DOCSLIB.ORG

Twarfing: Malicious Tweets Morton Swimmer Costin G

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Twarfing: Malicious Tweets Morton Swimmer Costin G Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level Twarfing: Malicious tweets Morton Swimmer Costin G. Raiu Trend Micro Kaspersky Lab June 10th, 2009 Virus Bulletin 2009 – SeptemberEvent details 24th (title,, Geneva place) Thanks to: • Special thanks (Costin): – Selma Ardelean: GUI+statistics – Dan Demeter: daemon , downloader , scanning – Alexandru Tudorica: DB design, URL fetching, expansion, scanning – Stefan Tanase – suggestions and web 2.0 expertise (you can watch his presentation tomorrow morning in the Corp stream) •Spp()ecial thanks (Morton) – Rainer Link (architecture) – David Sancho (URL expansion) June 10th, 2009 Event details (title, place) Overview • What is Twitter? • Malware on Twitter – Notable incidents • The link: Twitter and URL shortening services • Twitter and the Google SB API • RbtRobots: – Kaspersky Architecture and Statistics – Trend Architecture and Statistics • Conclusions June 10th, 2009 Event details (title, place) What is Twitter? • Publish/Subscribe Communications system • Founded by Jack Dorsey, Biz Stone and Evan Willia m s back in 2 006 • SMS/Website, WebService (API) • Subscribers can read from this Browser • Push App Phone • SSSMS: Phone • Pull • Web site: Browser • WS API: Application App Browser Phone • RSS: Application June 10th, 2009 Event details (title, place) Related to: • Instant Messaging/XMPP •Is manyyy to many, but best with small g gproups or one-to-one • Twitter similar, but publish/subscriber model more persistent • Twitter also has Direct Messages for IM capability • Internet Relay Chat (IRC) • Handles large groups fairly well • Twitter is manyyyy to many by default and scales pypretty well • But Twitter is proprietary • RSS feeds • One-to-many medium: li nk s f rom one source w/ o sel ecti on • In Twitter you follow who you like and read his selection of links • Tumblelogs • One-to-many medium, but not necessarily links from publisher • Link sharing, not messaging June 10th, 2009 Event details (title, place) Twitter internals • 140 chars max to be SMS compatible • SSMSMS hashas a 160160 ccharhar restrictionrestriction • But Twitter needed to add the user name • Message length has been hacked (fixed) • might cause BoFs in applications • Users not necessarily human! • Devices • From buoys to power meters • Search for Twitter on instructables .com • Not surprising that malware would use it, but • It's not the best means of C&C communications • Easily blocked after detection • … and twitter has been trigger ha ppy with blocking June 10th, 2009 Event details (title, place) Twitter internals • Historically • Multiple Ruby on Rails servers • Mongrel HTTP servers • Central MySQL backed • Currently: details super-secret, but this is what we think • Front end • Ruby-based front end • Mongrel HTTP servers • Back end • Starling for queuing/messaging • Scala-based • MySQL • denormalized data whenever possible • Only for backup and persistance • Lots of caching (memcached) June 10th, 2009 Event details (title, place) Stats (June 2009) Probably old already, but here they are: • 25M users • 475K diff eren t users pos te d over a 1 wee k per io d (Whitetwarf) • 300 tweets/sec • MySQL handles 2400 reqs per second • API traffic == 10x website traffic! • Indicates that far more people are using applications • TweetDeck, Twitteriffic , Digsby , Twhirl • Many are Adobe Air based (!) • One key to Twitter 's success! June 10th, 2009 Event details (title, place) But what is ON Twitter? • SAtiSan Antonio-bdbased mar ktket researc hfiPAltih firm Pear Analytics analyzed 2,000 tweets (originating from the US and in Engg)lish) over a 2-week ppp()eriod from 11:00a to 5:00p (CST) and separated them into six categories: –News – Spam – Self-promotion – Pointless babble – Conversational – Pass-along value • 40.55% of Tweets were determined to be “pointless babble” * Paper available at http://is.gd/3xmPz June 10th, 2009 Event details (title, place) And what is inside a Tweet? • RT passes the note along • L tells friends where I am • # SifuMoraga: ppggresenting together with – show associations @craiu at #vb2009 L: Geneva – show ggproup associations schouw:RT: RT @SifuMoraga: presenting – just for tagging together with @craiu