Design and analysis of a social botnet

Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu

Research output: Contribution to journalArticle

89 Citations (Scopus)


Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8 weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today's underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.

Original languageEnglish
Pages (from-to)556-578
Number of pages23
JournalComputer Networks
Issue number2
Publication statusPublished - 4 Feb 2013


  • Automated social engineering
  • Botnets
  • Online privacy
  • Online social networks
  • Social network security
  • Socialbots

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Design and analysis of a social botnet'. Together they form a unique fingerprint.

  • Cite this