Abstract
Malicious behavior in social media has many faces, which for instance appear in the form of bots, sock puppets, creation and dissemination of fake news, Sybil attacks, and actors hiding behind multiple identities. In this paper, we propose the NetDER architecture, which takes its name from its two main modules: Net work D iffusion and ontological reasoning based on E xistential R ules), to address these issues. This initial proposal is meant to serve as a roadmap for research and development of tools to attack malicious behavior in social media, guiding the implementation of software in this domain, instead of a specific solution. Our working hypothesis is that these problems – and many others – can be effectively tackled by (i) combining multiple data sources that are constantly being updated, (ii) maintaining a knowledge base using logic-based formalisms capable of value invention to support generating hypotheses based on available data, and (iii) maintaining a related knowledge base with information regarding how actors are connected, and how information flows across their network. We show how these three basic tenets give rise to a general model that has the further capability of addressing multiple problems at once.
Similar content being viewed by others
Notes
If one wishes to use an implementation provided by a Semantic Web standard, this can be done taking appropriate measures to first translate the Datalog syntax.
Linux.Luabot is a malware discovered in late 2016 that infects Linux-based hosts via Trojan horse attacks; cf. https://www.symantec.com/security-center/writeup/2016-090915-3236-99
For instance, the rule could have the form “if a user believes that certain software is dangerous with a degree of at least 0.5, then there exists another user who is related to the first, is an expert, and also has this belief with at least 0.5”.
References
Abokhodair, N., Yoo, D., McDonald, D.W. (2015). Dissecting a social botnet: growth, content and influence in Twitter. In Proceedings of the 18th ACM conference on computer supported cooperative work & social computing (pp. 839–851). ACM.
Baget, J.F., Mugnier, M.L., Rudolph S, Thomazo M. (2011a). Walking the complexity lines for generalized guarded existential rules. In 22nd international joint conference on artificial intelligence. AAAI Press.
Baget, J.F., Mugnier, M.L., Thomazo, M. (2011b). Towards farsighted dependencies for existential rules. In Web reasoning and rule systems (pp. 30–45). Berlin: Springer.
Bekiros, S., Nguyen, D.K., Junior, L.S., Uddin, G.S. (2017). Information diffusion, cluster formation and entropy-based network dynamics in equity and commodity markets. European Journal of Operational Research, 256 (3), 945–961.
Benigni, M., & Carley, K.M. (2016). From tweets to intelligence: Understanding the islamic jihad supporting community on twitter. In Xu, K.S., Reitter, D., Lee, D., Osgood, N. (Eds.) Social, cultural, and behavioral modeling (pp. 346–355). Cham: Springer International Publishing.
Benigni, M.C., Joseph, K., Carley, K.M. (2017). Online extremism and the communities that sustain it: Detecting the isis supporting community on twitter. PloS one, 12(12), e0181405.
Benigni, M.C., Joseph, K., Carley, K.M. (2019). Bot-ivistm: Assessing information manipulation in social media using network analytics, (pp. 19–42). Cham: Springer International Publishing.
Bianconi, G. (2015). Interdisciplinary and physics challenges of network theory. EPL (Europhysics Letters), 111(5), 56001.
Calì, A., Gottlob, G., Lukasiewicz, T. (2012). A general Datalog-based framework for tractable query answering over ontologies. Web Semantics: Science, Services and Agents on the World Wide Web, 4, 57–83.
Cali, A., Gottlob, G., Pieris, A. (2012). Towards more expressive ontology languages: the query answering problem. Artificial Intelligence, 193, 87–128.
Calì, A., Gottlob, G., Kifer, M. (2013). Taming the infinite chase: Query answering under expressive relational constraints. Journal of Artificial Intelligence Research, 48, 115–174.
Centola, D. (2015). The social origins of networks and diffusion. American Journal of Sociology, 120(5), 1295–1338.
Conroy, N.J., Rubin, V.L., Chen, Y. (2015). Automatic deception detection: Methods for finding fake news. Proceedings of the association for information science and technology, 52(1), 1–4.