at #vb2009 L: Geneva • @ – for public discussion – also 'follow friday' • links – URLs automatically identified June 10th, 2009 Event details (title, place) Long URLs, short URLs • URLs can be long and ugly • URL s hor ten ing serv ices have grown up around Twitter – longur l.org coun ts 208 differen t ones • Malicious URLs are one potential threat • URL Shorteners – obscure the true URL – May become malicious – RickRolling, but maliciously • Benefits: – ‘bit .ly ’ b loc k s m ali ci ous URL s June 10th, 2009 Event details (title, place) Most popular URL shortening services % 80 70 60 50 40 30 shortener on Twitter De 20 since Mayf ault2009 URL 10 0 bit.ly June 10 th , 2009 tinyurl.com myloc.me ow.ly is.gd cli.gs twurl.nl migre.me tr.im Event details (title, place)tiny.cc Malware on Twitter August 2008 June 10th, 2009 Event details (title, place) Notable incidents • April 2009 – Twitter gets hit by XSS worm • MltilMultiple var ian tsof the worm (JS. Twe ttir.a-h) were id entifi e d • Thousands of spam messages containing the word "Mikeyy“ filled the timeline • Proof of concept – no malicious intent • Later, the author (Mikey Mooney) got a job at exqSoft Solutions, a web security company June 10th, 2009 Event details (title, place) Notable incidents • June 2009 – Trending topics start being exploited June 10th, 2009 Event details (title, place) Notable incidents • June 2009 – Koobface spreading through Twitter • Originally, Koobface was only targeting Facebook and MySpace users • Constantly “improved”, now spreading through more social networks: Facebook, MySpace, Hi5, Bebo, Tagged, Netlog and most recently… Twitter June 10th, 2009 Event details (title, place) Notable incidents • August 6, 2009 – massive DDoS attack against Twitter (and others) • Twitter knocked offline for several hours, API problems lasted for days • Reason: to silence a relatively unimportant blogger in Georgia (really?) June 10th, 2009 Event details (title, place) Twitter and Google SB API • Google Safe Browsing API – malicious websites blacklist • Used (at least) in Firefox and Chrome • Basically: two lists of MD5’s • A hash is computed on various parts of the URL and checked against the lists • http://a.b.c.d/1.htm -> a.b.c.d -> b.c.d -> c.d -> a.b.c.d/1.htm?p=1 June 10th, 2009 Event details (title, place) Google SB API •In Augg,ust 2009, Twitter began filtering malicious URLs – Mikko Hypponen: • Initial testing seemed to indicate Google SB API! • But after a bit more testing, w e discov ered it is SB API but with some additional filtering June 10th, 2009 Event details (title, place) A bit about ‘bit.ly’ / ‘j.mp’ • Originally, Twitter used ‘tinyurl.com’ to shorten URLs. Around May 2009 it h owever d ecid ed t o sil en ty rep lace it w ith ‘bit. ly ’, a service from ‘Betaworks’, a startup accelerator Q: How can I be sure a bit.ly link is safe to click on? A: Bit.ly filters all links through several independent services to check for spp,am, susp ected p hishin g scams , malware , and other ob jectionable content. We currently include Google Safe Browsing, SURBL, and SpamCop in our operations. For Firefox browser users, we also have a Preview Plugin that allows you to view more information about a link before clicking. If you are a Twitter user, similar preview features are offered by Tweetdeck (we’ve got a writeup of how it works here). Source: http://bit.ly/pages/faq/ June 10th, 2009 Event details (title, place) Our Robot(s) – Krab Krawler June 10th, 2009 Event details (title, place) Kaspersky Robot • Codenamed: Krab Krawler • Specs: Linux + PHP + MySQL • Operation: It continuously fetches the Twitter public timeline on multiple threads, extracts URLs and injects them into a DB • Target: URLs are analysed and expanded if necessary • Execution: Modules check the URLs for malware • Design: Costin G. Raiu, Stefan Tanase • Assembly: Selma Ardelean, Dan Demeter, Alexandru Tudorica June 10th, 2009 Event details (title, place) Krab Krawler: Architecture June 10th, 2009 Event details (title, place) New unique URLs per day 500,000 450 000 400,000,000 350,000 300,000 250,000 200,000 150,000 100,000 50,000 0 June 10 9/12/2009 th , 2009 9/13/2009 9/14/2009 9/15/2009 9/16/2009 9/17/2009 9/18/2009 9/19/2009 9/20/2009 Event details (title,9/2 place)1/2009 Malware we found so far 0 5 10 15 20 25 30 % Trojan-Clicker.HTML.IFrame.ob Trojan-Clicker.JS.Agent.gr