Abstract
Twitter has emerged as one of the most popular platforms to get updates on entertainment and current events. However, due to its 280-character restriction and automatic shortening of URLs, it is continuously targeted by cybercriminals to carry out drive-by download attacks, where a user’s system is infected by merely visiting a Web page. Popular events that attract a large number of users are used by cybercriminals to infect and propagate malware by using popular hashtags and creating misleading tweets to lure users to malicious Web pages. A drive-by download attack is carried out by obfuscating a malicious URL in an enticing tweet and used as clickbait to lure users to a malicious Web page. In this article, we answer the following two questions: Why are certain malicious tweets retweeted more than others? Do emotions reflecting in a tweet drive virality? We gathered tweets from seven different sporting events over 3 years and identified those tweets that were used to carry to out a drive-by download attack. From the malicious (N = 105, 642) and benign (N = 169, 178) data sample identified, we built models to predict information flow size and survival. We define size as the number of retweets of an original tweet, and survival as the duration of the original tweet’s presence in the study window. We selected the zero-truncated negative binomial (ZTNB) regression method for our analysis based on the distribution exhibited by our dependent size measure and the comparison of results with other predictive models. We used the Cox regression technique to model the survival of information flows as it estimates proportional hazard rates for independent measures. Our results show that both social and content factors are statistically significant for the size and survival of information flows for both malicious and benign tweets. In the benign data sample, positive emotions and positive sentiment reflected in the tweet significantly predict size and survival. In contrast, for the malicious data sample, negative emotions, especially fear, are associated with both size and survival of information flows.
- Mansour Ahmadi, Ashkan Sami, Hossein Rahimi, and Babak Yadegari. 2013. Malware detection by behavioural sequential patterns. Comput. Fraud Secur. 2013, 8 (2013), 11--19.Google Scholar
Cross Ref
- Per Kragh Andersen and Richard David Gill. 1982. Cox’s regression model for counting processes: A large sample study. Ann. Stat. (1982), 1100--1120.Google Scholar
- Lars Backstrom, Jon Kleinberg, Lillian Lee, and Cristian Danescu-Niculescu-Mizil. 2013. Characterizing and curating conversation threads: Expansion, focus, volume, re-entry. In Proceedings of the 6th ACM International Conference on Web Search and Data Mining. ACM, 13--22.Google Scholar
Digital Library
- Jonah Berger and Katherine L. Milkman. 2012. What makes online content viral? J. Market. Res. 49, 2 (2012), 192--205.Google Scholar
Cross Ref
- Jonah Berger and Katherine L. Milkman. 2013. Emotion and virality: What makes online content go viral? GfK Market. Intell. Rev. 5, 1 (2013), 18--23.Google Scholar
Cross Ref
- Pete Burnap, Matthew L. Williams, Luke Sloan, Omer Rana, William Housley, Adam Edwards, Vincent Knight, Rob Procter, and Alex Voss. 2014. Tweeting the terror: Modelling the social media reaction to the Woolwich terrorist attack. Soc. Netw. Anal. Min. 4, 1 (2014), 206.Google Scholar
Cross Ref
- R. Steenson and C. Seifert. 2017. Capture-HPC. Retrieved from https://projects.honeynet.org/capture-hpc.Google Scholar
- Jian Cao, Qiang Li, Yuede Ji, Yukun He, and Dong Guo. 2016. Detection of forwarding-based malicious URLs in online social networks. Int. J. Parallel Program. 44, 1 (2016), 163--180.Google Scholar
Digital Library
- Yijin Chen, Yuming Mao, Supeng Leng, Yunkai Wei, and Yuchen Chiang. 2017. Malware propagation analysis in message-recallable online social networks. In Proceedings of the IEEE 17th International Conference on Communication Technology (ICCT’17). IEEE, 1366--1371.Google Scholar
Cross Ref
- Shin-Ming Cheng, Weng Chon Ao, Pin-Yu Chen, and Kwang-Cheng Chen. 2011. On modeling malware propagation in generalized social networks. IEEE Commun. Lett. 15, 1 (2011), 25--27.Google Scholar
Cross Ref
