Abstract: Critical functionality and huge influence of the hot trend/topic page (HTP) in microblogging sites have driven the creation of a new kind of underground service called the bogus traffic service (BTS). BTS provides a kind of illegal service which hijacks the HTP by pushing the controlled topics into it for malicious customers with the goal of guiding public opinions. To hijack HTP, the agents of BTS maintain an army of black-market accounts called bogus traffic accounts (BTAs) and control BTAs to generate a burst of fake traffic by massively retweeting the tweets containing the customer desired topic (hashtag). Although this service has been extensively exploited by malicious customers, little has been done to understand it. In this paper, we conduct a systematic measurement study of the BTS. We first investigate and collect 125 BTS agents from a variety of sources and set up a honey pot account to capture BTAs from these agents. We then build a BTA detector that detects 162 218 BTAs from Weibo, the largest Chinese microblogging site, with a precision of 94.5%. We further use them as a bridge to uncover 296 916 topics that might be involved in bogus traffic. Finally, we uncover the operating mechanism from the perspectives of the attack cycle and the attack entity. The highlights of our findings include the temporal attack patterns and intelligent evasion tactics of the BTAs. These findings bring BTS into the spotlight. Our work will help in understanding and ultimately eliminating this threat.

在线社交网络中的虚假流量服务挖掘

[1]Ali Alhosseini S, Bin Tareaf R, Najafi P, et al., 2019. Detect me if you can: spam bot detection using inductive representation learning. Companion Proc World Wide Web Conf, p.148-153.

[2]Alibaba Inc., 2020. Alibaba Annual Report. https://static.alibabagroup.com/reports/fy2020/ar/ebook/en/index.html [Accessed on Feb. 23, 2022].

[3]Alvisi L, Clement A, Epasto A, et al., 2013. SoK: the evolution of sybil defense via social networks. IEEE Symp on Security and Privacy, p.382-396.

[4]Beskow DM, Carley KM, 2019. Its all in a name: detecting and labeling bots by their name. Comput Math Organ Theory, 25(1):24-35.

[5]Beskow DM, Carley KM, 2020. You are known by your friends: leveraging network metrics for bot detection in Twitter. In: Tayebi MA, Glässer U, Skillicorn DB (Eds.), Open Source Intelligence and Cyber Crime: Social Media Analytics. Springer, Switzerland, p.53-88.

[6]Booij TM, Verburgh T, Falconieri F, et al., 2021. Get rich or keep tryin’ trajectories in dark net market vendor careers. IEEE European Symp on Security and Privacy Workshops, p.202-212.

[7]Boshmaf Y, Logothetis D, Siganos G, et al., 2015. Integro: leveraging victim prediction for robust fake account detection in OSNs. Network and Distributed System Security Symp, p.8-11.

[8]Cao Q, Yang XW, Yu JQ, et al., 2014. Uncovering large groups of active malicious accounts in online social networks. Proc ACM SIGSAC Conf on Computer and Communications Security, p.477-488.

[9]Chen TQ, Guestrin C, 2016. XGBoost: a scalable tree boosting system.

[10]Cresci S, di Pietro R, Petrocchi M, et al., 2017. The paradigm-shift of social spambots: evidence, theories, and tools for the arms race. Proc 26^th Int Conf on World Wide Web Companion, p.963-972.

[11]Cresci S, Petrocchi M, Spognardi A, et al., 2019. On the capability of evolved spambots to evade detection via genetic engineering. Online Soc Netw Med, 9:1-16.

[12]Cuevas A, Miedema F, Soska K, et al., 2022. Measurement by proxy: on the accuracy of online marketplace measurements. 31^st USENIX Security Symp, p.2153-2170.

[13]de Cristofaro E, Friedman A, Jourjon G, et al., 2014. Paying for likes? Understanding Facebook like fraud using honeypots. Proc Conf on Internet Measurement Conf, p.129-136.

[14]Devlin J, Chang MW, Lee K, et al., 2018. BERT: pre-training of deep bidirectional Transformers for language understanding.

[15]Dutta HS, Chakraborty T, 2020. Blackmarket-driven collusion among retweeters—analysis, detection, and characterization. IEEE Trans Inform Forens Secur, 15:1935-1944.

[16]Elmas T, Overdorf R, Özkalay AF, et al., 2021. Ephemeral astroturfing attacks: the case of fake Twitter trends. IEEE European Symp on Security and Privacy, p.403-422.

[17]Feng SB, Wan HR, Wang NN, et al., 2021. TwiBot-20: a comprehensive Twitter bot detection benchmark. Proc 30^th ACM Int Conf on Information & Knowledge Management, p.4485-4494.

[18]Feng SB, Tan ZX, Li R, et al., 2022. Heterogeneity-aware Twitter bot detection with relational graph transformers. Proc AAAI Conf Artif Intell, 36(4):3977-3985.

[19]Feng SB, Tan ZX, Wan HR, et al., 2023. TwiBot-22: towards graph-based Twitter bot detection.

