Proceedings of the Twenty-Eighth AAAI Conference on Artificial Intelligence
Online Social Spammer Detection
Xia Hu, Jiliang Tang, Huan Liu Computer Science and Engineering, Arizona State University, USA xiahu, jiliang.tang, huan.liu @asu.edu { }
Abstract been devoted to detect spammers in various social network- The explosive use of social media also makes it a popular ing sites, including Twitter (Lee et al. 2010), Renren (Yang platform for malicious users, known as social spammers, to et al. 2011), Blogosphere (Lin et al. 2007), etc. Exist- overwhelm normal users with unwanted content. One effec- ing methods can generally be divided into two categories. tive way for social spammer detection is to build a classifier First category is to employ content analysis for detecting based on content and social network information. However, spammers in social media. Profile-based features (Lee et al. social spammers are sophisticated and adaptable to game the 2010) such as content and posting patterns are extracted to system with fast evolving content and network patterns. First, build an effective supervised learning model, and the model social spammers continually change their spamming content is applied on unseen data to filter social spammers. Another patterns to avoid being detected. Second, reflexive reciprocity category of methods is to detect spammers via social net- makes it easier for social spammers to establish social influ- work analysis (Ghosh et al. 2012). A widely used assump- ence and pretend to be normal users by quickly accumulating a large number of “human” friends. It is challenging for ex- tion in the methods is that spammers cannot establish an ar- isting anti-spamming systems based on batch-mode learning bitrarily large number of social trust relations with legitimate to quickly respond to newly emerging patterns for effective users. The users with relatively low social influence or social social spammer detection. In this paper, we present a gen- status in the network will be determined as spammers. eral optimization framework to collectively use content and Traditional spammer detection methods become less ef- network information for social spammer detection, and pro- fective due to the fast evolution of social spammers. First, vide the solution for efficient online processing. Experimen- social spammers show dynamic content patterns in social tal results on Twitter datasets confirm the effectiveness and efficiency of the proposed framework. media. Spammers’ content information changes too fast to be detected by a static anti-spamming system based on of- fline modeling (Zhu et al. 2012). Spammers continue to Introduction change their spamming strategies and pretend to be nor- Social media services, like Facebook and Twitter, are in- mal users to fool the system. A built system may be- creasingly used in various scenarios such as marketing, jour- come less effective when the spammers create many new, nalism and public relations. While social media services evasive accounts. Second, many social media sites like have emerged as important platforms for information dis- Twitter have become a target of link farming (Ghosh et semination and communication, it has also become infa- al. 2012). The reflexive reciprocity (Weng et al. 2010; mous for spammers who overwhelm other users with un- Hu et al. 2013b) indicates that many users simply follow wanted content. The (fake) accounts, known as social spam- back when they are followed by someone for the sake of mers (Webb et al. 2008; Lee et al. 2010), are a special type courtesy. It is easier for spammers to acquire a large num- of spammers who coordinate among themselves to launch ber of follower links in social media. Thus, with the per- various attacks such as spreading ads to generate sales, dis- ceived social influence, they can avoid being detected by seminating pornography, viruses, phishing, befriending vic- network-based methods. Similar results targeting other plat- tims and then surreptitiously grabbing their personal infor- forms such as Renren (Yang et al. 2011) have been re- mation (Bilge et al. 2009), or simply sabotaging a system’s ported in literature as well. Existing systems rely on build- reputation (Lee et al. 2010). The problem of social spam- ing a new model to capture newly emerging content-based ming is a serious issue prevalent in social media sites. Char- and network-based patterns of social spammers. Given the acterizing and detecting social spammers can significantly rapidly evolving nature, it is necessary to have a framework improve the quality of user experience, and promote the that efficiently reflects the effect of newly emerging data. healthy use and development of a social networking system. One efficient approach to incrementally update existing Following spammer detection in traditional platforms like model in large-scale data analysis is online learning. While Email and the Web (Chen et al. 2012), some efforts have online learning has been studied for years and shown its ef- Copyright c 2014, Association for the Advancement of Artificial fectiveness in many applications such as image and video Intelligence� (www.aaai.org). All rights reserved. processing (Mairal et al. 2009) and human computer in-