Trojan-Downloader.JS.Gumblar.a Trojan-Downloader.VBS.Psyme.gf Trojan-Downloader.JS.Iframe.atl Hoax.HTM L.BadJoke.Agent.c Trojan-Clicker.JS.Agent.hz Trojan-Clicker.HTML.IFrame.aem Trojan-Downloader.HTML.FraudLoad.a Trojan.JS.Agent.wh Others June 10th, 2009 Event details (title, place) General stats • URL duplication: 1 URL is posted in average 1.59 times • Twitter posts with URLs: ~26% • Down loa de d o bjec ts: ~ 60GB per mon th • The most popular single URL posted to Twitter: – http://tinyurl. com/nxsavh – http://getiton.com/go/g1108066-pct June 10th, 2009 Event details (title, place) Our Robot(s) – Red Twarf June 10th, 2009 Event details (title, place) Whitetwarf • An earlyyp protot ype s ystem • Receives a subset of the tweets via twitter search • Stores external metadata from twitter • Processes text part for internal metadata – User references, hashtags, Informal tags • Creates canonical text representations
Load more

Recommended publications
  • Whisperkey: Creating a User-Friendly URL Shortener
    WhisperKey: Creating a User-Friendly URL Shortener Eunice Lin, Flora Tan, Linda Wang May 12, 2016 Abstract of links. Unlike other popular URL shorteners such as Tinyurl or Bitly that map the original URL to a URL shorteners convert long, unwieldy URLs into random string of letters and numbers, ShoutKey was shorter ones and redirect all requests to the short- designed to be user-friendly by using keys that are ened URL to the original website. In this project, standard English words that are easily pronounced we investigate the security flaws of ShoutKey, an or spelled. This makes it easy for users to share easy-to-use temporary URL shortener that maps a link to those in close proximity, for example, by simple dictionary words to a given URL of interest. verbally telling the key to a friend across the room or writing it on a whiteboard at the front of class. We first conduct a security analysis of the vulnera- Anyone who goes to the ShoutKey link can access bilities encompassed by Shoutkey. Then, we conduct the corresponding URL. a standard dictionary attack to access private URLs, storing the successful dictionary words in a separate database to conduct a second, more optimized dic- tionary attack, and analyzing the successful redirects to determine if there is any leakage of private user data. Finally, we propose a more secure implementa- tion of ShoutKey called WhisperKey and empirically analyze how WhisperKey is designed to be less prone to security attacks than ShoutKey is. 1 Introduction 1.1 URL Shorteners Figure 1: A ShoutKey with "laugh" as its key.
    [Show full text]
  • Phishing Detection Using Machine Learning
    Phishing detection using machine learning MSc Research Project MSc Cyber Security Suraj Wandhare Student ID: 18157432 School of Computing National College of Ireland Supervisor: Ben Fletcher www.ncirl.ie National College of Ireland Project Submission Sheet School of Computing Student Name: Suraj Wandhare Student ID: 18157432 Programme: MSc Cyber Security Year: 2019 Module: MSc Research Project Supervisor: Ben Fletcher Submission Due Date: 03/02/2020 Project Title: Phishing detection using machine learning Word Count: 3500 Page Count: 11 I hereby certify that the information contained in this (my submission) is information pertaining to research I conducted for this project. All information other than my own contribution will be fully referenced and listed in the relevant bibliography section at the rear of the project. ALL internet material must be referenced in the bibliography section. Students are required to use the Referencing Standard specified in the report template. To use other author's written or electronic work is illegal (plagiarism) and may result in disciplinary action. I agree to an electronic copy of my thesis being made publicly available on NORMA the National College of Ireland's Institutional Repository for consultation. Signature: Date: 3rd February 2020 PLEASE READ THE FOLLOWING INSTRUCTIONS AND CHECKLIST: Attach a completed copy of this sheet to each project (including multiple copies). Attach a Moodle submission receipt of the online project submission, to each project (including multiple copies). You must ensure that you retain a HARD COPY of the project, both for your own reference and in case a project is lost or mislaid. It is not sufficient to keep a copy on computer.
