An Army of Me: Sockpuppets in Online Discussion Communities

In online discussion communities, users can interact and share information and opinions on a wide variety of topics. However, some users may create multiple identities, or sockpuppets, and engage in undesired behavior by deceiving others or manipulating discussions. In this work, we study sockpuppetry across nine discussion communities, and show that sockpuppets differ from ordinary users in terms of their posting behavior, linguistic traits, as well as social network structure. Sockpuppets tend to start fewer discussions, write shorter posts, use more personal pronouns such as "I", and have more clustered ego-networks. Further, pairs of sockpuppets controlled by the same individual are more likely to interact on the same discussion at the same time than pairs of ordinary users. Our analysis suggests a taxonomy of deceptive behavior in discussion communities. Pairs of sockpuppets can vary in their deceptiveness, i.e., whether they pretend to be different users, or their supportiveness, i.e., if they support arguments of other sockpuppets controlled by the same user. We apply these findings to a series of prediction tasks, notably, to identify whether a pair of accounts belongs to the same underlying user or not. Altogether, this work presents a data-driven view of deception in online discussion communities and paves the way towards the automatic detection of sockpuppets.Comment: 26th International World Wide Web conference 2017 (WWW 2017

Automated Detection of Sockpuppet Accounts in Wikipedia

Wikipedia is a free Internet-based encyclopedia that is built and maintained via the open-source collaboration of a community of volunteers. Wikipedia’s purpose is to benefit readers by acting as a widely accessible and free encyclopedia, a comprehensive written synopsis that contains information on all discovered branches of knowledge. The website has millions of pages that are maintained by thousands of volunteer editors. Unfortunately, given its open-editing format, Wikipedia is highly vulnerable to malicious activity, including vandalism, spam, undisclosed paid editing, etc. Malicious users often use sockpuppet accounts to circumvent a block or a ban imposed by Wikipedia administrators on the person’s original account. A sockpuppet is an “online identity used for the purpose of deception.” Usually, several sockpuppet accounts are controlled by a unique individual (or entity) called a puppetmaster. Currently, suspected sockpuppet accounts are manually verified by Wikipedia administrators, which makes the process slow and inefficient. The primary objective of this research is to develop an automated ML and neural-network-based system to recognize the patterns of sockpuppet accounts as early as possible and recommend suspension. We address the problem as a binary classification task and propose a set of new features to capture suspicious behavior that considers user activity and analyzes the contributed content. To comply with this work, we have focused on account-based and content-based features. Our solution was bifurcated into developing a strategy to automatically detect and categorize suspicious edits made by the same author from multiple accounts. We hypothesize that “you can hide behind the screen, but your personality can’t hide.” In addition to the above-mentioned method, we have also encountered the sequential nature of the work. Therefore, we have extended our analysis with a Long Short Term Memory (LSTM) model to track down the sequential pattern of users’ writing styles. Throughout the research, we strive to automate the sockpuppet account detection system and develop tools to help the Wikipedia administration maintain the quality of articles. We tested our system on a dataset we built containing 17K accounts validated as sockpuppets. Experimental results show that our approach achieves an F1 score of 0.82 and outperforms other systems proposed in the literature. We plan to deliver our research to the Wikipedia authorities to integrate it into their existing system

Seminar Users in the Arabic Twitter Sphere

We introduce the notion of "seminar users", who are social media users engaged in propaganda in support of a political entity. We develop a framework that can identify such users with 84.4% precision and 76.1% recall. While our dataset is from the Arab region, omitting language-specific features has only a minor impact on classification performance, and thus, our approach could work for detecting seminar users in other parts of the world and in other languages. We further explored a controversial political topic to observe the prevalence and potential potency of such users. In our case study, we found that 25% of the users engaged in the topic are in fact seminar users and their tweets make nearly a third of the on-topic tweets. Moreover, they are often successful in affecting mainstream discourse with coordinated hashtag campaigns.Comment: to appear in SocInfo 201

Characterization and Detection of Malicious Behavior on the Web

Web platforms enable unprecedented speed and ease in transmission of knowledge, and allow users to communicate and shape opinions. However, the safety, usability and reliability of these platforms is compromised by the prevalence of online malicious behavior -- for example 40% of users have experienced online harassment. This is present in the form of malicious users, such as trolls, sockpuppets and vandals, and misinformation, such as hoaxes and fraudulent reviews. This thesis presents research spanning two aspects of malicious behavior: characterization of their behavioral properties, and development of algorithms and models for detecting them. We characterize the behavior of malicious users and misinformation in terms of their activity, temporal frequency of actions, network connections to other entities, linguistic properties of how they write, and community feedback received from others. We find several striking characteristics of malicious behavior that are very distinct from those of benign behavior. For instance, we find that vandals and fraudulent reviewers are faster in their actions compared to benign editors and reviewers, respectively. Hoax articles are long pieces of plain text that are less coherent and created by more recent editors, compared to non-hoax articles. We find that sockpuppets are created that vary in their deceptiveness (i.e., whether they pretend to be different users) and their supportiveness (i.e., if they support arguments of other sockpuppets controlled by the same user). We create a suite of feature based and graph based algorithms to efficiently detect malicious from benign behavior. We first create the first vandal early warning system that accurately predicts vandals using very few edits. Next, based on the properties of Wikipedia articles, we develop a supervised machine learning classifier to predict whether an article is a hoax, and another that predicts whether a pair of accounts belongs to the same user, both with very high accuracy. We develop a graph-based decluttering algorithm that iteratively removes suspicious edges that malicious users use to masquerade as benign users, which outperforms existing graph algorithms to detect trolls. And finally, we develop an efficient graph-based algorithm to assess the fairness of all reviewers, reliability of all ratings, and goodness of all products, simultaneously, in a rating network, and incorporate penalties for suspicious behavior. Overall, in this thesis, we develop a suite of five models and algorithms to accurately identify and predict several distinct types of malicious behavior -- namely, vandals, hoaxes, sockpuppets, trolls and fraudulent reviewers -- in multiple web platforms. The analysis leading to the algorithms develops an interpretable understanding of malicious behavior on the web

