DETECTION OF MALICIOUS BOTS IN SOCIAL NETWORKS

Major Project submitted in partial fulfillment of the requirement for the award of the degree
of
BACHELOR OF TECHNOLOGY

IN

INFORMATION TECHNOLOGY

Under the esteemed guidance of

Mrs. T. Neha Singh,

Assistant Professor

By

MEESALA INDRA KUMAR 21R11A1241

DANDEMPALLI RAKESH 21R11A1212
UNGARALA ABHIRAM 21R11A1259

Department of Information Technology

Accredited by NBA

Geethanjali College of Engineering and Technology

(UGC Autonomous)
(Affiliated to J.N.T.U.H, Approved by AICTE, New Delhi)
Cheeryal (V), Keesara (M), [Link].-501 301.

APRIL-2025

i
Geethanjali College of Engineering & Technology
(UGC Autonomous)
(Affiliated to JNTUH, Approved by AICTE, New Delhi)
Cheeryal (V), Keesara(M), Medchal Dist.-501 301.

DEPARTMENT OF INFORMATION TECHNOLOGY

Accredited by NBA

CERTIFICATE
This is to certify that the [Link] Major Project report entitled “DETECTION OF
MALICIOUS BOTS IN SOCIAL NETWORKS” is a bonafide work done by
Meesala Indrakumar (21R11A1241), Dandempalli Rakesh(21R11A1212),
Ungarala Abhiram(21R1A1259), in partial fulfilment of the requirement of the
award for the degree of Bachelor of Technology in “INFORMATION
TECHNOLOGY” from Jawaharlal Nehru Technological University, Hyderabad
during the year 2024-2025.

Internal Guide Project Coordinator HOD – IT

Mrs.T Neha Singh Mr. P. Manohar Dr. K. Srinivas

Associate Professor Assistant Professor Professor

External Examiner

ii
 Geethanjali College of Engineering & Technology
(UGC Autonomous)
(Affiliated to JNTUH Approved by AICTE,New Delhi)
Cheeryal (V), Keesara(M), Medchal Dist.-501 301.

DEPARTMENT OF INFORMATION TECHNOLOGY

Accredited by NBA

DECLARATION BY THE CANDIDATE

We, M. Indra Kumar, D. Rakesh, U. Abhiram bearing Roll Nos. 21R11A1241,

21R11A1212, 21R11A1259 hereby declare that the project report entitled “DETECTION OF
MALICIOUS BOTS IN SOCIAL NETWORKS” is done under the guidance of Mrs. T. Neha Singh,
Assistant Professor internal guide, Department of Information Technology, Geethanjali College of
Engineering and Technology, is submitted in partial fulfillment of the requirements for the award of the
degree of Bachelor of Technology in Information Technology.

This is a record of bonafide work carried out by us in Geethanjali College of Engineering and
Technology and the results embodied in this project have not been reproduced or copied from any
source. The results embodied in this project report have not been submitted to any other University or
Institute for the award of any other degree or diploma.

M. Indra Kumar(21R11A1241)

D. Rakesh (21R11A1212)

U. Abhi Ram (21R11A1259)

Department of IT, Geethanjali College of Engineering and Technology.

iii
 ACKNOWLEDGEMENT

We are greatly indebted to the authorities of Geethanjali College of Engineering

and Technology, Cheeryal , Medchal District, for providing us the necessary facilities to
successfully carry out this major project work titled “DETECTION OF MALICIOUS
BOTS IN SOCIAL NETWORKS”.

Firstly, we thank and express our solicit gratitude to our HOD, Dr K. SRINIVAS,
Professor, IT department, Geethanjali College of Engineering and Technology, for his
invaluable help and support which helped us a lot in successfully completing our Major
Project.

Secondly, we express our gratitude to Mr. P. MANOHAR, Associate Professor,

Project Coordinator, IT department, Geethanjali College of Engineering and Technology,
for his suggestions and encouragement which helped us in the successful completion of our
Major Project.

Secondly, we express our gratitude to Mrs. T. NEHA SINGH, Assistant

Professor, internal guide, IT department, Geethanjali College of Engineering and
Technology, for her suggestions and encouragement which helped us in the successful
completion of our Major Project.

We would like to express our sincere gratitude to our Principal Dr. K. SAGAR for
providing the necessary infrastructure to complete our project.

We convey our gratitude to our Chairman, Mr. G. RAVINDER REDDY, for his
invaluable support and encouragement for propelling our innovation forward.

Finally, we would like to express our heartfelt thanks to our parents who were
supportive both financially and mentally and for their encouragement to achieve our set
goals.

iv
 ABSTRACT

The effect of the bots has been felt in nearly all the fields of social media. One social
media site that has particularly experienced the effects, and which happens to be very popular, is
Twitter. Most of its users are bots. Bots have been utilized in evil endeavors such as sending
propaganda about candidates seeking political positions and boosting celebrities' perceived
popularity. In addition, these robots are able to alter the outcomes of typical analyses conducted
on social media. With the dramatic rise in the volume, velocity, and variety of user data (e.g.,
user generated data) in online social networks, there have been efforts to create new methods of
gathering and analyzing such big data. For instance, social bots have been utilized for performing
automated analysis services and supplying users with better quality of service.