59 teraction (Madani et al. 2009), it has not been applied in al. 2010; Lee et al. 2010), we focus on classifying users as social spammer detection. In this paper, we study how to spammers or normal users, i.e., c =2. It is straightforward capture the fast evolving nature of social spammers using to extend this setting to a multi-class classification task. online learning. In particular, we investigate: (1) how do With the given notations, we formally define the problem we model the content and network information in a unified of online social spammer detection as follows: framework for effective social spammer detection?; and (2) Given k users with their content information Xk, social how do we update the built model to efficiently incorporate network information Gk, and identity label information Yk, newly emerging data objects? Our solutions to these two we learn a factorization model Vk and Uk which could be questions result in a new framework for Online Social Spam- used to learn a classifier Wk to automatically assign iden- mer Detection (OSSD). The proposed framework is a formu- tity labels for unknown users (i.e., test data) as spammers or lation based on directed Laplacian constrained matrix fac- normal users. Given one more user, our goal is to efficiently torization, and is used to incorporate refined social network update the built model Vk+1, Uk+1 and Wk+1 for social information into content modeling. Then we incrementally spammer detection based on k +1users with their content update the factors appropriately to reflect the rapidly evolv- information Xk+1, social network information Gk+1, and ing nature of the social spammers. The main contributions identity label information Yk+1. of this paper are outlined as follows: Formally define the problem of online social spammer de- Social Spammer Detection • tection with content and network information; In this section, we propose a general framework for social Introduce a unified framework that considers both of spammer detection. We first discuss the modeling of con- • the content and network information for effective social tent and social network information separately, and then in- spammer detection; troduce a unified framework to integrate both information. To use content information, one way is to learn a super- Propose a novel scheme to incrementally update the built • vised model, and apply the learned model for spammer de- model for social spammer detection; and tection. Due to the unstructured and noisy content infor- Empirically evaluate the proposed OSSD framework on mation in social media, this method yields two problems • real-world Twitter datasets. to be directly applied to our task. First, text representation models, like n-gram model, often lead to a high-dimensional The remainder of this paper is organized as follows. In feature space because of the large size of data and vocabu- the second section, we formally define the problem of on- lary (Hu et al. 2009). Second, In addition to the short form line social spammer detection. We then introduce a general of texts, abbreviations and acronyms are widely used in so- framework for social spammer detection with content and cial media, thus making the data representation very sparse. network information. In the fourth section, we propose a To tackle the problems, instead of learning word-level novel online learning scheme for the social spammer detec- knowledge, we propose to model the content informa- tion framework. In the experiment section, we report em- tion from topic-level. Motivated by topic modeling litera- pirical results on real-world Twitter datasets to evaluate the ture (Blei et al. 2003), a user’s posts usually focus on a few effectiveness and efficiency of the proposed method. Finally, topics, resulting in X very sparse and low-rank. The pro- we conclude the paper and present the future work. posed method is built on a non-negative matrix factorization model (NMF) (Lee and Seung 1999), which seeks a more Problem Statement compact but accurate low-rank representation of the users In this section, we first introduce the notations used in the by solving the following optimization problem: paper and then formally define the problem we study. 2 min X UH F , Notation: Scalars are denoted by lowercase letters, vec- U,H 0 k � k (1) tors by boldface lowercase letters, and matrices by boldface � n r uppercase letters. Let A denote the Euclidean norm, and where X is the content matrix, U R ⇥ is a mixing matrix r m 2 A the Frobenius normk k of the matrix A, i.e., A = and H R ⇥ with r n is an encoding matrix that k kF k kF 2 ⌧ m n 2 T indicates a low-rank user representation in a topic space. i=1 j=1 Aij. Let A denote the transpose of A. Previous studies have shown that social network informa- qLetP [XP, , Y] be a target social media user set with con- tion is helpful in many applications such as sentiment anal- tent informationG of social media posts X, social network ysis (Tan et al. 2011), trust prediction (Tang et al. 2013) information , and identity label matrix Y. We use X and community deviation detection (Chen et al. 2010). A n m G 2 R ⇥ to denote content information, i.e., messages posted widely used assumption is that representations of two nodes by the users, where n is the number of textual features and are close when they are connected with each other in the m is the number of users. We use =(V,E) to denote the network (Chung 1997; Zhu et al. 2012). This assumption social network, where nodes u andG v in V represent social does not hold in social media. Some social media services media users, and each directed edge [u, v] in E represents a such as microblogging have directed following relations be- following relation from u to v. We do not have self links in tween users. In addition, it is practical for social spammers m c the graph, i.e., u = v. We use Y R ⇥ to denote the iden- to quickly attract a large number of followers to fool the tity label matrix,6 where c is the2 number of identity labels. system. Thus it is not suitable to directly apply the existing Following literature on spammer detection (Benevenuto et methods to the problem we study.