    [Show full text]
  • Longitudinal Study of Links, Linkshorteners, and Bitly Usage on Twitter Longitudinella Mätningar Av Länkar, Länkförkortare Och Bitly An- Vänding På Twitter
    Linköping University | Department of Computer and Information Science Bachelor’s thesis, 16 ECTS | Link Usage 2020 | LIU-IDA/LITH-EX-G--20/001--SE Longitudinal study of links, linkshorteners, and Bitly usage on Twitter Longitudinella mätningar av länkar, länkförkortare och Bitly an- vänding på Twitter Mathilda Moström Alexander Edberg Supervisor : Niklas Carlsson Examiner : Marcus Bendtsen Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publicer- ingsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka ko- pior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervis- ning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säker- heten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för upphovsman- nens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida http://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances. The online availability of the document implies permanent permission for anyone to read, to down- load, or to print out single copies for his/hers own use and to use it unchanged for non-commercial research and educational purpose.
    [Show full text]
  • JETIR Research Journal
    © 2018 JETIR April 2018, Volume 5, Issue 4 www.jetir.org (ISSN-2349-5162) Comparative Analysis of Malicious Detection of Short URLs from Tweets 1Tareek Pattewar, 2Manish Wagh, 3Umesh Bisnariya, 4Lomesh Patil 1Assistant Professor, 2 3 4 Students Department of Information Technology R C Patel Institute of Technology, Shirpur Dist. Dhule-425405 Maharashtra, India Abstract : Online Social Networks (OSNs) have become fundamental parts of our online lives, and their popularity is increasing at a surprising rate every day. Growing popularity of Twitter has attracted the attention of attackers who attempt to manipulate the features provided by Twitter to gain some advantage, such as driving Twitter users to other websites that they post as short URLs (Uniform Resource Locators) in their tweets. Even short URLs are also used to avoid sharing overly long URLs and save limited text space in tweets. Significant numbers of URLs shared in the OSNs are shortened URLs. Despite of its potential benefits from genuine usage, attackers use shortened URLs to hide the malicious URLs, which direct users to malicious pages. Although, OSN service providers and URL shortening services utilize certain detection mechanisms to prevent malicious URLs from being shortened, research has found that they fail to do so effectively. In this paper, we developed mechanism to develop a machine learning classifier which detect malicious short URLs. And comparative analysis of detection rate with various classification algorithm, and but also with online detection on Virus Total. Index Terms - Online Social Networks, twitter, short URLs, malicious URLs, machine Learning, classification ________________________________________________________________________________________________________ I. INTRODUCTION In the age of web 2.0, information is contained in the form of webpages and shared via Online Social Networks (OSNs), emails, messages, and texts.
    [Show full text]
  • Using URL Shorteners to Compare Phishing and Malware Attacks
    Using URL Shorteners to Compare Phishing and Malware Attacks Sophie Le Page Guy-Vincent Jourdan Gregor v. Bochmann University of Ottawa University of Ottawa University of Ottawa [email protected] [email protected] [email protected] Jason Flood Iosif-Viorel Onut CTO Security Data Matrices IBM Centre for Advanced Studies fl[email protected] [email protected] Abstract—In this work we use URL shortener click analytics to providers such as bit.ly1 or goo.gl2, allow viewing in real time compare the life cycle of phishing and malware attacks. We have the click traffic of a given short URL, including referrers and collected over 7,000 malicious short URLs categorized as phishing countries referring it. or malware for the 2 year period covering 2016 and 2017, along with their reported date. We analyze the short URLs and find Unfortunately attackers abuse URL shortening services, that phishing attacks are most active 4 hours before the reported perhaps to mask the final destination where the victim will date, while malware attacks are most active 4 days before the land after clicking on the malicious link. In our research we reported date. We find that phishing attacks have higher click make use of the Bitly URL shortening service, reportedly the through rate with shorter timespan. Conversely malware attacks most popular service [1], [2], to analyze clicks for phishing and have lower click through rate with longer timespan. We also show the comparisons of referrers and countries from which malware attacks. By phishing attacks we mean websites that short URLs are accessed, showing in particular an increased trick a user into providing personal or financial information by use of social media to spread both kinds of attacks.
