Fingerprinting The Networks of Users Disseminating Malware on Twitter

Luc Woodman


Supervised by Amir Javed; Moderated by Padraig Corcoran


Online Social Networks (OSNs), such as Twitter, have become the become the breeding grounds for the spread of malicious content, particularly through the dissemination of embedded URLs. This research paper aims to investigate the characteristics of malicious users involved in spreading malware on Twitter and compare their behaviour to emotionally charged events.


Answering the following three research questions. -Is there a presence of organised behaviour distributing malicious URLs on twitter? -What are the characteristics of user(s) involved in the distribution? -How do these malicious behaviours compare to other emotionally charged events?


By analysing tweet datasets from two global events namely Covid-19 (Javed et al., 2020) and the 2020 US Presidential Campaign (Rui, 2020), I employed graph analysis and unsupervised machine learning algorithms (K-means, Birch, and Hierarchical clustering) using extracted tweet features as training data. From (N=18898) malicious Covid-19 and (N=165738) benign Covid tweets I found distinct malicious characteristics. Including a high frequency of malicious URL’s shared having the same account creation day (coordinated), an elevated level of emoticons, mentions, linguistic features and negative emotions (fear, surprise, sadness, disgust). Based on these findings, the construction of visual networks identified clear behavioural patterns and characteristics which found a network of account(s) disseminating malicious tweets together.

Initial Plan (06/02/2023) [Zip Archive]

Final Report (12/05/2023) [Zip Archive]

Publication Form