Full Text:   <469>

Suppl. Mater.: 

CLC number: TP39

On-line Access: 2024-03-25

Received: 2023-02-05

Revision Accepted: 2024-03-25

Crosschecked: 2023-06-09

Cited: 0

Clicked: 866

Citations:  Bibtex RefMan EndNote GB/T7714


Ping HE


Xuhong ZHANG


Changting LIN




Shouling JI


-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2024 Vol.25 No.3 P.415-431


Towards understanding bogus traffic service in online social networks

Author(s):  Ping HE, Xuhong ZHANG, Changting LIN, Ting WANG, Shouling JI

Affiliation(s):  College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China; more

Corresponding email(s):   sji@zju.edu.cn

Key Words:  Online social networks, Measurement, Bogus traffic, Black market

Ping HE, Xuhong ZHANG, Changting LIN, Ting WANG, Shouling JI. Towards understanding bogus traffic service in online social networks[J]. Frontiers of Information Technology & Electronic Engineering, 2024, 25(3): 415-431.

@article{title="Towards understanding bogus traffic service in online social networks",
author="Ping HE, Xuhong ZHANG, Changting LIN, Ting WANG, Shouling JI",
journal="Frontiers of Information Technology & Electronic Engineering",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Towards understanding bogus traffic service in online social networks
%A Ping HE
%A Xuhong ZHANG
%A Changting LIN
%A Ting WANG
%A Shouling JI
%J Frontiers of Information Technology & Electronic Engineering
%V 25
%N 3
%P 415-431
%@ 2095-9184
%D 2024
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.2300068

T1 - Towards understanding bogus traffic service in online social networks
A1 - Ping HE
A1 - Xuhong ZHANG
A1 - Changting LIN
A1 - Ting WANG
A1 - Shouling JI
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 25
IS - 3
SP - 415
EP - 431
%@ 2095-9184
Y1 - 2024
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.2300068

Critical functionality and huge influence of the hot trend/topic page (HTP) in microblogging sites have driven the creation of a new kind of underground service called the bogus traffic service (BTS). BTS provides a kind of illegal service which hijacks the HTP by pushing the controlled topics into it for malicious customers with the goal of guiding public opinions. To hijack HTP, the agents of BTS maintain an army of black-market accounts called bogus traffic accounts (BTAs) and control BTAs to generate a burst of fake traffic by massively retweeting the tweets containing the customer desired topic (hashtag). Although this service has been extensively exploited by malicious customers, little has been done to understand it. In this paper, we conduct a systematic measurement study of the BTS. We first investigate and collect 125 BTS agents from a variety of sources and set up a honey pot account to capture BTAs from these agents. We then build a BTA detector that detects 162 218 BTAs from Weibo, the largest Chinese microblogging site, with a precision of 94.5%. We further use them as a bridge to uncover 296 916 topics that might be involved in bogus traffic. Finally, we uncover the operating mechanism from the perspectives of the attack cycle and the attack entity. The highlights of our findings include the temporal attack patterns and intelligent evasion tactics of the BTAs. These findings bring BTS into the spotlight. Our work will help in understanding and ultimately eliminating this threat.


摘要:由于热门趋势/话题页在在线社交网络平台中的巨大影响力,一种名为社交网络虚假流量服务的新的灰黑色产业应运而生。社交网络虚假流量服务提供了一种恶意服务使得想引导舆论的恶意客户将其给定话题推送到社交网络热门趋势/话题页。为达成他们劫持社交网络热门趋势/话题页,这些服务的提供商维持着一支被称为"虚假流量账户"的恶意账户大军,他们控制这些账户,通过短时间内大量转发含有客户所需话题(标签)的推文产生大量虚假流量。尽管这项服务已经广泛影响了社交网络生态,但人们对它知之甚少。本文对社交网络虚假流量服务进行系统性的测量研究。首先调查并发现不同来源的125个社交网络虚假流量提供商,并设立一个蜜罐账户捕获这些提供商控制的恶意账户。之后,建立了一个社交网络虚假流量检测器,从中国最大的微博网站新浪微博中检测出162 218个恶意账户,检测精度达到94.5%。进一步利用这些恶意账户作为桥梁,发现了296 916个可能涉及虚假流量的话题。最后,从攻击周期和攻击实体的角度揭示了社交网络虚假流量灰黑色产业链的运行机制。其中,发现了涉及社交网络虚假流量的恶意账户的时间性攻击模式和智能规避战术。这些发现使得社交网络虚假流量的运行机制暴露在大众的视野下。基于这些发现,我们的工作将有助于理解并最终消除这种威胁。


Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Ali Alhosseini S, Bin Tareaf R, Najafi P, et al., 2019. Detect me if you can: spam bot detection using inductive representation learning. Companion Proc World Wide Web Conf, p.148-153.