Nevertheless, harmful social bots have also been employed for spreading misinformation
(e.g., false news), and this may lead to realworld implications. Hence, identification and removal
of harmful social bots from online social networks are significant. The most prevalent current
detection techniques of malicious social bots examine the quantitative characteristics of their
actions. These characteristics can be easily replicated by social bots; thereby leading to low
accuracy of the analysis.

v
 LIST OF FIGURES

[Link] FIGURES PAGE NO

1 Experiment Procedure of Detecting Malicious Bots 16

2 Tracking and Analyzing User Activity On Websites 18

3 Visualizing the Interactions of User 20

4 Class Diagram 21

5 Sequence Diagram 22

6 Activity Diagram 23

7 Dataset Collection 29

8 After Data Processing 29

9 Transition Probability 30

10 Testing Data 30

11 Prediction Accuracy of data 31

12 Transition probability feature accurancy 31

13 Interface of website 32

14 User DataSet 32

vi
 TABLE OF CONTENTS PAGE NOS
ACKNOWLEDGEMENT iv

ABSTRACT v

[Link] 1

[Link] SURVEY 2

[Link] SPECIFICATION 5

3.1 Introduction 5

3.2 Hardware Requirements 5

3.3 Software Requirements 5

4. SYSTEM ANALYSIS 7

4.1 Existing System 7

4.2 Proposed System 8

4.3 Feasibility Study 8

4.4 Software Specification 9

4.5 Software Description 11

[Link] FRAMEWORK 15

[Link] 16

6.1 Data Flow Diagram 16

6.2 UML Diagram 18

6.3.1 Usecase Diagram 19

6.3.2 Class Diagram 20

6.3.3 Sequence Diagram 21

6.3.4 Activity Diagram 21

vii
7. IMPLEMENTATION 22

7.1 Introduction 22

8. TESTING 23

8.1 Introduction 23

8.2 Types of Testing 24

9. SAMPLE SCREENSHOTS 27

10. CONCLUSION 31

[Link] ENHANCEMENTS 32

[Link] & BIBLIOGRAPHY 33

viii
 CHAPTER – 1 INTRODUCTION

In social networks online, social bots are social accounts managed by automated software
programs that can carry out corresponding operations based on a given set of procedures. The
rise in mobile device usage (e.g., Android and iOS devices) also helped increase the frequency
and character of user interaction through social networks. It is borne out by the large volume,
velocity and variety of data generated from the massive online social network user base. Social
bots have been extensively applied to improve the quality and effectiveness of gathering and
analyzing data from social network services.
For instance, the social bot SF QuakeBot is an application that produces earthquake
reports in the San Francisco Bay, and it is capable of monitoring earthquake related data in social
networks in real-time. Nevertheless, people's behavior concerning social networks and large
scale user data can also be harvested or spread for illegal or ill-intentioned purpose. In virtual
social networks, social bots cannot be representative of the true wishes and wills of ordinary
human beings, thus they are generally regarded as evil ones. For instance, some spurious social
bots accounts designed to mimic the profile of an average user, steal users' data and invade their
privacy, spread malicious or false information, malicious comment, advance or promote some
political or ideology agenda and propaganda, and manipulate the stock market and other social
and economical markets.
All these activities can negatively affect the security and stability of social networking
sites. In the past studies, several approaches were employed to defend the security of online social
network. User behavior is the most explicit expression of user intention since different users
exhibit different habits, preferences, and online behavior (e.g., how one clicks or types, and
typing speed). That is, we can potentially mine and study information buried in user's online
activity to profile and identify various users. Still, we must also be aware of situational variables
that might contribute to altering user's online activity.
That is, user behavior is dynamic and its environment keeps changing i.e., external observable
environment (e.g., environment and behavior) of application context and the internal hidden
environment in user information.
In order to differentiate social bots from regular users correctly, identify malicious social bots,
and minimize the damage of malicious social bots, we must learn and examine social situation
of user behavior and compare and recognize the differences of malicious social bots and normal
users in dynamic behavior.

1
 LITERATURE SURVEY
2.1 Behavior Enhanced Deep Bot Detection in Social Media:

Social bots are considered the most prevalent type of malwares in social platform. They
can generate false messages, spread rumors, and even influence public opinions. In recent years,
large-scale social bots are developed and widely disseminated in social platform, they have
adverse impacts on public and netizen security. Bot detection is to identify bots from human and
it gains more and more attentions in recent years. In this paper, we introduce a behavior enhanced
deep model (BeDM) for bot detection. The new model treats user content as temporal text data
rather than plain text to mine latent temporal patterns. Additionally, BeDM combines content
information and behavior information with deep learning approach. To the best of our knowledge,
this is the first attempt that utilizes deep neural network in bot detection. Experiments on actual
world dataset gathered from Twitter also show the efficacy of our suggested model.
Author: Chiyu Cai, Linjing Li, and Daniel Zeng, Fellow. Published In: 2017

2.2 An Analysis of Socware Cascades in Online Social Networks:

Online social networks (OSNs) are now a common new vector for the propagation of
malware and spam, which we call socware. In contrast to email spam, which is delivered by
spammers to targeted victims, socware cascades through OSNs as infected users propagate it to
their friends. In this paper, we examine evidence from the walls of approximately 3 million
Facebook users spanning five months with the aim of creating a clearer understanding of socware
cascades. We research socware cascades in order to comprehend: (a) their spatiotemporal
characteristics, (b) motivations and mechanisms underneath, and (c) the social engineering stunts
utilized for duping users. First, we note a growing trend in which cascades seem to be slowing
their rate of expansion in order to avoid being caught, and, therefore, lasting longer. Second, our
forensic analysis of the infrastructure behind these cascades reveals that, not unexpectedly,
Facebook appears to be unwittingly facilitating most cascades; 44% of cascades are spread
through Facebook applications. Concurrently, we see huge sets of synergistic Facebook
applications (over 144 sets of size 5 or larger) that work together to facilitate multiple cascades.
Finally, we see that hackers use two social engineering deceptions in equal proportion enticing
users with free goods and enticing users' social curiosity to facilitate socware cascades. Our
results offer several potential paths to decreasing socware on Facebook, but also identify related
challenges.
Author: Ting-Kai Huang, Md Sazzadur Rahman, Harsha V. Madhyastha, Michalis
Faloutsos, and Bruno Ribeiroy Published In: 2013.
2
2.3 A New Approach to Bot Detection: Striking the Balance Between Precision and Recall:
The bot presence has been experienced in a wide range of social media. Twitter, as one
of the social media, has particularly felt the effect, with bots representing a significant number
of its users. The bots have been utilized for negative activities like disseminating false
information on political candidates and creating the impression of popularity for celebrities. In
addition, such bots can alter the outcome of standard analyses done on social media. Researchers
and practitioners must have tools available to eliminate them. Methods do exist to eliminate bots,
but they prioritize precision in order to assess their model at the expense of recall. This implies
that although these methods are nearly always right in the bots they remove, they end up
removing very few, so a lot of bots are left behind. We suggest a model which improves the recall
in bot detection, enabling a researcher to remove more bots. We test our model on two real-world
social media datasets and demonstrate that our detection algorithm eliminates more bots from a
dataset compared to existing methods.
Author: Fred Morstatter, Liang Wu, Tahora [Link], Huan Liu Published In: 2016.