60 Following the way used in (Hu et al. 2013b) to model social network information, we employ a variant of directed [XHT ](i, j) graph Laplacian to model social network information. Given U(i, j) U(i, j) , (5) the social network information and the identity label ma- s[UHHT ](i, j) trix Y, there are four kinds of followingG relations: [spammer, spammer], [normal, normal], [UT X + ↵H ](i, j) [normal, spammer], [spammer, normal]. H(i, j) H(i, j) L� . (6) [UT UH + ↵H +](i, j) The fourth relation that can be easily faked by spammers. s L We exclude the fourth relation and only make use of the first m m The correctness and convergence of the updating rules can three relations. Thus, the adjacency matrix G R ⇥ is defined as 2 be proven with the standard auxiliary function approach (Se- ung and Lee 2001; Gu et al. 2010). Once obtaining the 1 if [u, v] is among the first three relations G(u, v)= low-rank user representation H, a supervised model can be 0 otherwise trained based on the new latent topic space. We employ ⇢ (2) the widely used Least Squares (Lawson and Hanson 1995), T 1 where u and v are users, and [u, v] is a directed edge in the which has a closed-form solution: W =(HH )� HY. graph . TheG in-degree and out-degree of node u is defined as in out du = [v,u] G(v, u) and du = [u,v] G(u, v). Let P be Online Social Spammer Detection the transition probability matrix of random walk in a given P Pout Online learning is an efficient approach to incrementally up- graph with P(u, v)=G(u, v)/du (Zhou et al. 2005). The random walk has a stationary distribution ⇡, which sat- date existing model in large-scale data processing. While isfy ⇡(u)=1, ⇡(v)= ⇡(u)P(u, v) (Chung online learning has been widely used in various applica- u V [u,v] tions such as computer vision (Bucak and Gunsel 2009; 2005; Zhou2 et al. 2005), and ⇡(u) > 0 for all u V . P P 2 Mairal et al. 2010), speech recognition (Wang et al. 2013) To model the network information, the basic idea is to and bioinformatics (Yang et al. 2010), the application to make the latent representations of two users as close as pos- spammer detection is a very new effort. In this section, we sible if there exists a following relation between them. It can will discuss the use of online learning scheme, instead of be mathematically formulated as minimizing batch-mode learning, to update the built social spammer de- tection model. 1 = ⇡(u)P(u, v) H H 2 We have introduced a general social spammer detection R 2 k u � vk model in last section. Given a model built on k users, the [u,v] E X2 aim of the proposed method OSSD is to update factor ma- ⇧P + PT ⇧ trices and by adding the (k + 1)th user without much = tr(H(⇧ )HT ) U H � 2 computational effort. Following the formulation in Eq. (4), = tr(H HT ), (3) the objective function for k +1users is defined as L where Hu denotes the low-rank representation of user u, k+1 k+1 k+1 k+1 2 k+1 Hv the low-rank representation of user v, and ⇧ denotes a min = X U H F + ↵ , Uk+1,Hk+1 0 J k � k R diagonal matrix with ⇧(u, u)=⇡(u). The induction of � Eq. (3) is straightforward and can be also found in previous (7) where Xk+1 represents the content matrix of k +1users, work (Chung 2005; Zhou et al. 2005). This loss function k+1 k+1 will incur a penalty if two users have different low-rank rep- U and H denote the factor matrices to be updated, and k+1 indicates the objective function of graph Lapla- resentations when they have a directed relation in the graph. R With the NMF model, we project the original content in- cian. This optimization problem can be solved with the formation into a latent topic space. By adding the network batch-mode learning updating rules given by Eqs. (5) and information discussed in Eq. (3) as a regularization, our pro- (6). However, due to its high computational cost, an online posed