[20]Freitas C, Benevenuto F, Ghosh S, et al., 2015. Reverse engineering socialbot infiltration strategies in Twitter. IEEE/ACM Int Conf on Advances in Social Networks Analysis and Mining, p.25-32.

[21]Guo ZY, Wang LQ, Wang YF, et al., 2018. Public opinion spamming: a model for content and users on Sina Weibo. Proc 10^th ACM Conf on Web Science, p.210-214.

[22]HuggingFace, 2022. BERT Base Chinese Model. https://huggingface.co/bert-base-chinese [Accessed on May 26, 2022].

[23]Jakesch M, Garimella K, Eckles D, et al., 2021. Trend alert: a cross-platform organization manipulated Twitter trends in the Indian general election. Proc ACM Human-Computer Interact, 5(CSCW2):379.

[24]JD Inc., 2020. JD Annual Report. https://ir.jd.com/static-files/fc93d5dd-9437-4141-9191-f960ba46874b [Accessed on May 26, 2022].

[25]Just MR, Crigler AN, Metaxas P, et al., 2012. “It’s trending on Twitter”—an analysis of the Twitter manipulations in the Massachusetts 2010 Special Senate Election. Annual Meeting of the American Political Science Association.

[26]Le QV, Mikolov T, 2014. Distributed representations of sentences and documents. https://arxiv.org/abs/1405.4053

[27]Liu PF, Yuan WZ, Fu JL, et al., 2023. Pre-train, prompt, and predict: a systematic survey of prompting methods in natural language processing. ACM Comput Surv, 55(9):195.

[28]Mihalcea R, Tarau P, 2004. TextRank: bringing order into text. Proc Conf on Empirical Methods in Natural Language Processing, p.404-411. https://aclanthology.org/W04-3252

[29]Mikolov T, Chen K, Corrado G, et al., 2013. Efficient estimation of word representations in vector space. https://arxiv.org/abs/1301.3781

[30]PDD Inc., 2020. PDD Annual Report. https://investor.pddholdings.com/static-files/0ad89f79-7123-4072-8662-d5509227526c [Accessed on May 26, 2022].

[31]Song J, Lee S, Kim J, 2015. CrowdTarget: target-based detection of crowdturfing in online social networks. Proc 22^nd ACM SIGSAC Conf on Computer and Communications Security, p.793-804.

[32]Stringhini G, Wang G, Egele M, et al., 2013. Follow the green: growth and dynamics in Twitter follower markets. Proc Conf on Internet Measurement Conf, p.163-176.

[33]Thomas K, McCoy D, Grier C, et al., 2013. Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. Proc 22^nd USENIX Conf on Security, p.195-210. https://dl.acm.org/doi/10.5555/2534766.2534784

[34]Thomas K, Li F, Grier C, et al., 2014. Consequences of connectivity: characterizing account hijacking on Twitter. Proc ACM SIGSAC Conf on Computer and Communications Security, p.489-500.

[35]Torres-Lugo C, Yang KC, Menczer F, 2022. The manufacture of partisan echo chambers by follow train abuse on Twitter. Proc Int AAAI Conf Web Soc Med, 16(1):1017-1028.

[36]van Wegberg R, Tajalizadehkhoob S, Soska K, et al., 2018. Plug and prey? Measuring the commoditization of cybercrime via online anonymous markets. Proc 27^th USENIX Conf on Security Symp, p.1009-1026.

[37]Weerasinghe J, Flanigan B, Stein A, et al., 2020. The pod people: understanding manipulation of social media popularity via reciprocity abuse. Proc Web Conf, p.1874-1884.

[38]Woolley SC, 2016. Automating power: social bot interference in global politics. First Mond, 21(4).

[39]Yang C, Harkreader R, Gu GF, 2013. Empirical evaluation and new design for fighting evolving Twitter spammers. IEEE Trans Inform Forens Secur, 8(8):1280-1293.

[40]Yu HF, Kaminsky M, Gibbons PB, et al., 2006. SybilGuard: defending against sybil attacks via social networks. SIGCOMM Comput Commun Rev, 36(4):267-278.

[41]Yu HF, Gibbons PB, Kaminsky M, et al., 2010. SybilLimit: a near-optimal social network defense against sybil attacks. IEEE/ACM Trans Netw, 18(3):885-898.

[42]Yuan D, Miao YL, Gong NZ, et al., 2019. Detecting fake accounts in online social networks at the time of registrations. Proc ACM SIGSAC Conf on Computer and Communications Security, p.1423-1438.

[43]Zhang YB, Ruan X, Wang HN, et al., 2017. Twitter trends manipulation: a first look inside the security of Twitter trending. IEEE Trans Inform Forens Secur, 12(1):144-156.

[44]Zheng HZ, Xue MH, Lu H, et al., 2017. Smoke screener or straight shooter: detecting elite sybil attacks in user-review social networks. https://arxiv.org/abs/1709.06916