Social media has become a widely accessible medium for users to share their opinions and details of their personal lives, including first hand accounts of emerging/disaster events, to a wide audience. However malicious entities may abuse users' trust to disseminate disinformation, i.e. false and misleading information. The disinformation disseminated on social media can have a significant impact offline. For example, fake news is suspected to have influenced the 2016 U.S. political election. Rumors on social media can mislead criminal investigations, e.g. the investigation of the 2013 Boston Bombing. To mitigate such impacts, automated detection of social media disinformation is thus an important research problem. This dissertation proposes algorithms to detect two approaches hackers use to disseminate disinformation-hashtag hijacking and compromising accounts. Hashtags are terms added to social media posts that are used to provide context to the posts, so those seeking to learn more about a given topic or event can search for posts containing related hashtags. However critics and attention-seeking trolls can mislead the public via hashtag hijacking. Hashtag hijacking occurs when one group of users takes control of a hashtag by using it in a different context than what was intended upon creation. Anyone can participate in hashtag hijacking, but to be successful, a coordinated effort among several accounts posting that hashtag is needed. This dissertation proposes HASHTECT, an unsupervised learning framework that uses a multi-modal nonnegative matrix factorization method for detecting hijacked hashtags. Experimental results on a large-scale Twitter data showed that HASHTECT is capable of detecting more hijacked hashtags than previously proposed algorithms. Another approach for disseminating disinformation is by compromising users' accounts. A social media account is compromised when it is accessed by a third party, i.e. hacker, without the genuine user's knowledge. Compromised accounts are damaging to the account holder as well as the accounts audience, e.g. followers. Hackers can damage the user's reputation, e.g. by posting hateful rhetoric. They also disseminate misleading information including rumors and malicious websites, e.g. phishing or malware. In this dissertation, I propose two compromised account detection algorithms, CADET and CAUTE. CADET is an unsupervised multi-view learning framework that employs nonlinear autoencoders to learn the feature embedding from multiple views. The rationale behind this approach is that an anomalous behavior observed in one view, e.g. abnormal time of day, may not indicate a compromised account. By aggregating the data from multiple views, CADET projects the features from all the views into a common lower-rank feature representation and detects compromised accounts in the shared subspace. On the other hand, CAUTE focuses on detecting compromised accounts early, by detecting the compromised posts. Given a user-post pair, CAUTE is a deep learning framework which simultaneously learns the encodings for the user as well as the post to detect whether the post was compromised, i.e. was written by a different user. By training a neural network on the residuals from the post and user encodings, CAUTE can classify whether a post is compromised with higher accuracy than several existing compromised account detection algorithms.
Read