framework can be mathematically formulated as solv- learning updating scheme is needed. ing the following optimization problem: Columns of mixing matrix U can be considered as the building blocks of the data, and each entity of H determines 2 min = X UH F + ↵ , how the building blocks involved in the corresponding ob- H,U 0 J k � k R (4) � servation in X (Hoyer 2004). As the number of data ob- where ↵ is the regularization parameter to control the effects jects increases, effects of each object on the representation of social network information to the learned model. decrease. Since the new data objects would not be able to The objective function defined in Eq. ( 4) is convex of U significantly change the mixing matrix U, it is not neces- and H separately. Following the multiplicative and alternat- sary to update the part of original encoding matrix H which ing updating rules introduced in (Seung and Lee 2001), we corresponds to old objects. Thus, besides updating the mix- optimize the objective with respect to one variable, while ing matrix U, it is adequate to only update the last column fixing the other. Since may take any signs, we decompose of Hk+1 by assuming the first k columns of Hk+1 would + L it as = �. The updating rules for the variables are: be approximately equal to H . The objective function in L L �L k
61 Eq. (7) can be reformulated as: Algorithm 1: Online Social Spammer Detection k+1 = Xk+1 Uk+1Hk+1 2 Input: X, Y, G, ↵,I J k � kF { } k+1 k+1 Output: U, H, W 2 1 Initialize U, H 0 +↵ ⇡(i)P(i, j) Hi Hj k �k k � k 2 Learning U , H 0 i=1 j=1 � X X 3 n k+1 while Not convergent and iter I do k+1 k+1 k+1 k+1 2 4 Update H (i, k + 1) = (X (i, j) (U H )(i, j)) � k+1T k+1 i=1 j=1 k+1 [U X ( ,k+1)](i,1) 5 H (i, k + 1) ⇤ X X [Uk+1T Uk+1Hk+1( ,k+1)](i,1) k+1 k+1 ⇤ k+1r 2 6 Update U (i, j) +↵ ⇡(i)P(i, j) Hi Hj k � k T i=1 j=1 k+1 [XkHk +C](i,j) 7 U (i, j) X X [Uk+1HkHkT +D](i,j) n k r (Xk(i, j) (Uk+1Hk)(i, j))2 8 iter = iter +1 ⇡ � i=1 j=1 T 1 X X 9 W =(HH )� HY n 10 return W + (Xk+1(i, k + 1) (Uk+1Hk+1)(i, k + 1))2 � i=1 X k k then updated with the updating rules until convergence or +↵ ⇡(i)P(i, j) H H 2 k i � jk reaching the number of maximum iterations from line 3 to i=1 j=1 X X 8. The classifier W is learned in line 9. k The updating rule in Eq. (8) is helpful in reducing the 2 k k +2↵ ⇡(k + 1)P(k +1,j) Hk+1 Hj , computational cost. Since X and H do not change k � k k k j=1 through the learning process, instead of storing X and H , X there are two benefits to store results of the matrix multi- and it can be further reformulated as: k kT k kT k plications X H and H H . First, the dimensions of k+1 2 2↵ ⇡(k +1)P(k +1,j) Hk+1 Hj the multiplications remain the same, thus the required stor- J ⇡ k � k j=1 age memory will be the same regardless the sizes of Xk and n P + (Xk+1(i, k +1) (Uk+1Hk+1)(i, k +1))2 + k, Hk. Second, the number of matrix multiplication is the main i=1 � J reason of the computational complexity of traditional NMF, whereP k is the objective function for k users defined in J and it will be significantly reduced through the process with Eq. (4). Following the updating rules introduced in (Se- the proposed online learning scheme. ung and Lee 2001), gradient descent optimization that yields In summary, we only update columns of the encoding ma- OSSD is performed. When a new data object arrives, the up- trix that correspond to the new data objects in Eq. (8), and dating rules for the variables are: the updating rule in Eq. (8) helps in reducing the compu- tational cost. Thus, the proposed online learning scheme [A](i, 1) Hk+1(i, k + 1) Hk+1(i, k + 1) , is more efficient. Comparing with traditional NMF with s [B](i, 1) time complexity O(nmr2), the overall time complexity of the proposed OSSD is O(nr2), which is independent of the m Uk+1(i, j) number of samples .
