Combating the evasion mechanisms of social bots

The detection and anti-detection of social botnets constitute an arms race that enables social botnets to evolve quickly. Existing host-side detection approaches cannot easily detect every social botnet. Thus, we propose a new host-side detection approach that can effectively detect existing social bots. The contribution of this study is three-fold. First, we comprehensively analyze the evasion mechanisms used by existing social bots and validate those mechanisms by applying three state-of-the-art detection approaches to our collected traces. To the best of our knowledge, this is the first empirical evaluation of evasion mechanisms used by social bots. Second, based on the insights gained, we propose a new detection approach that incorporates nine newly identified features and two new correlation mechanisms. The new features are classified either as lifecycle or failure based, and the two correlation mechanisms are temporal and spatial correlations. Finally, our experimental results indicate that under various classifiers, our approach can detect existing social bots. Using the random forest classifier, our approach provides about a 0.3% false positive rate, 4.7% false negative rate, 0.963 F-measure value, and 99.2% detection rate. In addition to detecting social bots, our approach yields acceptable detection results for common botnets.