    [Show full text]
  • Dead.Drop: URL-Based Stealthy Messaging
    dead.drop: URL-based Stealthy Messaging Georgios Kontaxis∗, Iasonas Polakis†, Michalis Polychronakis∗ and Evangelos P. Markatos† ∗Computer Science Department, Columbia University, USA {kontaxis, mikepo}@cs.columbia.edu †Institute of Computer Science, Foundation for Research and Technology – Hellas, Greece {polakis, markatos}@ics.forth.gr Abstract—In this paper we propose the use of URLs as straightforward approach is limited in terms of the amount a covert channel to relay information between two or more of data that can be encoded in each URL, due to the need parties. We render our technique practical, in terms of band- of blending in with the population of actual URLs. We width, by employing URL-shortening services to form URL chains of hidden information. We discuss the security aspects overcome such restrictions by employing URL-shortening of this technique and present proof-of-concept implementation services to form URL chains of hidden information. Multiple details along with measurements that prove the feasibility of long, information-carrying URL look-alikes are arranged our approach. and digested in reverse order, and each resulting short URL is appended to the next long URL before it is shortened. I. INTRODUCTION In the end, each short URL unwraps into an information- The Internet’s public character mandates the need for carrying long URL which contains the pointer to the next confidential communications in respect to users’ right to short URL, thereby forming a chained sequence of messages. privacy. Cryptography may not always suffice on its own, We discuss the security of our approach and present the as a user can be forced to surrender the key upon discovery details of our proof-of-concept implementation, along with of an encrypted message [1].
    [Show full text]
  • Detecting Spam Classification on Twitter Using URL Analysis, Natural Language Processing and Machine Learning
    International Journal of Innovative and Emerging Research in Engineering Volume 3, Special Issue 1, ICSTSD 2016 Detecting Spam Classification on Twitter Using URL Analysis, Natural Language Processing and Machine Learning Ms Priyanka Chorey Ms. Sonika A. Chorey P.R.M.I.T.&R. Badnera, Amravati India P.R.M.I.T.& R. Badnera, Amravati, India [email protected] [email protected] Ms.Prof R.N.Sawade Ms.P.V.Mamanka P.R.M.I.T.&R. Badnera, Amravati India P.R.M.I.T.& R. Badnera, Amravati, India [email protected] [email protected] Abstract- In the present day world, people are so much downloading of malwares. Malware’s are malicious habituated to Social Networks. Because of this, it is very easy to software spread spam contents through them. One can access the details of any person very easily through these sites. No one is safe inside the social media. In this paper we are proposing an application which 2) Phishers: These are account users who spread uses an integrated approach to the spam classification in Twitter. malicious URLs through their tweets. Legitimate users The integrated approach comprises the use of URL analysis, who click on these links end up in wrong websites. This natural language processing and supervised machine learning leads to the stealing of passwords, credit card information techniques. In short, this is a three step process. In this paper we and so on. consider the problem of detecting spammers on twitter. We construct a large labeled collection of users, manually classified into 3) Adult Content Propagators: These spammers spammers and non-spammers.
    [Show full text]
  • Longitudinal Measurements of Link Usage on Twitter Longitudinella Mätningar Av Länkanvändning På Twitter
    Linköping University | Department of Computer and Information Science Bachelor’s thesis, 16 ECTS | Link Usage 2019 | LIU-IDA/LITH-EX-G--19/036--SE Longitudinal measurements of link usage on Twitter Longitudinella mätningar av länkanvändning på Twitter Oscar Järpehult and Martin Lindblom Supervisor : Niklas Carlsson Examiner : Markus Bendtsen Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publicer- ingsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka ko- pior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervis- ning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säker- heten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för upphovsman- nens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida http://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances. The online availability of the document implies permanent permission for anyone to read, to down- load, or to print out single copies for his/hers own use and to use it unchanged for non-commercial research and educational purpose.
    [Show full text]
  • The Internet As Infrastructure
    c h a p t e r 5 the internet as infrastructure c h r i s t i a n s a n d v i g In October 2010 the international web development community was thrown into disarray when it suddenly appeared that millions of common websites across the world would be required to satisfy the decency standards of Sharia, the religious law of Islam. 1 To understand how this unlikely situation came about requires that we know about the infrastructure of the Internet; it is a story about the collision of what is ultimately a variety of seemingly unrelated actors and actions, and this instance is comprehensible only aft er assembling all of them. Beginning with this example, this chapter will argue for the value of investi- gating the details of Internet infrastructure as a method of studying the Internet and society more generally. It will argue for the study of Internet Infrastructure and also for the value of considering the Internet infrastructurally, as a system foundational to other activities. A n i n f r a s t r u c t u r e e x a m p l e : f r o m the GET method to a woman’s bare arms Th e fi rst factors in this particular story about Sharia and the Web are technical. Over fi ft een years earlier, web server programmers on the www-talk mailing list anticipated that the Web would become more than just static web pages: they proposed a method for adding the information required for interactive web applications to the right side of a web page’s address or URL (this was called the “GET” smethod; see Robinson and Coar 2004 :33) .