[XkHkT + C](i, j) Experiments Uk+1(i, j) , v k+1 k kT In this section, we conduct extensive experiments to evaluate u[U H H + D](i, j) u the effectiveness and efficiency of the proposed framework t where OSSD. Through the experiments, we aim to answer the fol- lowing two questions: k+1T k+1 A = U X ( ,k+ 1), 1. How effective is the proposed framework compared with T ⇤ B = Uk+1 Uk+1Hk+1( ,k+ 1), other methods of social spammer detection? ⇤ k+1 k+1T 2. How efficient is the proposed online learning framework C = X ( ,k+ 1)H (k +1, ), compared with other methods for modeling? ⇤ T ⇤ D = Uk+1Hk+1( ,k+ 1)Hk+1 (k +1, ). ⇤ ⇤ Datasets We present the algorithm of online social spammer detec- We now introduce two real-world Twitter datasets. tion in Algorithm 1. In the algorithm, we conduct initializa- TAMU Social Honeypots Dataset (TwitterT):1 This tion for the two matrices to be inferred in line 1. I is the dataset was originally collected from December 30, 2009 number of maximum iterations. The two matrices are firstly learned with the method we discussed in last section, and 1http://infolab.tamu.edu/data/
62 LS Content: the Least Squares (Lawson and Hanson Table 1: Statistics of the Datasets • 1995) is a widely used classification method in many ap- TwitterT TwitterS plications. We apply the Least Squares on the content # of Spammers 12,035 2,049 matrix X for spammer detection. # of Legitimate Users 10,912 11,085 LS Net: we apply the Least Squares on the adjacency ma- # of Tweets 2,530,516 380,799 • trix G of the social network for spammer detection. Min Degree of Users 3 3 Max Degree of Users 1,312 1,025 MLSI: this method considers both network and content • information for spammer detection. Multi-label informed latent semantic indexing (Yu et al. 2005; Zhu et al. 2012) to August 2, 2010 on Twitter and introduced in (Lee et al. is used to model the content information, and undirected 2011). It consists of Twitter users with identity labels: spam- graph Laplacian (Chung 1997) is used to incorporate the mers and legitimate users. The dataset contains users, their network information. number of followers and tweets. We filtered the non-English BSSD: this is a variant of our proposed method. Instead of tweets and users with less than two tweets or two social con- • online learning, we use batch-mode learning to build the nections. The corpus used in our study consists of 12,035 model based on the training data at one time. spammers and 10,912 legitimate users. OSSD: our proposed online learning method. Twitter Suspended Spammers Dataset (TwitterS): Fol- • lowing the data crawling process used in (Yang et al. 2011; Among the five methods, the first four are based on batch- Zhu et al. 2012), we crawled this Twitter dataset from July to mode learning and the last one is designed using online September 2012 via the Twitter Search API. The users that learning. The experimental results of the methods are sum- were suspended by Twitter during this period are considered marized in Table 2 and 3. In the experiments, five-fold as the gold standard (Thomas et al. 2011) of spammers in the cross-validation is used for all the methods. To study the experiment. We then randomly sampled the legitimate users effects brought by different sizes of training data, we varies from a publicly available Twitter dataset provided by TREC the training data from 10% to 100%. In particular, for each 2011.2 According to literature (Lee et al. 2010) of spammer round of the experiment, 20% of the dataset is held for test- detection, the two classes are imbalanced, i.e., the number ing and 10% to 100% of the original training data is sampled of legitimate users is much greater than that of spammers for training. For example, “50%” indicates that we use 50% in the dataset. We filtered the non-English tweets and users of the 80%, thus using 40% of the whole dataset for train- with less than two tweets or two social connections. ing. For