Rule-Based On-the-fly Web Spambot Detection Using Action Strings

RULE-BASED ON-THE-FLY WEB SPAMBOT DETECTION USINGACTION STRINGSPedram Hayati (p.hayati@curtin.edu.au)Vidyasagar Potdar, Alex Talevski & William F. Smyth

What is Spam 2.02

Propagation of unsolicited, anonymous, mass content to infiltrate legitimate web 2.0 applications”

www.antispamresearchlab.com

How does Spam 2.0 work

Web Spambots (Spambot) A web crawler/tool that navigates the WWW with the

sole purpose of planting unsolicited content on external web 2.0 applications

How is Spam 2.0 currently managed

Flood control, Nonce, Hash-Cash, Email validation Completely Automated Public Turing test to tell

Computers and Human Apart (CAPTCHA)

Problem

CAPTCHA Decreases human users’ convenience Computers are getting more powerful to decipher it.

Content-Based solutions (Option Spam, Social Spam, Video Spam etc.) Focussed on one particular form of spam Do not come with satisfactory results.

Solution Idea

Main assumption: human web usage behaviour is intrinsically different from spambot behaviour.

Web usage data User click-stream Widely used Two additional attributes

Session ID Username

Solution: Action

Action Model web usage data into a behavioural model Set of user efforts to achieve certain purposes Suitable discriminative feature to model user behaviour Extendible to many other Web 2.0 platforms

Example Register a new user account action

1. User navigate to registration page2. User fill up registration form fields3. User click on submit button

Solution: Action String

Actions String Sequence of action in alphabetical format

Solution: Trie

A way to store and retrieve information Ease of updating and handling Shorter access time Removing redundancies form of a tree structure.

We construct actions strings using Trie data structure fast on-the-fly pattern matching

Solution: Framework

Performance Measurement

Matthews Correlation Coefficient (MCC) Best performance measurement methods of binary

classifications Considers true and false positives and returns a

value between -1 and +1.

Experiment

Data Set No publicly available collection Spambot data from our HoneySpam 2.0 project Human data from an active forum 16594 entries

11039 spambots records 5555 human records

Test Five random datasets (DS1 to DS5) 2/3 for building up Trie structure 1/3 for test

Experiment: On-The-Fly Detection

Simulate real world practices where user action strings grow over the time

System creates action strings as they happen. Make a window over test action strings

Run our classifier Increase the window’s size

Aim: identify spambot in the least amount of actions

A B C D E F G A B C D E F G

Experiment: Results

Window size ranges from 2 to 10 characters Threshold from -0.05 to 0.05

Experiment: Results

Experiment: Discussion

System can predict better as user uses the system over time.

Performance remains the same after some windows size Datasets are randomly selected Same happens for accuracy of results

Conclusion

Quite young area of research. Current work Focussed on one particular type of

spam. Our aim: detect web spambots as a source of spam

problems on the Web 2.0 platform. Based on web usage behaviour Formulated into Actions => Action String On-the-fly detection: using Trie

Result: average accuracy of 93%

THANK YOU!

Pedram Hayati (p.hayati@curtin.edu.au)Vidyasagar Potdar (v.potdar@curtin.edu.au)Alex Talevski (a.talevski@curtin.edu.au)William F. Smyth (smyth@mcmaster.ca)

http://www.antispamresearchlab.comhttp://debii.curtin.edu.auhttp://www.curtin.edu.au

Appendix: Related Works

Tan et al.: web robot navigational patterns such as session length and set of visited webpages is different from those of humans.

Park et al.: malicious web robot detection based on types of requests for web objects and existence of mouse/keyboard activity

Göbel et al. : interaction with spam botnet controllers. Yu et al. and Yiqun et al. : categorise spam webpages

from legitimate webpages by employing user web access logs

Appendix: Future Works

Compare different performance measurement techniques.

Develop adaptive solution Experiment on different platforms (e.g. datasets)

Rule-Based On-the-fly Web Spambot Detection Using Action Strings

Education

Transcript of Rule-Based On-the-fly Web Spambot Detection Using Action Strings

CS 1031 Strings in C++ The string Class Definition of Strings How to declare strings in C++: the string class Operations on strings –Concatenation, comparison.

Algorithms and Data Structures for Strings, Points and ... · Algorithms and Data Structures for Strings, Points and Integers or, Points about Strings and Strings about Points Vind,

easymusicnotes.com€¦ · Drums Melody Nylon Guitar Bass Electric Piano 1 3rd Strings Warm Pad Strings 2nd Strings

Structures of String Matching and Data Compression · strings are texts (strings of letters and punctuation marks), programs (strings of operations), and genetic data (strings of

ECS 15 Strings, input. Outline Strings, string operation Converting numbers to strings and strings to numbers Getting input Running programs by.

· Web viewof Strings, Hours String Methods, String Testing Methods, Formatting the Strings, Working with Characters, Sorting Strings, Searching in the Strings, Finding Number

1 Strings and String Operations What is a Strings? Internal Representation of Strings Getting Substrings from a String Concatenating Strings

Successful Ageing Seminar Cyber Communication · machines running worms, trojans, spam, SMTP mail relays bots (Spambot), DOS (denial of service) and other vulnerabilities. • Several

Fly Fly AwayA

Manipulating Strings. 2 Topics Manipulate strings Manipulate strings Parse strings Parse strings Compare strings Compare strings Handle form submissions.

Augustine guitar strings ACOUSTIC STRINGS ELECTRIC STRINGS · premium “Cristal” nylon strings in their Regal and Imperial series as well as “Paragon” carbon trebles to meet

Checkered Skipper. House Fly Crane Fly Syphrid Fly.

Fly, eagle, fly

Fly Robin Fly

Recursion(strings+arrays) - CSE Labs User Home Pages · C-Strings and strings Last lab, you basically worked with C-Strings (char arrays) You should end C-Strings with null character,

Maurice Jarre - Lara's Theme - easymusicnotes.com · DRUMS VIBES ACC.GUITAR BASS STRINGS PIANO/MELODY STRINGS 2 STRINGS 4 STRINGS 5 Maurice_Jarre_-_Lara's_Theme 3 3

ARM Assembler - rigwit.co.ukrigwit.co.uk/ARMBook/slides/slides07.pdfARM Assembler Strings Strings – p. 1/16. Characters or Strings

Mitch Leigh - Impossible Dream - Easy Music Notes · Melody / Harmonica 1st Strings / Syn strings 1 2nd Strings / Slow strings Bass / Acoustic bass Drums / Wire brush Piano / Rhodes

Strings - ecology labfaculty.cse.tamu.edu/slupoli/notes/C++/StringsINotes.d… · Web viewC Strings C/C++’s versions of Strings There are several types of strings that C++ uses:

Strings - homes.cs.washington.edu