2.4 Efficient Compressed Cipher text Length Scheme Using Multi Authority CPABE for
Hierarchical Attributes:
In an attribute based encryption (ABE), user is represented with assistance of some
attributes and their roles for encryption and decryption of the data. The existing methods based
on attribute-based encryption have discovered that if user's access structure contains a significant
amount of attribute information marked as Don't Care, then the encryption pairing operation has
poor calculation efficiency and cipher text information redundancy. In this paper, we have
presented a hierarchical multiauthority attribute-based encryption on prime order groups to solve
these issues. Our encryption method has a polycentric attribute authorization system with an
AND gate access structure, and a single attribute index created by each attribute authority across
the system, to construct a binary tree, i.e., attribute access tree. The parent node's state value can
be identified by the state of its child node in an attribute access tree. The attribute-based
encryption created in this way is theoretically proved to be able to reduce the amount of
calculation for decryption as much as possible and compress the redundant data in the cipher
text. Our encryption method has theoretical and functional relevance in the "large universe"
construction system.
Author:Zhiyong Zhang, Cheng Li1, Brij B. Gupta2,Danmei Niu1 Published In: 2018.

2.5 ProGuard: Detecting Malicious Accounts in Social-Network Based Online Promotions:

Online social networks increasingly incorporate monetary functionalities by allowing the use of
3
Virtual and Real [Link] provide new platforms to stage various business functions like
online promotion activities, in which users can potentially receive virtual currency as incentives
by taking part in such activities. Both business partners and OSNs are seriously affected when
attackers arm a group of accounts to harvest virtual currency from these activities, which render
these events worthless and incur heavy financial loss. It becomes of utmost significance top
proactively identifying such malicious accounts prior to the online promotional activities and
then lower their priority to be rewarded. We have conducted extensive experiments using data
gathered from Tencent QQ, a world-leading OSN with inbuilt financial management activities.
Experimental outcomes have indicated that our system can achieve a very high detection rate of
96.67% at an extremely low false positive rate of 0.3%.
Author: Yadong Zhou, Dae Wook Kim, Junjie Zhang, Lili Liu, Huan Jin, Hongbo Jin, Ting Liu.

Published In: 2016.

4
 CHAPTER - 2 REQUIREMENTS SPECIFICATION

3.1 INTRODUCTION:

To be used efficiently, all computer software needs certain hardware components or the
other software resources to be present on a computer. These prerequisites are known as
(computer) system requirements and are often used as a guideline as opposed to an absolute rule.
Most software defines two sets of system requirements: minimum and recommended. With
increasing demand for higher processing power and resources in newer versions of software,
system requirements tend to increase over time. Industry analysts suggest that this trend plays a
bigger part in driving upgrades to existing computer systems than technological advancements.

3.2 HARDWARE REQUIREMENTS:

The most common set of requirements defined by any operating system or software
application is the physical computer resources, also known as hardware. A hardware
requirements list is often accompanied by a hardware compatibility list (HCL), especially in case
of operating systems. An HCL lists tested, compatibility and sometimes incompatible hardware
devices for a particular operating system or application. The following sub-sections discuss the
various aspects of hardware requirements
Hardware requirements for present project:

• System : Intel Pentium.

• Hard Disk : 120 GB.
• Monitor : 15’’ LED
• Input Devices : Keyboard, Mouse
• Ram : 2 GB

3.3 SOFTWARE REQUIREMENTS:

Software Requirements deal with defining software resource requirements and pre-
requisites that need to be installed on a computer to provide optimal functioning of an application.
These requirements or pre-requisites are generally not included in the software installation
package and need to be installed separately before the software is installed.

5
Software requirements for present project:

• Operating system : Windows 7

• Coding Language : PYTHON
• Tool : Netbeans
• Database : SQL

6
 CHAPTER 4 SYSTEM ANALYSIS

4.1 EXISTING SYSTEM:

Recent data indicate that over 50% of the Twitter users are not human users. Social network
administrators know full well these negative activities and attempt to remove such users using
their suspension/removal mechanisms. Estimated by one method, 28% of 2008 and half of the
2014 accounts have been suspended by Twitter. What is poorly maintained is the place that bots
occupy in enabling these spamming activities. In a study, 145,000 accounts lasted for months
without being detected. 16% of Twitter spammers today are bots. While detection methods for
social network spam are still lacking, bot detection in social networks has drawn significant
attention from the research community in recent years. Botnets spread to wired and wireless
networks. Specifically, bots within a botnet can collaborate to a common evil goal.

Over the last few years, social bots have gained a lot of popularity within social networks,
and they can simulate human behaviors in social networks. They are also designed to collaborate
to accomplish the assigned tasks. There are numerous methods (e.g., advanced techniques and
resources that can be linked to nation states and state-sponsored actors) employed by some users
with malicious or ulterior motives as well as social bots. For instance, to replicate the
characteristics of human users effectively, socialbots can `crawl' for words and images from
social networks on the web in order to fill out counterfeit user profiles and so forth. Semi-social
bots between humans and social bots have also been reportedly found in social networks, which
are very complex social bots that possess the features of human behavior and social bot behavior.
The automated process for semi-social bot is usually initiated by humans, and the following
actions are automatically executed by socialbots.