[2]Alibaba Inc., 2020. Alibaba Annual Report. https://static.alibabagroup.com/reports/fy2020/ar/ebook/en/index.html [Accessed on Feb. 23, 2022].

[3]Alvisi L, Clement A, Epasto A, et al., 2013. SoK: the evolution of sybil defense via social networks. IEEE Symp on Security and Privacy, p.382-396.

[4]Beskow DM, Carley KM, 2019. Its all in a name: detecting and labeling bots by their name. Comput Math Organ Theory, 25(1):24-35.

[5]Beskow DM, Carley KM, 2020. You are known by your friends: leveraging network metrics for bot detection in Twitter. In: Tayebi MA, Glässer U, Skillicorn DB (Eds.), Open Source Intelligence and Cyber Crime: Social Media Analytics. Springer, Switzerland, p.53-88.

[6]Booij TM, Verburgh T, Falconieri F, et al., 2021. Get rich or keep tryin’ trajectories in dark net market vendor careers. IEEE European Symp on Security and Privacy Workshops, p.202-212.

[7]Boshmaf Y, Logothetis D, Siganos G, et al., 2015. Integro: leveraging victim prediction for robust fake account detection in OSNs. Network and Distributed System Security Symp, p.8-11.

[8]Cao Q, Yang XW, Yu JQ, et al., 2014. Uncovering large groups of active malicious accounts in online social networks. Proc ACM SIGSAC Conf on Computer and Communications Security, p.477-488.

[9]Chen TQ, Guestrin C, 2016. XGBoost: a scalable tree boosting system.

[10]Cresci S, di Pietro R, Petrocchi M, et al., 2017. The paradigm-shift of social spambots: evidence, theories, and tools for the arms race. Proc 26th Int Conf on World Wide Web Companion, p.963-972.

[11]Cresci S, Petrocchi M, Spognardi A, et al., 2019. On the capability of evolved spambots to evade detection via genetic engineering. Online Soc Netw Med, 9:1-16.

[12]Cuevas A, Miedema F, Soska K, et al., 2022. Measurement by proxy: on the accuracy of online marketplace measurements. 31st USENIX Security Symp, p.2153-2170.

[13]de Cristofaro E, Friedman A, Jourjon G, et al., 2014. Paying for likes? Understanding Facebook like fraud using honeypots. Proc Conf on Internet Measurement Conf, p.129-136.

[14]Devlin J, Chang MW, Lee K, et al., 2018. BERT: pre-training of deep bidirectional Transformers for language understanding.

[15]Dutta HS, Chakraborty T, 2020. Blackmarket-driven collusion among retweeters—analysis, detection, and characterization. IEEE Trans Inform Forens Secur, 15:1935-1944.

[16]Elmas T, Overdorf R, Özkalay AF, et al., 2021. Ephemeral astroturfing attacks: the case of fake Twitter trends. IEEE European Symp on Security and Privacy, p.403-422.

[17]Feng SB, Wan HR, Wang NN, et al., 2021. TwiBot-20: a comprehensive Twitter bot detection benchmark. Proc 30th ACM Int Conf on Information & Knowledge Management, p.4485-4494.

[18]Feng SB, Tan ZX, Li R, et al., 2022. Heterogeneity-aware Twitter bot detection with relational graph transformers. Proc AAAI Conf Artif Intell, 36(4):3977-3985.

[19]Feng SB, Tan ZX, Wan HR, et al., 2023. TwiBot-22: towards graph-based Twitter bot detection.

[20]Freitas C, Benevenuto F, Ghosh S, et al., 2015. Reverse engineering socialbot infiltration strategies in Twitter. IEEE/ACM Int Conf on Advances in Social Networks Analysis and Mining, p.25-32.

[21]Guo ZY, Wang LQ, Wang YF, et al., 2018. Public opinion spamming: a model for content and users on Sina Weibo. Proc 10th ACM Conf on Web Science, p.210-214.

[22]HuggingFace, 2022. BERT Base Chinese Model. https://huggingface.co/bert-base-chinese [Accessed on May 26, 2022].

