Exploring the construction and infiltration strategies of social bots in sina microblog

The proliferation of online social networks (OSNs) like Sina Microblog, Twitter, and Facebook has created platforms for expressing opinions and engaging in public discourse. However, the rise of social bots—automated accounts mimicking human behavior—poses significant challenges. These bots can manipulate public opinion, spread misinformation, and engage in malicious activities, impacting businesses, institutions, and governments. While research on social bot detection is prevalent, studies on their construction and infiltration strategies are limited. This study addresses this gap by focusing on Sina Microblog, a major OSN in China, aiming to understand how social bots are built and how they infiltrate the platform. The goal is to develop strategies for creating benign social bots that can counteract malicious actors while also improving the detection of malicious bots. The increasing number of internet and social media users underscores the importance of this research; by April 2019, nearly 3.5 billion people were using social media, and Sina Microblog alone had 486 million active users and 211 million average daily users in June 2019. This massive user base makes it a prime target for malicious actors, highlighting the need for effective countermeasures.

Existing research on social bots largely falls into two categories: (1) studies focusing on the bots themselves, including their construction, infiltration strategies, and data collection capabilities; and (2) analyses of the characteristics of infiltrated groups. Most prior work concentrates on Twitter and Facebook. Early Twitter research, such as the Realboys project, demonstrated the feasibility of automated tweeting, commenting, and following. Subsequent studies investigated the impact of various bot attributes (gender, activity level, tweeting strategy, target users) on infiltration success. Research on Facebook bots has emphasized infiltration into specific organizations and information harvesting. Several studies explored how bot attributes and social network characteristics influence the success of infiltration. However, research specifically focusing on Sina Microblog is limited. While some studies touched upon bot detection or the creation of helpful bots, the focus on large-scale construction and infiltration strategies on Sina Microblog remained unexplored. This paper seeks to fill that gap.

This study employed a three-part framework: data collection, corpus preparation, and social bot construction and infiltration. First, data were collected using a custom crawler that bypassed Sina Microblog's API limitations. Reverse engineering techniques were used to crack the password encryption and simulated login processes, enabling automated data collection of personal information, social relationships, microblogs, and comments. A fusion strategy combining simulated logins and visitor cookies significantly improved data collection efficiency compared to using official APIs. Second, a corpus for profile settings, comments, and microblogs was prepared. Deep learning techniques, specifically LSTM (Long Short-Term Memory) networks with word embeddings, were utilized to classify comments and generate positive, neutral comments. A Char-RNN (Character-Recurrent Neural Network) model generated creative comments while controlling randomness through a temperature parameter. Third, 96 social bots were constructed and deployed on nine cloud servers, with 10-12 bots per server, for a 6-week infiltration period. The Botmaster software controlled the bots' activities through atomic and combined commands, enabling various actions such as following, unfollowing, posting, commenting, liking, and sending messages. The bots' profiles were customized using a Python library, Faker, to create realistic and diverse profiles. Five infiltration strategies were evaluated: gender (female/male), profile photo (real/unreal), activity level (high/low), following strategy (specified/random), and posting strategy (personal opinions/objective facts). The activity level was controlled by varying the time interval between actions, ensuring a balance between high activity and evasion of detection. A detailed analysis was performed to quantify the influence of followers based on microblog influence, propagation influence, and activity level. The influence was calculated through weighted average of normalized factors. Two comparative experiments were conducted to assess the performance of different interaction behaviors: following, commenting, forwarding, and liking.

The 96 social bots achieved a 100% survival rate over the 42-day infiltration period, gaining a total of 5546 followers. Analysis of the infiltration strategies revealed that: 1. **Gender:** While female bots showed a slightly higher follower count, the difference was not statistically significant. The combination of female gender and a real human profile picture yielded the best results. 2. **Activity Level:** High activity levels (20-150 minutes between actions) significantly increased follower counts compared to low activity levels. Strategic timing of activities, avoiding high request frequencies within short intervals, played a key role in evading detection. 3. **Profile Photo:** Real human photos did not consistently show a significant advantage over unreal photos; however, when combined with female gender, real photos increased follower rates. 4. **Following Strategy:** Following users with similar interests (specified users) proved far more effective than random following in acquiring followers. 5. **Posting Strategy:** No significant difference was found between posting personal opinions and objective facts; the choice of topic was more influential than the style of posting. Comparative experiments on interaction behaviors demonstrated that the "following" action was the most effective for gaining followers, followed by commenting. The "following followers' followers" strategy yielded significantly more followers, highlighting the impact of homophily—the tendency to connect with similar users. Analysis of follower quality, considering microblog influence, propagation influence, and activity level, showed that high-activity bots had significantly more influential followers. While gender, profile picture, and posting strategy had little impact on follower influence, high activity consistently led to more influential followers.

The findings demonstrate the vulnerability of Sina Microblog's defense mechanisms to sophisticated social bot infiltration strategies. The high survival rate and significant follower acquisition highlight the effectiveness of the proposed techniques. The success of targeted following strategies reinforces the significance of homophily in social network dynamics. The study also offers insights into creating benign social bots that can help create a harmonious network environment and combat malicious actors. The effectiveness of high-activity levels suggests a need for improved detection algorithms focusing on behavioral patterns rather than solely on account characteristics.

This research makes several key contributions: it presents a robust method for constructing social bots on Sina Microblog, demonstrating the effectiveness of a fusion strategy for data collection; it evaluates the impact of various infiltration strategies, offering actionable insights for both bot creators and platform developers; and it identifies the crucial role of homophily and high activity levels in achieving successful infiltration. Future research could explore a broader range of factors influencing social bot influence, such as sentiment analysis of posts and the long-term effects of different infiltration strategies. Scaling the number and active time of social bots would further refine our understanding of infiltration patterns.

This study focused on a specific set of factors influencing social bot infiltration. Other factors, such as content polarity, might affect influence and should be explored in future research. The experiment duration was limited to 42 days, and a longer-term study would provide more comprehensive insights. The generalizability of findings might be limited to Sina Microblog, as platform-specific characteristics can influence the effectiveness of infiltration strategies.