Davis, C.A., Varol, O., Ferrara, E., Flammini, A., Menczer, F. (2016). BotOrNot: A system to evaluate social bots. In Proceedings of the 25th international conference companion on World Wide Web. (pp. 273–274). International World Wide Web Conferences Steering Committee.
Deagustini, C.A.D., Martinez, M.V., Falappa, M.A., Simari, G.R. (2016). Datalog+/– ontology consolidation. Journal of Artificial Intelligence Research, 56, 613–656.
Deagustini, C.A.D., Martinez, M.V., Falappa, M.A., Simari, G.R. (2018). How does incoherence affect inconsistency-tolerant semantics for Datalog+/–? Annals of Mathematics and Artificial Intelligence, 82(1-3), 43–68.
Della Valle, E., Ceri, S., van Harmelen, F., Fensel, D. (2009). It’s a streaming world! reasoning upon rapidly changing information. IEEE Intelligent Systems, 24(6), 83–89.
Falappa, M.A., Kern-Isberner, G., Reis, M.D.L., Simari, G.R. (2012). Prioritized and non-prioritized multiple change on belief bases. J Philosophical Log, 41(1), 77–113.
Falappa, M.A., García, A.J., Kern-Isberner, G., Simari, G.R. (2013). Stratified belief bases revision with argumentative inference. Journal of Philosophical Logic, 42(1), 161–193.
Ferrara, E., Varol, O., Davis, C., Menczer, F., Flammini, A. (2016). The rise of social bots. Communications of the ACM, 59(7), 96–104.
Gallo, F.R., Simari, G.I., Martinez, M.V., Falappa, M.A., Santos, N.A. (2017). Reasoning about sentiment and knowledge diffusion in social networks. IEEE Internet Computing, 21(6), 8–17.
Gallo, F.R., Simari, G.I., Martinez, M.V., Falappa, M.A. (2019). Predicting user reactions to twitter feed content based on personality type and social cues. Future Generation Computer Systems (In Press).
Jain, P., Kumaraguru, P., Joshi A. (2013). @ i seek ‘fb. me’: Identifying users across multiple online social networks. In Proceedings of the 22nd International Conference on World Wide Web, (pp. 1259–1268). ACM.
Jalili, M., & Perc, M. (2017). Information cascades in complex networks. Journal of Complex Networks, 5(5), 665–693.
Kolaitism, P.G. (2018). Reflections on schema mappings, data exchange, and metadata management. In Proc.ACM SIGMOD/PODS, (pp. 107–109). ACM.
Konieczny, S., & Pino Pérez, R. (2002). Merging information under constraints: A logical framework. Journal of Logic And Computation, 12(5), 773–808.
Konieczny, S., & Pino Pérez, R. (2011). Logic based merging. Journal of Philosophical Logic, 40(2), 239–270.
Kumar, A., Garg, D., Singh, P. (2017a). Clustering approach to detect profile injection attacks in recommender system. International Journal Of Computer Applications, 166(6), 7–11.
Kumar, S., Cheng, J., Leskovec, J., Subrahmanian, V. (2017b). An army of me: Sockpuppets in online discussion communities. In Proceedings of WWW, International World Wide Web conferences steering committee. (pp. 857–866).
Leone, N., Manna, M., Terracina, G., Veltri, P. (2012). Efficiently computable datalog∃ programs. In Thirteenth international conference on the principles of knowledge representation and reasoning. (AAAI Press).
Lukasiewicz, T., Martinez, M.V., Simari, G.I. (2012). Inconsistency handling in datalog+/– ontologies. In Proc. ECAI, (pp. 558–563).
Malhotra, A., Totti, L., Meira, W. Jr, Kumaraguru, P., Almeida, V. (2012). Studying user footprints in different online social networks. In Proc. ASONAM, IEEE computer society, (pp. 1065–1070).
Malliaros, F.D., Rossi, M.E.G., Vazirgiannis, M. (2016). Locating influential nodes in complex networks. Scientific reports, 6, 19307.
Marin, E., Diab, A., Shakarian, P. (2016). Product offerings in malicious hacker markets. In 2016 IEEE conference on intelligence and security informatics (ISI). (IEEE) (pp. 187– 189).