    [Show full text]
  • A First Look at Private Communications in Video Games Using Visual Features
    Proceedings on Privacy Enhancing Technologies ; 2021 (3):433–452 Abdul Wajid, Nasir Kamal, Muhammad Sharjeel, Raaez Muhammad Sheikh, Huzaifah Bin Wasim, Muhammad Hashir Ali, Wajahat Hussain, Syed Taha Ali*, and Latif Anjum A First Look at Private Communications in Video Games using Visual Features Abstract: Internet privacy is threatened by expand- 1 Introduction ing use of automated mass surveillance and censorship techniques. In this paper, we investigate the feasibility Over the last decade, the Internet has emerged as a crit- of using video games and virtual environments to evade ical enabler for journalism, political organization and automated detection, namely by manipulating elements grass-roots activism. This was most evident during the in the game environment to compose and share text Arab Spring, and recently in France, where citizens with other users. This technique exploits the fact that leveraged social media to organize large-scale protests text spotting in the wild is a challenging problem in [28]. Today major political figures actively maintain computer vision. To test our hypothesis, we compile a Twitter accounts, protests and demonstrations are rou- novel dataset of text generated in popular video games tinely organized using social media, and online grass- and analyze it using state-of-the-art text spotting tools. roots campaigns can influence real world change [89]. Detection rates are negligible in most cases. Retrain- Governments and organizations are consequently ing these classifiers specifically for game environments tightening their control on this medium. In 2019 Free- leads to dramatic improvements in some cases (ranging dom House marked the ninth consecutive year of decline from 6% to 65% in most instances) but overall effective- in Internet freedom [27].
    [Show full text]
  • Malicious URL Detection Using Machine Learning: a Survey
    Malicious URL Detection using Machine Learning: A Survey DOYEN SAHOO, School of Information Systems, Singapore Management University CHENGHAO LIU, School of Information Systems, Singapore Management University STEVEN C.H. HOI, School of Information Systems, Singapore Management University Salesforce Research Asia Malicious URL, a.k.a. malicious website, is a common and serious threat to cybersecurity. Malicious URLs host unsolicited content (spam, phishing, drive-by downloads, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information, and malware installation), and cause losses of billions of dollars every year. It is imperative to detect and act on such threats in a timely manner. Traditionally, this detection is done mostly through the usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have been explored with increasing attention in recent years. This article aims to provide a comprehensive survey and a structural understanding of Malicious URL Detection techniques using machine learning. We present the formal formulation of Malicious URL Detection as a machine learning task, and categorize and review the contributions of literature studies that addresses different dimensions of this problem (feature representation, algorithm design, etc.). Further, this article provides a timely and comprehensive survey for a range of different audiences, not only for machine learning researchers and engineers in academia, but also for professionals and practitioners in cybersecurity industry, to help them understand the state of the art and facilitate their own research and practical applications. We also discuss practical issues in system design, open research challenges, and point out important directions for future research.
    [Show full text]
  • A Review on Spam Classification of Twitter Data Using Text Mining and Content Filtering Sandeep Kumar Rawat Assistant Prof
    Volume 5, Issue 6, June 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Review on Spam Classification of Twitter Data Using Text Mining and Content Filtering Sandeep Kumar Rawat Assistant Prof. Saurabh Sharma M.Tech, Computer Science & Engineering, Computer Science & Engineering, Sri Sai University, Sri Sai University, Palampur, India Palampur, India Abstract— In todays world, people are so much inclined towards Social Networking due to which it has become easy to spread spam contents through them. One can have access to the details of any person easily through these social networking websites. No one is secure inside the social media sites. Social Networking sites are fast becoming popular in the recent years, among which Twitter is one of the fastest growing sites. It plays a double role of Online Social Networking and Micro Blogging. Spammers try to attack the twitter trending topics to harm the useful content. Social spamming is more successful as compared to the email spamming by using social relationship between the users. Spam detection is very important because Twitter is mainly used for the commercial advertisements. The spammers attack the private information of the user and also the reputation of the user is harmed. Spammers can be detected by using the content and user based attributes. Traditional classifiers are required for spam detection. Keywords— Twitter Spam Detection, Classification, Content based Detection. Natural language processing, tweets, machine learning, URLs. I. INTRODUCTION Social Networking is becoming more and more popular these days. It is a sort of platform through which people can share their ideas and thoughts.
    [Show full text]