This process further enhances the uncertainty of the operation time of social bots. Social
bots are more smarter and they are able to simulate human actions, and they can't be identified
easily. Social bots in available literature are often identified with the help of machine learning-
based methodologies, for instance, Bot ornot released by Twitter in 2014. In Bot or Not, both
training and analysis are carried out with the random forest model utilizing historical social data
of regular users and social bot accounts. Based on six characteristics (i.e. network, user,
befriending, time, content and emotion), this model separated normal users from social bots.
Morstatter et al. suggested a heuristic type supervised Boost OR model with rising recall rate to

7
identify malicious bots, which based on the ratio of tweets retweeted to P. Shi et al.: Malicious
Social Bot Detection Based on Clickstream Sequences the published tweets in the Twitter, mean
DISADVANTAGES OF EXISTING SYSTEM:
• Social bots are smarter than the other bots and they can easily mimic the behavior of
humans, and they cannot be easily traced..
• We cannot distinguish between which cluster is normal and which cluster is abnormal.

4.2 PROPOSED SYSTEM:

It is our aim in this project to detect malicious social bots in social network websites in
real-time by (1) bringing in transition probability features between user clickstreams from social
situation analysis; and(2) defining the algorithm for spatiotemporal features-based malicious
social bot detection. In order to better detect malicious social bots in online social networks, we
examine user behavior characteristics and discover transition probability characteristics from
user clickstreams. Based on the transition probability characteristics and time interval
characteristics, a semi-supervised social bots detection method is proposed based on space-time
characteristics.

ADVANTAGES OF PROPOSED SYSTEM:

• We evaluate user behavior features and select the transition probability of user behavior on
the basis of general behavior Characteristics.
• We then analyze and classify situation aware user behaviors in social networks using our
proposed semi supervised clustering detection method.
• This enables us to identify malicious social bots instantly with the help of only a few tagged
users.

4.3 FEASIBILITY STUDY:

The feasibility of the project is examined in this phase and business proposal is made with a very
sketchy plan for the project and rough estimates of costs. Under system analysis feasibility study
of the planned system has to be done. This is to protect the company from the proposed system
being burdensome. For analyzing feasibility, there has to be some knowledge of the key
requirements for the system. ‘
Three key considerations involved in the feasibility analysis are:

4.3.1 Economic Feasibility:

8
This research is conducted to test the economic effect will have on the system will have on the
organization. The company has a limited amount of fund that it can invest in the research and
development of the system. The expenses need to be justified. Therefore the system developed
as well within budget and this was done because most of the technologies used are available free
of cost. Only the tailored products need to be bought.

4.3.2 Technical Feasibility:

This research is undertaken to test the technical practicability, i.e., technical requirements
of the system. Whatever system is created should not make high demands on the available
technical resources. This will create high demands on the client. The system created must have
a humble requirement since it has to bear only small or zero changes for implementing this
system.

4.3.3 Operational Feasibility:

The study component is to test the extent of acceptance of the system by the user. This
involves the user training process for using the system effectively. The user should not be
threatened by the system, but rather should accept it as a requirement. The users' acceptability is
totally based on the approach that is adopted in order to make the user knowledgeable about the
system and familiar with it. His confidence level should be enhanced so that he can also provide
some constructive criticism, which is appreciated, since he is the ultimate user of the system.

4.4 SOFTWARE SPECIFICATION:

PYTHON:
Python is an interpreter, high-level, general-purpose programming language. Python is
garbage-collected and dynamically typed. Python supports object-oriented, procedural, and
functional programming paradigms. Python is best defined as a "batteries included" language
because of its rich standard library. Python interpreters run on numerous operating systems.
There exists a global programmer community that creates and sustains C, Python, an opensource
reference implementation. There is a not-for-profit corporation, the Python Software Foundation,
that oversees and coordinates resources for C and Python development.

Microsoft SQL Server:

Microsoft SQL Server is a relational database management system developed by

Microsoft. It is database server software that has the primary function of storing and retrieving

9
data upon request from other computer programs—potentially running on the same machine or
on another computer that is linked to it through a network (such as the Internet).Microsoft sells
at least a dozen distinct versions of Microsoft SQL Server, for various audiences and for
workloads from small singlemachine applications to large Internet-facing applications with
numerous concurrent users.

SQLCMD:

SQLCMD is a command-line tool shipped with Microsoft SQL Server, and provides
access to the management features of SQL Server. It permits SQL statements to be typed in and
run at the command line. It also serves as a scripting language to prepare and execute a collection
of SQL statements as a script. These scripts are saved in the form of [Link] file, and are utilized
either for database management or to build the database schema at the time of deployment of a
database. SQLCMD first appeared with SQL Server 2005 and this is carried on with SQL Server
2012, 2014 and 2016. Its predecessor in previous versions was OSQL and ISQL, which is
functionally the same as it relates to TSQL execution, and many of the command line options are
the same, although SQLCMD offers additional flexibility.

SQL Server Management Studio:

SQL Server Management Studio is a graphical user interface utility shipped with SQL
Server 2005 and later to configure, manage, and administer all aspects of Microsoft SQL Server.
It consists of script editors and graphical tools that operate against objects and features of the
server. SQL Server Management Studio has taken the place of Enterprise Manager as the main
management console for Microsoft SQL Server since SQL Server 2005. There is a version of
SQL Server Management Studio for SQL Server Express Edition, where it is called SQL Server
Management Studio Express (SSMSE).

One of the core components of SQL Server Management Studio is the Object Explorer, through
which the user can browse, choose, and perform any of the objects in the server. It can be utilized
to visually see and examine query plans and improve the database performance, among others.
SQL Server Management Studio can also be utilized to design a new database, modify any
existing database schema by adding or altering tables and indexes, or performance analysis. It
features the query windows which offer a GUI based interface for writing and executing queries.

Currently:

10
As of October 2017 the following versions are supported by Microsoft:

• SQL Server 2008

• SQL Server 2008 R2

• SQL Server 2012

• SQL Server 2014

• SQL Server 2016

• SQL Server 2017

From SQL Server 2016 onward, the product is supported on x64 processors only.

4.5 Software Description:

PYTHON:

Being a multi-paradigm programming language, Python fully supports object-oriented

and structured programming and has many features that support functional programming and
aspect-oriented programming. Other paradigms include design by contract and logic
programming, which are implemented through extensions.

