Twitter, Spam and User Behavior
Ever wonder how your Twitter usage matches up with the general public? How about an attacker?
According to Barracuda Networks, the differences between attackers and the average user can be pronounced, making behavioral analysis an important part of distinguishing between legitimate users and bad actors.
In its report, which analyzes 26 million accounts during December 2010, Barracuda revealed the following: 43 percent of Twitter users are "true" users. In other words, explained Barracuda Research Scientist Daniel Peck, a user with at least 10 followers who follows at least 10 people and has tweeted at least 10 times.
"The research team believed that to be a nice breaking point in the data where people actually use the service and was the result of some statistical slicing, cutting off the outliers who have a large amount of followers but no friends, and vice versa," he said.
For every 100 Twitter users, 11 have no followers, 39 have between one and nine followers, 33 have from 10 to 99 followers and 17 have a 100 or more. Almost 80 percent of users tweet less than once a day, while nearly 11 percent tweet between one and four times a day. Just over 5 percent tweet between five and nine times a day, while less than 4 percent do it between 10 and 99 times a day. Less than 1 percent (0.2 percent) tweet a hundred times a day.
So what does this mean? If taken at face value, the statistics provide a basis for accounts whose activity varies widely from that of the average user to be flagged as suspicious. Twitter already does this, flagging accounts that set off any number of triggers. These include a user who gets a large amount of followers in a short amount of time, someone follows and "unfollows" people in a short period (particularly by automated methods) and if a user's updates consist mainly of links.
"It really boils down to awareness. ... Also having a better understanding of an account's behavior and reputation can help Twitter better identify malicious or suspicious accounts, and then suspend them from the network sooner than later," said Paul Judge, chief research officer at Barracuda Networks.
The Barracuda report can be viewed here (PDF).