- Aditya Chetan, Brihi Joshi, Hridoy Sankar Dutta, and Tanmoy Chakraborty. 2019. CoReRank: Ranking to detect users involved in blackmarket-based collusive retweeting activities. In Proceedings of the 12th ACM International Conference on Web Search and Data Mining. ACM, 330--338.Google Scholar
Digital Library
- Hridoy Sankar Dutta, Aditya Chetan, Brihi Joshi, and Tanmoy Chakraborty. 2018. Retweet us, we will retweet you: Spotting collusive retweeters involved in blackmarket services. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM’18). IEEE, 242--249.Google Scholar
Cross Ref
- Edgefluence. 2019. Like4Like—Get FREE real Instagram likes! Retrieved from https://like4like.com.Google Scholar
- Paul Ekman. 1992. An argument for basic emotions. Cogn. Emotion 6, 3–4 (1992), 169--200.Google Scholar
Cross Ref
- W. Fan and K. H. Yeung. 2011. Online social networks Paradise of computer viruses. Physica A: Stat. Mech. Appl. 390, 2 (2011), 189--197.Google Scholar
Cross Ref
- Chris Fleizach, Michael Liljenstam, Per Johansson, Geoffrey M. Voelker, and Andras Mehes. 2007. Can you infect me now?: Malware propagation in mobile phone networks. In Proceedings of the ACM Workshop on Recurring Malcode. ACM, 61--68.Google Scholar
Digital Library
- James H. Fowler and Nicholas A. Christakis. 2008. Dynamic spread of happiness in a large social network: Longitudinal analysis over 20 years in the Framingham Heart Study. Bmj 337 (2008), a2338.Google Scholar
Cross Ref
- Sheera Frenkel. 2017. Hackers hide cyber attacks in social media posts. N.Y. Times (May 2017). Retrieved from https://tinyurl.com/yy87rbgj.Google Scholar
- Ayalvadi Ganesh, Laurent Massoulié, and Don Towsley. 2005. The effect of network topology on the spread of epidemics. In Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, Vol. 2. IEEE, 1455--1466.Google Scholar
Cross Ref
- Alexandra Gibbs. 2015. Super Bowl XLIX smashes twitter records. CNBC (Feb. 2015). Retrieved from https://www.cnbc.com/2015/02/02/super-bowl-xlix-and-social-media-most-tweeted-nfl-game-ever.html.Google Scholar
- Nelson Granados. 2016. Super bowl underperforms in TV audience and social media chatter. Forbes (Feb. 2016). Retrieved from https://www.forbes.com/sites/nelsongranados/2016/02/09/super-bowl-underperforms-in-tv-audience-and-social-media-chatter/#2a7611a02be3.Google Scholar
- Shashank Gupta and Brij Bhooshan Gupta. 2017. Cross-site scripting (XSS) attacks and defense mechanisms: Classification and state-of-the-art. Int. J. Syst. Assur. Eng. Manage. 8, 1 (2017), 512--530.Google Scholar
Cross Ref
- Shiferaw Gurmu. 1991. Tests for detecting overdispersion in the positive poisson regression model. J. Bus. Econ. Stat. 9, 2 (1991), 215--222.Google Scholar
- Elaine Hatfield, John T. Cacioppo, and Richard L. Rapson. 1993. Emotional contagion. Curr. Direct. Psychol. Sci. 2, 3 (1993), 96--100.Google Scholar
Cross Ref
- Joseph M. Hilbe. 2011. Negative Binomial Regression. Cambridge University Press.Google Scholar
- Xia Hu, Jiliang Tang, Huiji Gao, and Huan Liu. 2014. Social spammer detection with sentiment information. In Proceedings of the IEEE International Conference on Data Mining (ICDM’14). IEEE, 180--189.Google Scholar
Digital Library
- Laurent Itti and Pierre Baldi. 2009. Bayesian surprise attracts human attention. Vision Res. 49, 10 (2009), 1295--1306.Google Scholar
Cross Ref
- Amir Javed, Pete Burnap, and Omer Rana. 2018. Prediction of drive-by download attacks on Twitter. Info. Process. Manage. (2018).Google Scholar
- Apalak Khatua and Aparup Khatua. 2017. Cricket world cup 2015: Predicting user’s orientation through mix tweets on twitter platform. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. ACM, 948--951.Google Scholar
Digital Library
- Ivana Kottasova. [n.d.]. Twitter reveals the top tweeted events of 2016—Dec. 6, 2016. Retrieved from http://money.cnn.com/2016/12/06/technology/twitter-top-events-hashtags-2016/index.html.Google Scholar
- Adam D. I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock. 2014. Experimental evidence of massive-scale emotional contagion through social networks. Proc. Natl. Acad. Sci. U.S.A. 111, 24 (2014), 8788–8790.Google Scholar
Cross Ref
- Brian Krebs. 2016. Ddos on dyn impacts twitter, spotify, reddit. Krebs Security (Oct. 2016).Google Scholar
- Sam Laird. 2015. The top 15 sporting events that blew up Twitter in 2015. Retrieved from http://mashable.com/2015/12/07/2015-top-sports-events-twitter/##7TVsYNhLQSqN.Google Scholar
