Issue No.03 - May-June (2013 vol.10)
Sangho Lee , Pohang University of Science and Technology (POSTECH), Pohang
Jong Kim , Pohang University of Science and Technology (POSTECH), Pohang
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.3
Twitter is prone to malicious tweets containing URLs for spam, phishing, and malware distribution. Conventional Twitter spam detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTML content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. In this paper, we propose WarningBird, a suspicious URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that our classifier accurately and efficiently detects suspicious URLs. We also present WarningBird as a near real-time system for classifying suspicious URLs in the Twitter stream.
Twitter, Feature extraction, Crawlers, Servers, IP networks, Browsers, Training, classification, Suspicious URL, twitter, URL redirection, conditional redirection
Sangho Lee, Jong Kim, "WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream", IEEE Transactions on Dependable and Secure Computing, vol.10, no. 3, pp. 183-195, May-June 2013, doi:10.1109/TDSC.2013.3