OSSD, the online learning updates a basic model The statistics of the two datasets are presented in Table 1. that is built based on 50% of the training data in each round. In the table, “gain” represents the percentage improvement Experimental Setup of the methods in comparison with the first baseline method LS Content. In the experiment, each result denotes an av- We conduct two sets of experiments for evaluation. In the erage of 10 test runs. By comparing the results of different first set of experiments, we follow standard experiment set- methods on the two datasets, we draw the following obser- tings used in (Benevenuto et al. 2010; Zhu et al. 2012) vations: to evaluate the performance of spammer detection meth- (1) From the results in the tables, we can observe that our ods. In particular, we apply different methods on the Twitter proposed methods BSSD and OSSD consistently outperform datasets, and F -measure is used as the performance metric. 1 other baseline methods on both datasets with different sizes In the second set of experiments, we compare efficiency of of training data. Our spammer detection methods achieves the proposed online learning scheme and batch-mode learn- better results than the state-of-the-art method MLSI on both ing algorithms. Execution time is used as the performance datasets. We apply two-sample one-tail t-tests to compare metric. A standard procedure for data preprocessing is used BSSD and OSSD with the three baseline methods. The ex- in our experiments. We remove stop-words and perform periment results demonstrate that the proposed models per- stemming for all the tweets. The unigram model is em- form significantly better (with significance level ↵ =0.01) ployed to construct the feature space, tf-idf is used as the than the three baseline methods. feature weight. One positive parameters ↵ is involved in the experiments. ↵ is to control the contribution of social net- (2) The last three methods achieve better results than the work information. As a common practice, all the parameters first two methods that are based on only one type of informa- can be tuned via cross-validation with validation data. In the tion. The network-based method LS Net achieves the worst experiments, we empirically set ↵ =0.1 for experiments. performance among all the methods. This demonstrates that the integration of both content and network information is helpful for effective social spammer detection. Effectiveness Evaluation (3) The last two methods, OSSD and BSSD, achieve com- To answer the first question asked in the beginning of this parably good performance on both datasets with different section, we compare the proposed framework with following sizes of training data. This shows that, comparing with baseline methods for social spammer detection. batch-mode learning method, our proposed online learning scheme does not bring in any negative effects to the accuracy 2http://trec.nist.gov/data/tweets/ of social spammer detection.
63 Table 2: Social Spammer Detection Results on TwitterT Dataset 10% (gain) 25% (gain) 50% (gain) 100% (gain) LS Content 0.803 (N.A.) 0.829 (N.A.) 0.838 (N.A.) 0.854 (N.A.) LS Net 0.625 (-22.17%) 0.640 (-22.80%) 0.609 (-27.33%) 0.611 (-28.45%) MLSI 0.865 (+7.72%) 0.882 (+6.39%) 0.873 (+4.18%) 0.896 (+4.92%) BSSD 0.878 (+9.34%) 0.901 (+8.69%) 0.909 (+8.47%) 0.921 (+7.85%) OSSD 0.870 (+8.34%) 0.905 (+9.17%) 0.907 (+8.23%) 0.918 (+7.49%)
Table 3: Social Spammer Detection Results on TwitterS Dataset 10% (gain) 25% (gain) 50% (gain) 100% (gain) LS Content 0.775 (N.A.) 0.801 (N.A.) 0.811 (N.A.) 0.829 (N.A.) LS Net 0.603 (-22.19%) 0.610 (-23.85%) 0.612 (-24.54%) 0.597 (-27.99%) MLSI 0.838 (+8.13%) 0.851 (+6.24%) 0.859 (+5.92%) 0.879 (+6.03%) BSSD 0.849 (+9.55%) 0.863 (+7.74%) 0.871 (+7.40%) 0.908 (+9.53%) OSSD 0.843 (+8.77%) 0.865 (+7.99%) 0.873 (+7.64%) 0.906 (+9.29%)
5 10 BSSD the batch-mode learning method. In many situations, espe- OSSD cially when the training sample size is large, the differences