In Python, types are dynamic, memory is managed by both reference counting and a
cycle-detecting garbage collector, and names are resolved dynamically aka late binding, meaning
methods and variable names are bound during program execution..

Python's implementation features some support for functional programming in the Lisp
style. Filter, map, and reduce functions; list comprehensions, dictionaries, sets and generator
expressions are all tools of support to think functionally. Moreover, the standard library contains
two modules (itertools and functools) implementing functional tools adopted from Haskell and
Standard ML.

The phrase The Zen of Python, which describes the philosophy of the language, is found
in PEP 20 and includes the aphorisms:

• Beautiful is better than ugly.

• Explicit is better than implicit.
• Simple is better than complex.

11
• Complex is better than complicated.
• Readability counts.

Python was made highly extensible instead of having all of its functionality in the core
itself. Due to this small modularity, it has become especially popular as a means to add
programmable interfaces to existing applications. According to the creator of Python, he could
not extend the software ABC due to its size. So, he thought of programming a small core language
ABC with a huge standard library and easily extensible interpreter.

Python aims to provide a simpler syntax and grammar while allowing developers a choice
of coding style. While Perl has the motto "There is more than one way to do it" But Python’s
design philosophy is “There should be one—and preferably only one—obvious way to do it”.
Alex Martelli, a Fellow at the Python Software Foundation and author of several Python books,
wrote that “In Python, it’s not cool to call things ‘clever’.”

Python's developers try not to optimize too early, and they reject patches to non-critical
parts of the C,Python reference implementation that would offer marginal gains in speed through
a loss in clarity. If a Python program needs to speed up, it can move the crucial part to C extension
modules or use Pyhton, a just-in-time compiler. Also available is Phython which translates a
python script into c that makes direct c-level api calls into the python interpreter.

Python’s developers want it to remain fun to use. Since its inception, the approach has
been to keep the programming language fun, which you will see from the name “Python” itself.
This is taken from the Monty Python comedy group. Also, the tutorials and manuals give off a
very playful vibe. They are often filled with examples referring to spam and eggs (from a Monty
Python sketch), instead of the usual foo and bar.

The term pythonic is a common neologism in the Python community, with various
meanings related to program style. When one says that the code is pythonic, it means that it uses
Python idioms well, that it is natural or shows fluency in the language and that it conforms with
the minimalist philosophy of Python and the focus on readability. Code that does not follow these
principles is called “unpythonic” – that is, it does not adhere to the ideas of Python and
readability, or is the opposite of Python [Link] and admirers of Python, especially those
considered knowledgeable or experienced, are often referred to as Pythonistas.

Libraries:

12
 Python has a large standard library with a wealth of tools for many tasks, often cited as
its greatest strength. Many standard formats and protocols are supported for applications that
face the Internet, e.g. MIME and HTTP. It has system tools – modules for making graphical user
interfaces (GUIs), connecting to relational databases, creating pseudo-random numbers,
arithmetic with arbitrary precision decimals, manipulating regular expressions, unit testing.

While some components of the standard library adhere to specifications, the majority of
modules do not. They are described through the codes used, the internal documentation and test
suites if available. Still, as most of the standard library lies in the domain of cross-platform
Python code, only a few modules need to be

• Graphical user interfaces

• Web frameworks
• Multimedia
• Databases
• Networking
• Test frameworks
• Automation
• Web scraping
• Documentation
• System administration
• Scientific computing
• Text processing
• Image processing

Development:

The main way through which development of Python takes through is Python
enhancement proposal (PEP). PEP 8 relates to the style of coding in Python. Many people in the
steering council look at PEPs that are outstanding, and give comments on them.

The CPython reference implementation has grown as per the enhancement of the
language. Most of the development discussion for the language takes place on the python-dev
mailing list. Some discussions take place in Roundup, the bug tracker at [Link].
Development took place on a self-hosted source-code repository which was running Mercurial
until migrating to GitHub in January 2017.
13
 CPython's public releases come in three types, distinguished by which part of the version
number is incremented:

• Backward-incompatible versions indicate that code will break and needs to be manually
ported. The first part of the version number is incremented. These releases aren't common for
example, version 3.0 was released 8 years after 2.0.

• Major, or “referred to as "feature", releases occur roughly once and a half years. Major
releases have some compatibility with previous releases and introduce new features. Minor
releases increment the second part of the version number. Each major release receives some
number of years of bugfix support starting from it release.

Every 3 months or so, there will be a bugfix release with no new features as long as a sufficient
number of bugs have upstream fixed since the last release. Security vulnerabilities are also patched.
As a result, the third digit of the version number will [Link] alpha, beta, and release-
candidates preview and test the final releases. Although there is a rough timeline for future releases,
if the code isn't ready in time, it will get delayed.

The Python development team monitors the status of the code during the run of the large unit
test suite at development and through use of the BuildBot continuous integration [Link] of 20
August 2016, a huge community of Python developers has contributed over 86,000 software
modules to the Python Package Index (PyPI), the official site for third-party Python software. The
major academic conference on Python is Python. Special programs for mentoring the Python
language are also available.

14
 CHAPTER -5 SYSTEM FRAMEWORK

On the CyVOD platform, there are a total of 1500 accounts of malicious social bots which are
assigned various tasks including, malicious social bots that perform a single task, malicious
social bots that coordinate to perform tasks and malicious social bots that perform mixed tasks.
As an example, a user may perform more than one action in actions like liking, commenting,
sharing, etc. If the social bot causes malicious likes, the value of P (play; like) (the transition
probability of ``the current click event is and the next click event is liking'') will be high and
other transition probability features will be small or zero. A mixed social bot would provide us
with features of average values of six transition probabilities which seem like a normal user. In
this study, we set up four malicious social bots that complete particular tasks and two malicious
social bots with mixed behavior. We developed an Android application called “SocialBot” to
mimic the behavior of social bots. Based on the functional characteristics of the experimental
platform, we designed these seven categories of social bot that perform different tasks. Clicking
these buttons will activate the social bot program either automatically or manually.

