Stolen Data: Hackers' Bazaar. RAND Corporation, Santa Monica, CA.
  2. Aggarwal, A. and Kumaraguru, P. (2015). What they do in shadows: Twitter underground follower market.
  3. Amleshwaram, A., Reddy, N., Yadav, S., Gu, G., and Yang, C. (2013). Cats: Characterizing automation of twitter spammers.
  4. Benevenuto, F., Magno, G., Rodrigues, T., and Almeida, V. (2010). Detecting spammers on twitter.
  5. Beniwal, S. and Arora, J. (2012). Classification and feature selection techniques in data mining. IJERT, 1(6).
  6. Chen, C., Zhang, J., Chen, X., Xiang, Y., and Zhou, W. (2015). 6 million spam tweets: A large ground truth for timely twitter spam detection.
  7. Demidova, N. (2014). Social network frauds. https://securelist.com/analysis/publications/63855/ social-network-frauds/.
  8. Egele, M., Stringhini, G., Kruegel, C., and Vigna, G. (2013). Compa: Detecting compromised accounts on social networks.
  9. Gawale, N. and Patil, N. (2015). Implementation of a system to detect malicious urls for twitter users.
  10. Google. Security notification settings, alerts for new signins. https://support.google.com/accounts/answer/2733203, Last visited: June 18th 2016.
  11. Hall, M. and Holmes, G. (2003). Benchmarking attribute selection techniques for discrete class data mining. IEEE Transactions on Knowledge and Data Engineering, 15(6):1437-1447.
  12. Hall, M. A. (1999). Correlation-based feature selection for machine learning. PhD thesis, The University of Waikato.
  13. Iguyon, I. and Elisseeff, A. (2003). An introduction to variable and feature selection. Journal of Machine Learning Research, 3:1157-1182.
  14. McCord, M. and Chuah, M. (2011). Spam detection on twitter using traditional classifiers.
  15. Mei, Y., Zhang, Z., Zhao, W., Yang, J., and Nugroho, R. (2015). A hybrid feature selection method for predicting user influence on twitter.
  16. Moore, H. and Roberts, D. (2013). Ap twitter hack causes panic on wall street and sends dow plunging. http://www.theguardian.com/business/2013/apr/23/ ap-tweet-hack-wall-street-freefall, 23th April 2013.
  17. Platt, J. C. (1999). Fast training of support vector machines using sequential minimal optimization. In Advances in kernel methods, pages 185-208. MIT Press Cambridge. ISBN 0-262-19416-3.
  18. Sang, E. and Van Den Bosch, A. (2013). Dealing with big data: The case of twitter. Computational Linguistics in the Netherlands Journal, 3:121-134.
  19. Thomas, K., Grier, C., Song, D., and Paxson, V. (2011). Suspended accounts in retrospect: An analysis of twitter spam. Proc. of IMC 2011, pages 243-258.
  20. Thomas, K., Li, F., Grier, C., and Paxson, V. (2014). Consequences of connectivity: Characterizing account hijacking on twitter.
  21. Twitter (2016a). Reporting spam on https://support.twitter.com/articles/64986, Last visited: 9th 2016.
  22. Twitter (2016b). Tweets field guide, developers documentation overview. https://dev.twitter.com/overview/api/tweets, Last visited: May 13th 2016.
  23. Whittaker, Z. (2016). A hacker claims to be selling millions of twitter accounts. ZDNet, http://www.zdnet.com/article/twitter-32-millioncredentials-accounts-selling-online/, June 9th 2016.
  24. Yang, C., Harkreader, R., and Gu, G. (2011). Die free or live hard? empirical evaluation and new design for fighting evolving twitter spammers.
  25. Yardi, S., Romero, D., Schoenebeck, G., and Boyd, D. (2010). Detecting spam in a twitter network. First Monday, 15(1).
  26. Youn, S. and McLeod, D. (2007). A comparative study for email classification. In Advances and Innovations in Systems, Computing Sciences and Software Engineering, pages 387-391. Springer.
  27. Zangerle, E. and Specht, G. (2014). ”sorry, i was hacked” a classification of compromised twitter accounts. Proc. of ACM SAC 2014, pages 587-593.
Download


Paper Citation


in Harvard Style

Nauta M., Habib M. and van Keulen M. (2017). Detecting Hacked Twitter Accounts based on Behavioural Change . In Proceedings of the 13th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-246-2, pages 19-31. DOI: 10.5220/0006213600190031


in Bibtex Style

@conference{webist17,
author={Meike Nauta and Mena Habib and Maurice van Keulen},
title={Detecting Hacked Twitter Accounts based on Behavioural Change},
booktitle={Proceedings of the 13th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2017},
pages={19-31},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006213600190031},
isbn={978-989-758-246-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - Detecting Hacked Twitter Accounts based on Behavioural Change
SN - 978-989-758-246-2
AU - Nauta M.
AU - Habib M.
AU - van Keulen M.
PY - 2017
SP - 19
EP - 31
DO - 10.5220/0006213600190031