4 10 in performance are significant between online learning and batch-mode learning method. Similar results have been ob-
3 served on the TwitterS dataset; we omit the results owing 10 to lack of space. In summary, the observations answer the second question that, comparing with other methods, online 2 10 learning is efficient for social spammer detection. Time (in seconds)
1 10 Conclusion and Future Work Social spammers are sophisticated and adaptable to game
0 10 the system by continually change their content and network 4 101 102 103 10 Training Sample Size patterns. To handle fast evolving social spammers, we pro- posed to use online learning to efficiently reflect the newly emerging patterns. In this paper, we develop a general so- Figure 1: Efficiency Performance on TwitterT cial spammer detection framework with both content and network information, and provide its online learning updat- In summary, the superior performance of our proposed ing rules. In particular, we use directed graph Laplacian method answers the first question that, compared with other to model social network information, which is further in- methods, OSSD is effective in spammer detection. In ad- tegrated into a matrix factorization framework for content dition, the proposed online learning scheme can achieve information modeling. By investigating its online updat- comparable performance with batch-mode learning meth- ing scheme, we provide an efficient way for social spam- ods. Next, we evaluate efficiency of the proposed method. mer detection. Experimental results show that our proposed method is effective and efficient comparing with other social Efficiency Evaluation spammer detection methods. To answer the second question asked in the beginning of this This work suggests some interesting directions for future section, we compare the efficiency of batch-mode learning work. Besides network and content information, it would method BSSD with online learning based method OSSD. The be interesting to study more user profile patterns (Hu et al. experiments are run on a single-CPU, eight-core 3.40Ghz 2013a) such as gender, sentiment, location and political ori- machine. Experimental results of the two methods on Twit- entation of users for social spammer detection. In addition, terT dataset are plotted in Figure 1. in the figure, x axis the contribution of each data sample to the objective function represents the training sample size and y axis indicates the is considered equal in our work. We can further investigate execution time in seconds of the methods. The red curve measures of importance of data objects to improve perfor- shows the performance of BSSD and the blue dotted curve mance of the proposed online learning algorithm. depicts the performance of OSSD. From the figure, we observe that the online version of Acknowledgments our algorithm OSSD needs less running time than the batch- We truly thank the anonymous reviewers for their perti- mode learning algorithm BSSD. This demonstrates that, our nent comments. This work is, in part, supported by ONR proposed online learning based method is more efficient than (N000141410095) and ARO (#025071).
64 References Yu-Ru Lin, Hari Sundaram, Yun Chi, Junichi Tatemura, and F. Benevenuto, G. Magno, T. Rodrigues, and V. Almeida. Belle L Tseng. Splog detection using self-similarity analysis Detecting spammers on twitter. In Proceedings of CEAS, on blog temporal dynamics. In AirWeb, 2007. 