15
Fig 1 : Experiment Procedure of Detecting Malicious Bots

16
 CHAPTER - 6 SYSTEM DESIGN
6.1. DATA FLOW DIAGRAM:

1. The DFD is also referred to as bubble chart. It is an easy graphical formalism that may be
utilized to denote a system in terms of input data to the system, several processes
performed over this data, and the output data is created by this system.
2. The data flow diagram (DFD) is the most critical modeling instrument. The system
components are modeled using the DFD. The components include the system process, the
data that the process operates on, an external entity that communicates with the system
and the information flows in the system.
3. DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.
4. DFD is also known as bubble chart. A DFD may be used to represent a system at any level
of abstraction. DFD may be partitioned into levels that represent increasing information
flow and functional detail.

17
Fig 2 :Tracking and Analyzing User Activity On Websites

18
6.2 UML DIAGRAMS:

UML is short for Unified Modeling Language. UML is a standardized general-purpose

modeling language in object-oriented software engineering. The standard is maintained, and was
developed by, the Object Management Group.

The aim is for UML to emerge as a standard language with which models of object oriented
computer software can be designed. As things stand today, UML consists of two principal
elements: a Meta-model and a notation. In the future, something akin to a method or process will
also be included with; or attached to, UML.
The Unified Modeling Language is an industry standard language used for specifying,
Visualization, Constructing and documenting the software system's artifacts, as well as business
modeling and other non-software [Link] UML is a set of best engineering practices that
have been successful in modeling of large and complex systems

.
The UML is a crucial component of object oriented software development and the
software development process. The UML employs primarily graphical notations to represent the
software project design.

GOALS:
The Primary objectives in the development of the UML are the following:
1. Offer users an immediate use, expressive visual modeling Language to enable them to create
and exchange meaningful models.
2. Offer extendibility and specialization mechanisms to add on the basic ideas.
3. Be independent of specific programming languages and development process.
4. Offer a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts such as collaborations, frameworks, patterns and
components.
7. Integrate best practices

19
6.3.1 USE CASE DIAGRAM:

A Unified Modeling Language (UML) Use case diagram is a behavioral diagram defined by and
derived from a Use-case analysis. Its aim is to show a graphical overview of the functionality of
a system in terms of actors, their intentions (depicted as use cases), and any dependencies
between those use cases. The primary intention of a use case diagram is to illustrate what system
operations are done for which actor. Actor's roles in the system can be depicated.

Fig 3: Visualizing the interactions of User

20
6.3.2 CLASS DIAGRAM:

In software design, a class diagram of the Unified Modeling Language (UML) is a static
structure diagram that indicates the structure of a system by representing the system's classes,
their attributes, operations (or methods), and the relationships between classes. It accounts for
whichclasshasinformation.

Fig 4:Class diagram of detecting malicious Bots

21
6.3.3 SEQUENCE DIAGRAM:

A Unified Modeling Language (UML) sequence diagram is a type of interaction diagram

that illustrates how processes interact with each other and in what order of events. It is a Message
Sequence Chart construct. Sequence diagrams are also referred to as event diagrams, event
scenarios, and timing diagrams.

Fig 5:Sequence diagram of tracking a visitor on a website

22
6.3.4 ACTIVITY DIAGRAM:

Activity diagrams are graphical representations of sequential flows of activities and

actions with choice, iteration, and concurrency facilities. Activity diagrams in the Unified
Modeling Language may be used to represent system component business and operation
sequential flows of steps. An activity diagram is used to mark the total control flow.

Fig 6: Activity diagram of decteting of Malicious bots

23
 CHAPTER - 7 IMPLEMENTATION

7.1 INTRODUCTION:

System Implementation is the crucial phase of the project when the conceptual design is brought
into play system. The key steps in the implementation are as below:

• Planning

• Training

• System testing and

• Changeover Planning

Planning is the initial job in the implementation of a system. Planning is to choose the approach
and the time frame to be followed. During the implementation of any system individuals from
assorted departments and system analysis come into play. They are assured to actual problem of
managing assorted activities of people outside their own data processing departments. The line
managers managed under an implementation coordinating committee. The committee thinks
about suggestions, issues and grievances of user department, it should also think about:
• Self-selection and allocation for implementation tasks
• Consultation with unions and available resources
• Standby facilities and communication channel
Training in a project refers to the process of teaching a system, particularly in machine learning
and AI, to recognize patterns and make accurate predictions using data. It involves multiple
stages, including data collection, preprocessing, model selection, training, optimization,
evaluation, and fine-tuning. The model learns by analyzing input data, adjusting internal
parameters to minimize errors, and improving its performance over time. In a bot detection
project, for instance, training involves feeding the system with logs of user requests, identifying
suspicious patterns, and classifying requests as human or bot activity. Once trained, the model is
tested on unseen data to evaluate accuracy and then deployed for real-time monitoring. Effective
training ensures the system adapts to real-world conditions, reducing false positives and
enhancing detection capabilities. If the performance is unsatisfactory, hyperparameters are
adjusted, and the training process is repeated until the desired accuracy is achieved. In a bot
detection project, for instance, training involves feeding the system with logs of user requests,
identifying suspicious patterns, and classifying requests as human or bot activity.

24
We proposed as an alternative to the user-based neighborhood approach. We first consider the
dimensions of the input and output of the neural network. In order to maximize the amount of
training data we can feed to the network, we consider a training example to be a user profile (i.e.
a row from the user-item matrix R) with one rating withheld. The loss of the network on that
training example must be computed with respect to the single withheld rating. The consequence
of this is that each individual rating in the training set corresponds to a training example, rather
than each user. As we are interested in what is essentially a regression, we choose to use root
mean squared error (RMSE) with respect to known ratings as our loss function. Compared to the
mean absolute error, root mean squared error more heavily penalizes predictions which are
further off.

On the other hand, smaller errors in prediction likely result in recommendations that are still
useful—perhaps the regression is not exactly correct, but at least the highest predicted rating are
likely to be relevant to the user. Data Processing is a task of converting data from a given form
to a much more usable and desired form i.e. making it more meaningful and informative. Using
Machine Learning algorithms, mathematical modeling and statistical knowledge, this entire
process can be automated. The output of this complete process can be in any desired form like
graphs, videos, charts, tables, images and many more, depending on the task we are performing
and the requirements of the machine.

