Thursday 25 September 12:00 - 12:30, Red room.
Jonathan Oliver Trend Micro
Christopher Ke Deakin University
Paul Pajares Trend Micro
Chao Chen Deakin University
Yang Xiang Deakin University
In this paper, we examine Twitter in depth, including a study of 500,000,000 tweets from a two-week period to analyse how it is abused. Most Twitter abuse takes the form of tweets with links to malicious and spam websites.
These websites take many forms, including: spam websites; scam sites involved in compromising more Twitter accounts; phishing websites; and websites with malware or offering cracked versions of software. Many of the malicious tweets are sent from legitimate accounts that have been compromised, creating a range of problems for their owners.
The scale of the threat is significant. Previous research (notably '@spam', Grier 2010) indicates that using URL blacklists is ineffective in detecting threats. Our research shows otherwise - approximately five per cent of all tweets with links contained malicious and/or spam content.
We also applied graph algorithms to the Twitter data and were able to find various clusters of inter-related websites and accounts. We were able to identify specific spam tweet campaigns, as well as groups carrying out these campaigns.
The data from this analysis leads us to conclude that blacklisting, in conjunction with other analytical tools, is an effective tool for identifying malicious tweets.
Jonathan Oliver received his Ph.D. in computer science from Monash University, Australia. Prior to entering the computer security area, he performed postdoctoral research in Australia and the UK, and acted as a data-mining consultant in Silicon Valley. From 2002 to 2006, he led the anti-spam R&D at Mailfrontier, an anti-spam start-up. Since 2006, he has worked as a senior architect at Trend Micro, focusing on anti-spam and web reputation technologies.
Chao-Sheng Ke, also known as Christopher Ke, acquired his Master's degree in computer science from the National Chiao Tung University in Taiwan. He started working in the Internet security industry in 2004, focusing on email spam, and then moving to web threats from 2008. He is currently a web threat researcher at Deakin University, responsible for bridging the gap between resources in the academic and industrial worlds. His position is based in the ARC Linkage Project, supported by the Australian Research Council, Deakin University, Macquarie University and Trend Micro Inc.
Paul Pajares received his B.S. in information technology from the Polytechnic University of the Philippines. He has been working for Trend Micro as a web threat researcher for four years. He is a regular contributor to the Security Intelligence blog.
Chao Chen received a Bachelor of Information Technology degree with 1st class honours from Deakin University, Australia in 2012. He is currently a Ph.D. candidate at the School of Information Technology, Deakin University. His research interests include network security and social network security.
Professor Yang Xiang received his Ph.D. in computer science from Deakin University, Australia. He is currently a full professor at the School of Information Technology, Deakin University. He is the Director of the Network Security and Computing Lab (NSCLab) and the Associate Head of School (Industry Engagement). His research interests include network and system security, distributed systems, and networking. He has published more than 150 research papers in many international journals and conferences. He serves as the Associate Editor of IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, Security and Communication Networks (Wiley), and the Editor of Journal of Network and Computer Applications. He is the coordinator, Asia, for IEEE Computer Society Technical Committee on Distributed Processing (TCDP). He is a Senior Member of the IEEE.