2010. Omid Madani, Hung Hai Bui, and Eric Yeh. Efficient online L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your learning and prediction of users’ desktop actions. In IJCAI, contacts are belong to us: automated identity theft attacks 2009. on social networks. In Proceedings of WWW, 2009. Julien Mairal, Francis Bach, Jean Ponce, and Guillermo David M Blei, Andrew Y Ng, and Michael I Jordan. La- Sapiro. Online dictionary learning for sparse coding. In tent dirichlet allocation. the Journal of machine Learning Proceedings of ICML, 2009. research, 3:993–1022, 2003. Julien Mairal, Francis Bach, Jean Ponce, and Guillermo Serhat S Bucak and Bilge Gunsel. Incremental subspace Sapiro. Online learning for matrix factorization and sparse learning via non-negative matrix factorization. Pattern coding. The JMLR, 2010. Recognition, 42(5):788–797, 2009. D Seung and L Lee. Algorithms for non-negative matrix Zhengzhang Chen, Kevin A Wilson, Ye Jin, William Hen- factorization. NIPS, 2001. drix, and Nagiza F Samatova. Detecting and tracking com- Chenhao Tan, Lillian Lee, Jie Tang, Long Jiang, Ming Zhou, munity dynamics in evolutionary networks. In ICDMW, and Ping Li. User-level sentiment analysis incorporating so- pages 318–327, 2010. cial networks. In Proceedings of KDD, 2011. Zhengzhang Chen, William Hendrix, and Nagiza F Sama- Jiliang Tang, Huiji Gao, Xia Hu, and Huan Liu. Exploit- tova. Community-based anomaly detection in evolutionary ing homophily effect for trust prediction. In Proceedings of networks. JIIS, 2012. WSDM, 2013. F.R.K. Chung. Spectral graph theory. Number 92. Amer K. Thomas, C. Grier, D. Song, and V. Paxson. Suspended Mathematical Society, 1997. accounts in retrospect: An analysis of twitter spam. In Pro- F. Chung. Laplacians and the cheeger inequality for directed ceedings of ACM SIGCOMM conference on Internet mea- graphs. Annals of Combinatorics, 9(1):1–19, 2005. surement conference, 2011. S. Ghosh, B. Viswanath, F. Kooti, N.K. Sharma, G. Kor- Dong Wang, Ravichander Vipperla, Nicholas Evans, and lam, F. Benevenuto, N. Ganguly, and K.P. Gummadi. Un- Thomas Fang Zheng. Online non-negative convolutive pat- derstanding and combating link farming in the twitter social tern learning for speech signals. 2013. network. In Proceedings of WWW, 2012. S. Webb, J. Caverlee, and C. Pu. Social honeypots: Making Quanquan Gu, Jie Zhou, and Chris HQ Ding. Collaborative friends with a spammer near you. In Proceedings of CEAS, filtering: Weighted nonnegative matrix factorization incor- 2008. porating user and item graphs. In SDM, pages 199–210, J. Weng, E.P. Lim, J. Jiang, and Q. He. Twitterrank: find- 2010. ing topic-sensitive influential twitterers. In Proceedings of Patrik O Hoyer. Non-negative matrix factorization with WSDM, 2010. sparseness constraints. The Journal of Machine Learning Haiqin Yang, Zenglin Xu, Irwin King, and Michael R Lyu. Research, 5:1457–1469, 2004. Online learning for group lasso. In Proceedings of ICML, Xia Hu, Nan Sun, Chao Zhang, and Tat-Seng Chua. Ex- 2010. ploiting internal and external semantics for the clustering of Z. Yang, C. Wilson, X. Wang, T. Gao, B.Y. Zhao, and Y. Dai. short texts using world knowledge. In Proceedings of CIKM, Uncovering social network sybils in the wild. In Proceed- 2009. ings of IMC, 2011. Xia Hu, Jiliang Tang, Huiji Gao, and Huan Liu. Unsuper- K. Yu, S. Yu, and V. Tresp. Multi-label informed latent se- vised sentiment analysis with emotional signals. In Proceed- mantic indexing. In Proceedings of SIGIR, 2005. ings of WWW, 2013. D. Zhou, J. Huang, and B. Scholkopf.¨ Learning from labeled Xia Hu, Jiliang Tang, Yanchao Zhang, and Huan Liu. Social and unlabeled data on a directed graph. In Proceedings of spammer detection in microblogging. In IJCAI, 2013. ICML, 2005. C.L. Lawson and R.J. Hanson. Solving least squares prob- Y. Zhu, X. Wang, E. Zhong, N.N. Liu, H. Li, and Q. Yang. lems, volume 15. SIAM, 1995. Discovering spammers in social networks. In AAAI, 2012. Daniel D Lee and H Sebastian Seung. Learning the parts of objects by non-negative matrix factorization. Nature, 401(6755):788–791, 1999. Kyumin Lee, James Caverlee, and Steve Webb. Uncovering social spammers: social honeypots + machine learning. In Proceedings of SIGIR, 2010. Kyumin Lee, Brian David Eoff, and James Caverlee. Seven months with the devils: A long-term study of content pol- luters on twitter. In Proceedings of ICWSM, 2011.
65