Understanding the Impact of the Dark Web on Society: A Systematic Literature Review

The dark web is considered an expansion of the deep web, intentionally hidden from the surface web. It can only be accessed with a particular group of browsers that allow the user to stay anonymous while navigating the dark web. With the untraceable hidden layer of the Internet and the anonymity of the users associated with the dark web, several impressive cybercrimes have been reported. This paper aims to examine the impact of the dark web on society. The article systematically reviews relevant academic literature and books to understand how the dark web works and its societal effects. The study has found that the dark web is an enabler of several cybercrimes. Moreover, while governments and regulatory authorities have introduced strategic detection techniques on the dark web, cybercriminals are adaptive towards the strategies and, given time, will usually find ways to bypass such detection techniques. It is recommended that the regulatory authorities and cyber threat intelligence periodically review the detection techniques for effective monitoring. Furthermore, security agencies or forensic analysts should ensure that they are updated with the latest scientific knowledge on the safe management of the dark web by undertaking more training in cyber security. There is also a need for further research to focus on awareness campaigns about the dangers of the dark web

Advanced analytical methods for fraud detection: a systematic literature review

The developments of the digital era demand new ways of producing goods and rendering services. This fast-paced evolution in the companies implies a new approach from the auditors, who must keep up with the constant transformation. With the dynamic dimensions of data, it is important to seize the opportunity to add value to the companies. The need to apply more robust methods to detect fraud is evident. In this thesis the use of advanced analytical methods for fraud detection will be investigated, through the analysis of the existent literature on this topic. Both a systematic review of the literature and a bibliometric approach will be applied to the most appropriate database to measure the scientific production and current trends. This study intends to contribute to the academic research that have been conducted, in order to centralize the existing information on this topic

Network Propaganda

"Is social media destroying democracy? Are Russian propaganda or ""Fake news"" entrepreneurs on Facebook undermining our sense of a shared reality? A conventional wisdom has emerged since the election of Donald Trump in 2016 that new technologies and their manipulation by foreign actors played a decisive role in his victory and are responsible for the sense of a ""post-truth"" moment in which disinformation and propaganda thrives. Network Propaganda challenges that received wisdom through the most comprehensive study yet published on media coverage of American presidential politics from the start of the election cycle in April 2015 to the one year anniversary of the Trump presidency. Analysing millions of news stories together with Twitter and Facebook shares, broadcast television and YouTube, the book provides a comprehensive overview of the architecture of contemporary American political communications. Through data analysis and detailed qualitative case studies of coverage of immigration, Clinton scandals, and the Trump Russia investigation, the book finds that the right-wing media ecosystem operates fundamentally differently than the rest of the media environment. The authors argue that longstanding institutional, political, and cultural patterns in American politics interacted with technological change since the 1970s to create a propaganda feedback loop in American conservative media. This dynamic has marginalized centre-right media and politicians, radicalized the right wing ecosystem, and rendered it susceptible to propaganda efforts, foreign and domestic. For readers outside the United States, the book offers a new perspective and methods for diagnosing the sources of, and potential solutions for, the perceived global crisis of democratic politics.

Network Propaganda

"Is social media destroying democracy? Are Russian propaganda or ""Fake news"" entrepreneurs on Facebook undermining our sense of a shared reality? A conventional wisdom has emerged since the election of Donald Trump in 2016 that new technologies and their manipulation by foreign actors played a decisive role in his victory and are responsible for the sense of a ""post-truth"" moment in which disinformation and propaganda thrives. Network Propaganda challenges that received wisdom through the most comprehensive study yet published on media coverage of American presidential politics from the start of the election cycle in April 2015 to the one year anniversary of the Trump presidency. Analysing millions of news stories together with Twitter and Facebook shares, broadcast television and YouTube, the book provides a comprehensive overview of the architecture of contemporary American political communications. Through data analysis and detailed qualitative case studies of coverage of immigration, Clinton scandals, and the Trump Russia investigation, the book finds that the right-wing media ecosystem operates fundamentally differently than the rest of the media environment. The authors argue that longstanding institutional, political, and cultural patterns in American politics interacted with technological change since the 1970s to create a propaganda feedback loop in American conservative media. This dynamic has marginalized centre-right media and politicians, radicalized the right wing ecosystem, and rendered it susceptible to propaganda efforts, foreign and domestic. For readers outside the United States, the book offers a new perspective and methods for diagnosing the sources of, and potential solutions for, the perceived global crisis of democratic politics.