Collection:

The most crucial step when starting with ML is to have data of good quality and accuracy. Data
can be collected from any authenticated source like [Link], Kaggle or UCI dataset
[Link] example, while preparing for a competitive exam, students study from the best
study material that they can access so that they learn the best to obtain the best results. In the
same way, high-quality and accurate data will make the learning process of the model easier and
better and at the time of testing, the model would yield state of the art results.

Preparation:

The collected data can be in a raw form which can’t be directly fed to the machine. So, this is a
process of collecting datasets from different sources, analyzing these datasets and then
constructing a new dataset for further processing and exploration. This preparation can be
performed either manually or from the automatic approach. Data can also be prepared in numeric
forms also which would fasten the model’s learning.

25
 CHAPTER - 8 SYSTEM TESTING

8.1 INTRODUCTION:
The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub-assemblies, assemblies and/or a finished product It is the
process of exercising software with the intent of ensuring that the Software system meets its
requirements and user expectations and does not fail in an unacceptable manner. There are
various types of test. Each test type addresses a specific testing requirement.

Software testing is a critical process within the software development life cycle. It is a
process of checking and confirming that a software program is bug-free, adheres to the technical
specifications laid down by its design and development, and fulfills user requirements effectively
and efficiently.

This process helps ensure that the application is capable of dealing with all exceptional
and boundary situations and offers a robust and reliable user experience. By identifying and
rectifying issues methodically, software testing enables delivery of high-quality software that
operates as anticipated across different situations.

Testing is a method to assess the functionality of the software program. The process
checks whether the actual software matches the expected requirements and ensures the software
is bug-free. The purpose of software testing is to identify the errors, faults, or missing
requirements in contrast to actual requirements. It mainly aims at measuring the specification,
functionality, and performance of a software program or application.

Testing is a critical aspect of software development, ensuring that applications function

correctly, meet user requirements, and maintain high standards of security, performance, and
reliability. It helps identify and resolve defects before software is deployed, reducing the risk of
failures that could result in financial losses, reputational damage, or security breaches. Through
various types of testing, including unit testing, integration testing, system testing, and user
acceptance testing, developers can verify that each component of the software operates as
intended, interacts correctly with other components, and delivers the expected output. Automated
testing plays a crucial role in modern software development, enabling rapid and repeated
execution of test cases to identify regressions and inconsistencies efficiently, while manual
testing remains important for exploratory and usability testing. By adopting a robust testing
26
strategy, organizations can enhance software quality, improve maintainability, and ensure
compliance with industry standards and regulations. Additionally, thorough testing enhances user
satisfaction by delivering a seamless and bug-free experience, reducing the likelihood of post-
deployment issues that require costly fixes and updates. Security testing helps identify
vulnerabilities that hackers could exploit, making applications more resilient against cyber
threats, while performance testing ensures that software can handle varying loads without
degradation in speed or responsiveness.

Testing also facilitates better collaboration among development, operations, and quality
assurance teams, fostering a culture of continuous improvement and accountability. Agile and
DevOps methodologies emphasize the importance of continuous testing, integrating it into the
development lifecycle to catch defects early and enable faster releases without compromising
quality. Proper testing also provides valuable documentation and insights into software behavior,
assisting developers in debugging and optimizing performance. Neglecting testing can lead to
critical software failures, loss of customer trust, and potential legal liabilities, underscoring its
indispensable role in the development process. By implementing a comprehensive testing
approach, organizations can deliver reliable, scalable, and high-quality software solutions that
meet the evolving needs of users and businesses, ultimately contributing to long-term success in
the competitive software industry.

8.2 TYPES OF TESTING:

Unit Testing:
Unit testing is the development of test cases that ensure that the internal program logic is
in working condition, and program inputs yield valid output. All branches of decisions and
internal code paths must be checked. It is the testing of separate software units of the
[Link] is performed after completing an individual unit prior to integration. This is a
structural testing, which is based on the knowledge of its build and invasive.
Unit tests conduct simple checks at the component level and verify a specific business
process, application, and/or system configuration. Unit tests guarantee that every distinctive path
of a business process runs as it should to the documented specifications and has well-defined
inputs and expected results.
Integration testing:
Integration tests are written to test integrated pieces of software to see if indeed they do
execute as a single program. Test is event driven and cares more about the general result of

27
screens or fields. Integration tests prove that while the pieces were unit satisfactions individually,
demonstrated by successfully unit testing, the aggregation of pieces is accurate and consistent.
Integration testing is directly targeted at uncovering the issues that result from the integration of
components.
Functional test:
Functional tests provide systematic demonstrations that functions tested are available as
specified by the business and technical requirements, system documentation, and user manuals.

Functional testing revolves around the following items:

Valid Input : the identified classes of valid input must be accepted.

Invalid Input : the identified classes of valid input must be accepted.

Functions : recognized classes of invalid input have to be discarded.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and planning of functional testing is centered around requirements, core functions,
or special test scenarios. Moreover, systematic coverage as related to identify Business process
flows; data fields, predefined processes, and successive processes should be taken into
consideration for testing. Prior to finalizing functional testing, other tests are identified and the
useful value of existing tests is determined.
System Test:
System testing verifies the entire integrated software system against requirements. It exercises a
configuration to verify known and predictable outcomes. A system test example is the
configuration oriented system integration test. System testing is founded on process descriptions
and flows, with pre-driven process links and integration points being highlighted.

White Box Testing:

White Box Testing is testing where the software tester knows the inner process, structure
and programming language of the software, or at least the intent. It is employed to test areas
which cannot be accessed from a black box level.

28
Black Box Testing:

Black Box Testing is testing the software without having any knowledge about the inner
mechanisms, structure or programming language of the module to be tested. Black box tests, as
well as most other tests, need to be programmed from an authoritative source document, e.g.
specification or requirements document, e.g. specification or requirements document. It is a test
where the software being tested is handled, similar to a black box you can't "peek inside." The
test feeds it inputs and returns outputs without any concern about how the software is
implemented.
Unit Testing:

Unit testing is typically performed as part of an integrated code and unit test phase of software
life cycle, although it is not unusual for coding and unit testing to be performed as two separate
phases.