- Sangho Lee and Jong Kim. 2013. Warningbird: A near real-time detection system for suspicious urls in twitter stream. IEEE Trans. Depend. Secure Comput. 10, 3 (2013), 183--195.Google Scholar
Digital Library
- Bo Liu, Wanlei Zhou, Longxiang Gao, HaiBo Zhou, Tom H. Luan, and Sheng Wen. 2016. Malware propagations in wireless ad hoc networks. IEEE Trans. Depend. Secure Comput. 1 (2016), 1--1.Google Scholar
- Liu Liu, Olivier De Vel, Qing-Long Han, Jun Zhang, and Yang Xiang. 2018. Detecting and preventing cyber insider threats: A survey. IEEE Commun. Surveys Tutor. 20, 2 (2018), 1397--1417.Google Scholar
Cross Ref
- J. Scott Long. 1997. Regression models for categorical and limited dependent variables (Vol. 7). Adv. Quant. Techn. Soc. Sci. (1997), 219.Google Scholar
- D. Kevin McGrath and Minaxi Gupta. 2008. Behind phishing: An examination of phisher modi operandi. LEET 8 (2008), 4.Google Scholar
- Saif M. Mohammad and Peter D. Turney. 2013. Crowdsourcing a word–emotion association lexicon. Comput. Intell. 29, 3 (2013), 436--465.Google Scholar
Cross Ref
- Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Exploring multiple execution paths for malware analysis. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). IEEE, 231--245.Google Scholar
Digital Library
- Smita Naval, Vijay Laxmi, Muttukrishnan Rajarajan, Manoj Singh Gaur, and Mauro Conti. 2015. Employing program semantics for malware detection. IEEE Trans. Info. Forensics Secur. 10, 12 (2015), 2591--2604.Google Scholar
Digital Library
- Danny Palmer. 2016. Is your Android phone being controlled by a rogue Twitter account? Botnet is first to receive commands via tweets | ZDNet. Retrieved from https://tinyurl.com/y4wbmyor.Google Scholar
- Romualdo Pastor-Satorras and Alessandro Vespignani. 2001. Epidemic spreading in scale-free networks. Phys. Rev. Lett. 86, 14 (2001), 3200.Google Scholar
Cross Ref
- Robert Plutchik. 2003. Emotions and Life: Perspectives from Psychology, Biology, and Evolution.American Psychological Association.Google Scholar
- PorcelainSky LLC. 2019. Get Twitter Followers, YouTube Views, Subscribers—YouLikeHits. Retrieved from https://www.youlikehits.com.Google Scholar
- Mohammad Puttaroo, Peter Komisarczuk, and Renato Cordeiro de Amorim. 2014. Challenges in developing Capture-HPC exclusion lists. In Proceedings of the 7th International Conference on Security of Information and Networks. ACM, 334.Google Scholar
Digital Library
- Clément René. 2019. Instagram Engagement Report 2019: The more hashtags, the less engagement. Retrieved from https://mention.com/blog/hashtags-engagement-instagram.Google Scholar
- M. G. Roberts and J. A. P. Heesterbeek. 2003. Mathematical Models in Epidemiology. EOLSS.Google Scholar
- Joshua Roesslein. [n.d.]. Tweepy. Retrieved from http://www.tweepy.org/.Google Scholar
- Charlotte Rogers. 2016. Euro 2016 most tweeted TV of the year. Retrieved from https://www.marketingweek.com/2016/12/14/euros-tweeted-tv-2016.Google Scholar
- SANS Institue. 2017. 2017 Threat Landscape Survey: Users on the Front Line. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/2017-threat-landscape-survey-users-front-line-37910.Google Scholar
- Ameya Sanzgiri, Jacob Joyce, and Shambhu Upadhyaya. 2012. The early (tweet-ing) bird spreads the worm: An assessment of twitter for malware propagation. Procedia Comput. Sci. 10 (2012), 705--712.Google Scholar
- David Sayce. 2019. The Number of tweets per day in 2019. Retrieved from https://www.dsayce.com/social-media/tweets-day.Google Scholar
- Hua Shen, Fenglong Ma, Xianchao Zhang, Linlin Zong, Xinyue Liu, and Wenxin Liang. 2017. Discovering social spammers from multiple views. Neurocomputing 225 (2017), 49--57.Google Scholar
Digital Library
- smfrogers. 2019. Insights into the #WorldCup conversation on Twitter. Retrieved from https://blog.twitter.com/en_us/a/2014/insights-into-the-worldcup-conversation-on-twitter.html.Google Scholar
- Parinaz Sobhani, Saif Mohammad, and Svetlana Kiritchenko. 2016. Detecting stance in tweets and analyzing its interaction with sentiment. In Proceedings of the 5th Joint Conference on Lexical and Computational Semantics. 159--169.Google Scholar
Cross Ref
- Spotcal. 2019. Healthy TV audiences for final as 2015 Rugby World Cup hailed as “biggest and best” yet.Retrieved from https://www.sportcal.com/News/FeaturedNews/39963.Google Scholar
