An Unsupervised Approach to Detect Spam Campaigns that Use Botnets on Twitter

In recent years, Twitter has seen a proliferation of automated accounts or bots that send spam, offer clickbait, compromise security using malware, and attempt to skew public opinion. Previous research estimates that around 9% to 17% of Twitter accounts are bots contributing to between 16% to 56% of tweets on the medium. This paper introduces an unsupervised approach to detect Twitter spam campaigns in real-time. The bot groups we detect tweet duplicate content with shortened embedded URLs over extended periods of time. Our experiments with the detection protocol reveal that bots consistently account for 10% to 50% of tweets generated from 7 popular URL shortening services on Twitter. More importantly, we discover that bots using shortened URLs are connected to large scale spam campaigns that control thousands of domains. There appear to be two distinct mechanisms used to control bot groups and we investigate both in this paper. Our detection system runs 24/7 and actively collects bots involved in spam campaigns and adds them to an evolving database of malicious bots. We make our database of detected bots available for query through a REST API so others can filter tweets from malicious bots to get high quality Twitter datasets for analysis.