Miller, R.J. (2018). Open data integration. Proceedings of the VLDB Endowment, 11(12), 2130–2139.
Noh, G., Ym, Kang, Oh, H., Ck, Kim. (2014). Robust sybil attack defense with information level in online recommender systems. Expert Systems with Applications, 41(4), 1781–1791.
Nunes, E., Shakarian, P., Simari, G.I. (2018). At-risk system identification via analysis of discussions on the darkweb. In 2018 APWG symposium on electronic crime research (eCrime), (pp 1–12). IEEE.
Paredes, J.N., Martinez, M.V., Simari, G.I., Falappa, M.A. (2018a). Leveraging probabilistic existential rules for adversarial deduplication. In Proceedings of PRUV@IJCAR 2018 CEUR-WS.
Paredes, J.N., Simari, G.I., Martinez, M.V., Falappa, M.A. (2018b). First steps towards data-driven adversarial deduplication. Information, 9(8), 189.
Pavlopoulos, G.A., Secrier, M., Moschopoulos, C.N., Soldatos, T.G., Kossida, S., Aerts, J., Schneider, R., Bagos, P.G. (2011). Using graph theory to analyze biological networks. BioData Mining, 4(1), 10.
Robson, D. (2019). Why smart people are more likely to believe fake news. https://www.theguardian.com/books/2019/apr/01/why-smart-people-are-more-likely-to-believe-fake-news, (Accessed June 12, 2019).
Sarkar, S., Almukaynizi, M., Shakarian, J., Shakarian, P. (2018). Predicting enterprise cyber incidents using social network analysis on the darkweb hacker forums. CoRR arXiv:1811.06537.
Shakarian, P., Simari, G.I., Callahan, D. (2013). Reasoning about complex networks: A logic programming approach. Theory and Practice of Logic Programming, 13. 4-5-Online-Supplement.
Shao, C., Ciampaglia, G.L., Varol, O., Flammini, A., Menczer, F. (2017). The spread of fake news by social bots, (pp 96–104). arXiv:170707592.
Shu, K., Sliva, A., Wang, S., Tang, J., Liu, H. (2017). Fake news detection on social media: A data mining perspective. ACM SIGKDD Explorations Newsletter, 19(1), 22–36.
Simari, G.I., Molinaro, C., Martinez, M.V., Lukasiewicz, L, Predoiu, L. (2017). Ontology-based data access leveraging subjective reports, 1st edn.: Springer Publishing Company, Inc.
Subrahmanian, V.S., Azaria, A., Durst, S., Kagan, V., Galstyan, A., Lerman, K., Zhu, L., Ferrara, E., Flammini, A., Menczer, F. (2016). The DARPA twitter bot challenge. IEEE Computer, 49(6), 38–46.
Tavabi, N., Goyal, P., Almukaynizi, M., Shakarian, P., Lerman, K. (2018). Darkembed: Exploit prediction with neural language models. In 32nd AAAI conference on artificial intelligence. (AAAI Press).
Yamak, Z., Saunier, J., Vercouter, L. (2018). Sockscatch: Automatic detection and grouping of sockpuppets in social media. Knowledge-Based Systems, 149, 124–142.
Zheng, X., Lai, Y.M., Chow, K.P., Hui, L.C., Yiu, S.M. (2011). Sockpuppet detection in online discussion forums. In Proc. international conference on intelligent information hiding and multimedia signal processing, (pp 374–377). IEEE.
Acknowledgments
This work was funded in part by Universidad Nacional del Sur (UNS) under grants PGI 24/N046 and PGI 24/ZN34, and CONICET under grant PIP 11220170100871CO, Argentina, and the EU H2020 Research and Innovation Programme under the Marie Sklodowska-Curie grant agreement No. 690974 for the project “MIREL”.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Paredes, J.N., Simari, G.I., Martinez, M.V. et al. NetDER: An Architecture for Reasoning About Malicious Behavior. Inf Syst Front 23, 185–201 (2021). https://doi.org/10.1007/s10796-020-10003-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-020-10003-w