[23]Jakesch M, Garimella K, Eckles D, et al., 2021. Trend alert: a cross-platform organization manipulated Twitter trends in the Indian general election. Proc ACM Human-Computer Interact, 5(CSCW2):379.

[24]JD Inc., 2020. JD Annual Report. https://ir.jd.com/static-files/fc93d5dd-9437-4141-9191-f960ba46874b [Accessed on May 26, 2022].

[25]Just MR, Crigler AN, Metaxas P, et al., 2012. “It’s trending on Twitter”—an analysis of the Twitter manipulations in the Massachusetts 2010 Special Senate Election. Annual Meeting of the American Political Science Association.

[26]Le QV, Mikolov T, 2014. Distributed representations of sentences and documents. https://arxiv.org/abs/1405.4053

[27]Liu PF, Yuan WZ, Fu JL, et al., 2023. Pre-train, prompt, and predict: a systematic survey of prompting methods in natural language processing. ACM Comput Surv, 55(9):195.

[28]Mihalcea R, Tarau P, 2004. TextRank: bringing order into text. Proc Conf on Empirical Methods in Natural Language Processing, p.404-411. https://aclanthology.org/W04-3252

[29]Mikolov T, Chen K, Corrado G, et al., 2013. Efficient estimation of word representations in vector space. https://arxiv.org/abs/1301.3781

[30]PDD Inc., 2020. PDD Annual Report. https://investor.pddholdings.com/static-files/0ad89f79-7123-4072-8662-d5509227526c [Accessed on May 26, 2022].

[31]Song J, Lee S, Kim J, 2015. CrowdTarget: target-based detection of crowdturfing in online social networks. Proc 22nd ACM SIGSAC Conf on Computer and Communications Security, p.793-804.

[32]Stringhini G, Wang G, Egele M, et al., 2013. Follow the green: growth and dynamics in Twitter follower markets. Proc Conf on Internet Measurement Conf, p.163-176.

[33]Thomas K, McCoy D, Grier C, et al., 2013. Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. Proc 22nd USENIX Conf on Security, p.195-210. https://dl.acm.org/doi/10.5555/2534766.2534784

[34]Thomas K, Li F, Grier C, et al., 2014. Consequences of connectivity: characterizing account hijacking on Twitter. Proc ACM SIGSAC Conf on Computer and Communications Security, p.489-500.

[35]Torres-Lugo C, Yang KC, Menczer F, 2022. The manufacture of partisan echo chambers by follow train abuse on Twitter. Proc Int AAAI Conf Web Soc Med, 16(1):1017-1028.

[36]van Wegberg R, Tajalizadehkhoob S, Soska K, et al., 2018. Plug and prey? Measuring the commoditization of cybercrime via online anonymous markets. Proc 27th USENIX Conf on Security Symp, p.1009-1026.

[37]Weerasinghe J, Flanigan B, Stein A, et al., 2020. The pod people: understanding manipulation of social media popularity via reciprocity abuse. Proc Web Conf, p.1874-1884.

[38]Woolley SC, 2016. Automating power: social bot interference in global politics. First Mond, 21(4).

[39]Yang C, Harkreader R, Gu GF, 2013. Empirical evaluation and new design for fighting evolving Twitter spammers. IEEE Trans Inform Forens Secur, 8(8):1280-1293.

[40]Yu HF, Kaminsky M, Gibbons PB, et al., 2006. SybilGuard: defending against sybil attacks via social networks. SIGCOMM Comput Commun Rev, 36(4):267-278.

[41]Yu HF, Gibbons PB, Kaminsky M, et al., 2010. SybilLimit: a near-optimal social network defense against sybil attacks. IEEE/ACM Trans Netw, 18(3):885-898.

[42]Yuan D, Miao YL, Gong NZ, et al., 2019. Detecting fake accounts in online social networks at the time of registrations. Proc ACM SIGSAC Conf on Computer and Communications Security, p.1423-1438.

[43]Zhang YB, Ruan X, Wang HN, et al., 2017. Twitter trends manipulation: a first look inside the security of Twitter trending. IEEE Trans Inform Forens Secur, 12(1):144-156.

[44]Zheng HZ, Xue MH, Lu H, et al., 2017. Smoke screener or straight shooter: detecting elite sybil attacks in user-review social networks. https://arxiv.org/abs/1709.06916

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE