Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Digital fingerprinting for identifying malicious collusive groups on Twitter

Ikwu, Ruth, Giommoni, Luca ORCID:, Javed, Amir ORCID:, Burnap, Peter ORCID: and Williams, Matthew ORCID: 2023. Digital fingerprinting for identifying malicious collusive groups on Twitter. Journal of Cybersecurity 9 (1) , tyad014. 10.1093/cybsec/tyad014

[thumbnail of tyad014.pdf] PDF - Published Version
Available under License Creative Commons Attribution Non-commercial.

Download (953kB)


Propagation of malicious code on online social networks (OSN) is often a coordinated effort by collusive groups of malicious actors hiding behind multiple online identities (or digital personas). Increased interaction in OSN have made them reliable for the efficient orchestration of cyber-attacks such as phishing click bait and drive-by downloads. URL shortening enables obfuscation of such links to malicious websites and massive interaction with such embedded malicious links in OSN guarantees maximum reach. These malicious links lure users to malicious endpoints where attackers can exploit system vulnerabilities. Identifying the organised groups colluding to spread malware is non-trivial owing to the fluidity and anonymity of criminal digital personas on OSN. This paper proposes a methodology for identifying such organised groups of criminal actors working together to spread malicious links on OSN. Our approach focuses on understanding malicious users as ‘digital criminal personas’ and characteristics of their online existence. We first identify those users engaged in propagating malicious links on OSN platforms, and further develop a methodology to create a digital fingerprint for each malicious OSN account/digital persona. We create similarity clusters of malicious actors based on these unique digital fingerprints to establish ‘collusive’ behaviour. We evaluate the ability of a cluster-based approach on OSN digital fingerprinting to identify collusive behaviour in OSN by estimating within-cluster similarity measures and testing it on a ground truth dataset of five known colluding groups on Twitter. Our results show that our digital fingerprints can identify 90% of cyber-personas engaged in collusive behaviour 75% of collusion in a given sample set.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Cardiff Centre for Crime, Law and Justice (CCLJ)
Subjects: H Social Sciences > H Social Sciences (General)
K Law > K Law (General)
Publisher: Oxford University Press
ISSN: 2057-2085
Funders: Economic and Social Research Council
Date of First Compliant Deposit: 15 August 2023
Date of Acceptance: 20 June 2023
Last Modified: 08 Oct 2023 23:21

Actions (repository staff only)

Edit Item Edit Item


Downloads per month over past year

View more statistics