ACE Seminar, Seminar: Twitter Botnets Detection -- Star Wars and Failure of Supervised Learning

Speaker: Dr. Shi Zhou

Date/Time: 02-May-2019, 16:00 UTC

Venue: Robert 3.09



It is known that a large number of Twitter users are bots, which are fake accounts created and controlled by their masters. Bots can send spam tweets, manipulate public opinion and be used for fraudulent activities. There are significant research efforts to detect Twitter bots, but many of them detected only a few thousand bots. Recently we accidentally discovered the Star Wars botnet, which consisted of more than 350,000 bots controlled by the same master. These bots did not show any of the features that were widely assumed to be ‘common’ for bots. Inspired by the Star Wars botnet, we discovered an even larger botnet, the Surge botnet with more than 500,000 bots. We showed that this botnet was responsible for a large-scale spamming attack in 2012 and we were able to reconstruct  the complete course of the attack in detail, from planning to execution. To understand why these very large botnets had not been detected by existing efforts, we proposed a methodology, called LOBO, to evaluate  bot classifiers. We showed that classifiers trained and tested on known bot classes might not be able to generalise to unknown bot classes. Our work highlights the trend that new and updated botnets designed to defeat current detection systems have been constantly developed, rendering such detection systems obsolete. We need more research and we need a radically new approach to detect online bots.


Dr. Shi Zhou is an Associate Professor at Department of Computer Science, University College London (UCL). He is a founding member of the Academic Centre of Excellence in Cyber Security Research (ACE-CSR) at UCL. He is a Committee Member of the Internet Specialist Group of the British Computer Society (BCS). He held a prestigious Royal Academy of Engineering/EPSRC Research Fellowship from 2007 to 2012. His research interests include social media analysis, complex networks, Internet topology and cloud computing. A collection of media reports about his works on Twitter bots, Internet worm and HIV in vivo infection are available at

Add to Calendar

This page was last modified on 27 Mar 2014.