- CricketCountry Staff. 2015. ICC Cricket World Cup 2015: India-Pakistan a Twitter hit, 1.7 million tweets. Cricket Country. Retrieved from https://www.cricketcountry.com/criclife/icc-cricket-world-cup-2015-india-pakistan-a-twitter-hit-1-7-million-tweets-500296.Google Scholar
- Carlo Strapparava, Alessandro Valitutti, et al. 2004. Wordnet affect: An affective extension of wordnet. In Proceedings of the Language Resources and Evaluation Conference (LREC’04), Vol. 4. Citeseer, 1083--1086.Google Scholar
- Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2010. Detecting spammers on social networks. In Proceedings of the 26th Annual Computer Security Applications Conference. ACM, 1--9.Google Scholar
Digital Library
- Xin Sun, Yan-Heng Liu, Bin Li, Jin Li, Jia-Wei Han, and Xue-Jie Liu. 2012. Mathematical model for spreading dynamics of social network worms. J. Stat. Mech.: Theory Exper. 2012, 04 (2012), P04009.Google Scholar
Cross Ref
- Kurt Thomas, Chris Grier, Dawn Song, and Vern Paxson. 2011. Suspended accounts in retrospect: An analysis of twitter spam. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement. 243--258.Google Scholar
Digital Library
- Twitter. 2020. About unsafe links. Retrieved from https://help.twitter.com/en/safety-and-security/phishing-spam-and-malware-links.Google Scholar
- Soroush Vosoughi, Deb Roy, and Sinan Aral. 2018. The spread of true and false news online. Science 359, 6380 (2018), 1146--1151.Google Scholar
- Bo Wang, Arkaitz Zubiaga, Maria Liakata, and Rob Procter. 2015. Making the most of tweet-inherent features for social spam detection on Twitter. In Workshop on Making Sense of Microposts, Vol. 1395. 10–16.Google Scholar
- Tianbo Wang, Chunhe Xia, Zhong Li, Xiaochen Liu, and Yang Xiang. 2017. The spatial–temporal perspective: The study of the propagation of modern social worms. IEEE Trans. Info. Forensics Secur. 12, 11 (2017), 2558--2573.Google Scholar
Digital Library
- Xu Wang, Wei Ni, Kangfeng Zheng, Ren Ping Liu, and Xinxin Niu. 2016. Virus propagation modeling and convergence analysis in large-scale networks. IEEE Trans. Info. Forensics Secur. 11, 10 (2016), 2241--2254.Google Scholar
Digital Library
- Sheng Wen, Wei Zhou, Jun Zhang, Yang Xiang, Wanlei Zhou, Weijia Jia, and Cliff C. Zou. 2014. Modeling and analysis on the propagation dynamics of modern email malware. IEEE Trans. Depend. Secure Comput. 11, 4 (2014), 361--374.Google Scholar
Cross Ref
- Guanhua Yan, Guanling Chen, Stephan Eidenbenz, and Nan Li. 2011. Malware propagation in online social networks: Nature, dynamics, and defense implications. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. ACM, 196--206.Google Scholar
Digital Library
- Chao Yang, Robert Harkreader, and Guofei Gu. 2013. Empirical evaluation and new design for fighting evolving twitter spammers. IEEE Trans. Info. Forensics Secur. 8, 8 (2013), 1280--1293.Google Scholar
Digital Library
- Shui Yu, Guofei Gu, Ahmed Barnawi, Song Guo, and Ivan Stojmenovic. 2015. Malware propagation in large-scale networks. IEEE Trans. Knowl. Data Eng. 27, 1 (2015), 170--179.Google Scholar
- Cliff C. Zou, Weibo Gong, Don Towsley, and Lixin Gao. 2005. The monitoring and early detection of internet worms. IEEE/ACM Trans. Netw. 13, 5 (2005), 961--974.Google Scholar
Digital Library
Index Terms
Emotions Behind Drive-by Download Propagation on Twitter
Recommendations
Prediction of drive-by download attacks on Twitter
AbstractThe popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cybercriminals with an opportunity to obfuscate the URL of a malicious Web page ...
Preventing drive-by download via inter-module communication monitoring
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications SecurityDrive-by download attack is one of the most severe threats to Internet users. Typically, only visiting a malicious page will result in compromise of the client and infection of malware. By the end of 2008, drive-by download had already become the number ...
Lightweight Approach to Detect Drive-by Download Attacks Based on File Type Transition
CoNEXT Student Workshop '14: Proceedings of the 2014 CoNEXT on Student WorkshopA web-based attack, drive-by download attack, has been posing serious threats to Internet users. There are code analysis based methods and rule-based methods as countermeasures against drive-by download attacks. However, code analysis based methods ...






Comments