Test strategy and approach

Manual field testing will be conducted and functional tests will be thoroughly written.
Test objectives:

• All field entries must work properly.

• Ages must be activated from the identified link.
• The entry screen, messages and responses must not be delayed.
Features to be tested:

• Verify that the entries are of the correct format

• There should be no duplicate entries
• Take the user to the appropriate page with all links.
Test Results:

All the above test cases passed fine. No defects faced.

Acceptance Testing:
User Acceptance Testing is an essential phase of any project and needs a lot of involvement by
the end user. It also checks whether the system satisfies the functional requirements.

Test Results: All the above test cases executed successfully. No defects met.

29
CHAPTER – 9 SAMPLE SCREENSHOTS

Fig 7: Dataset Collection

Fig 8:After Data Processing

30
Fig 9: Transition Probability

Fig 10: Testing data

31
 Fig 11:Prediction Accuracy

Fig 12: Transition probability feature accurancy

32
 Fig 13:Interface

Fig14:User Dataset

33
 CHAPTER - 10 CONCLUSION

We proposed a novel method to accurately detect malicious social bots in online social networks.
Experiments showed that transition probability between user clickstreams based on the social
situation analytics can be used to detect malicious social bots in online social platforms
accurately. In this study, observed the detection and elimination of bot activities are crucial for
network security management across various industries.
Traditional bot detection methods have limitations, but a novel approach based on
machine learning and supervised learning algorithms has been developed to overcome these
challenges. This methodology offers versatility in detecting any type of bot, making it effective
in the rapidly evolving landscape of bot technologies. Overall, the use of machine learning and
supervised learning algorithms is a promising approach to bot detection, offering an effective
means of identifying and mitigating potential bot activities across social media platforms and
beyond.

34
 CHAPTER – 11 FURTHER ENHANCEMENTS
As bots continue to advance and become more sophisticated, it is necessary to keep evolving and
refining detection techniques. A possible avenue for future work is the combination of several
detection approaches, including signature-based, behavior-based, and anomaly detection
methods. By using these approaches together, the overall effectiveness and accuracy of bot
detection can be enhanced. Another potential area for future study is the investigation of new
features and characteristics that have the potential to enhance the precision of bot detection. For
instance, the application of natural language processing methods has the potential to detect subtle
language variations between content generated by humans and bots.

In addition, the innovation of further higher-level machine learning algorithms, including deep
learning can enhance bot detection accuracy y and efficiency.

1. Network-based detection: Network based detection methods can be employed to detect bot
activity by analyzing network traffic. These methods can detect bots that are utilizing advanced
evasion techniques.

2. Hybrid approaches: Hybrid methods consisting of more than one detection technique,
including supervised and unsupervised learning, can enhance the effectiveness and precision of
bot detection.

3. Behavioral analysis: Techniques of behavioral analysis can be applied to detect bot activity
based on patterns of behavior that are characteristic of bot activity. Some examples of behavioral
analysis techniques are account creation pattern analysis, post frequency analysis, and
engagement rate analysis.

Generally speaking, the technique chosen is contingent on the inherent properties of the problem
being analyzed and the available data. The detection of malicious bots on social media can
potentially require the utilization of a series of different techniques.

35
 CHAPTER – 12 REFERENCES & BIBLIOGRAPHY

[1] Brito F, I. Petiz, P. Salvador, A. Nogueira, and E. Rocha, ``Detecting social network bots
based on multiscale behavioral analysis,'' in Proc.7th Int. Conf. Emerg. Secur. Inf., Syst. Technol.
(SECURWARE), Barcelona, Spain, 2013, pp. 81_85
[2] Barbon S, Jr., G. F. C. Campos, G. M. Tavares, R. A. Igawa, M. L. Proença, Jr., and R. C.
Guido, ``Detection of human, legitimate bot, and malicious bot in online social networks based
on wavelets,'' ACM Trans. MultimediaComput., Commun., Appl., vol. 14, no. 1s, Feb. 2018, Art.
no. 26
[3] Cai C, L. Li, and D. Zengi, ``Behavior enhanced deep bot detection in social media,'' in
Proc. IEEE Int. Conf. Intell. Secur. Inform. (ISI), Beijing, China, Jul.2017, pp. 128_130.
[4] Chang C K, ``Situation analytics: A foundation for a new software engineering
paradigm,'' Computer, vol. 49, no. 1, pp. 24_33, Jan. 2016.
[5] De Lima Salge C A and N. Berente, ``Is that social bot behaving unethically?'' Commun.
ACM, vol. 60, no. 9, pp. 29_31, Sep. 2017.
[6] Ferrara E, O. Varol, C. Davis, F. Menczer, and A. Flammini, ``The rise of social bots,''
Commun. ACM, vol. 59, no. 7, pp. 96_104, Jul. 2016.

[7] Gao H et al., ``Spam ain't as diverse as it seems: Throttling OSN spam with templates
underneath,'' in Proc. 30th ACSAC, New Orleans, LA, USA, 2014, pp.
76_85.
[8] Huang T K, M. S. Rahman, H. V. Madhyastha, M. Faloutsos, and B. Ribeiro, ``An
analysis of socware cascades in online social networks,'' in Proc. 22nd Int. Conf. World Wide
Web, Rio de Janeiro, Brazil, 2013, pp. 619_630.
[9] Hwang T, I. Pearce, and M. Nanis, ``Socialbots: Voices from the fronts,'' Interactions,
vol. 19, no. 2, pp. 38_45, Mar. 2012.
[10] Morstatter F, L. Wu, T. H. Nazer, K. M. Carley, and H. Liu, ``A new approach to bot
detection: Striking the balance between precision and recall,'' in Proc. IEEE/ACM Int. Conf. Adv.
Social Netw. Anal. Mining, San Francisco, CA, USA, Aug. 2016, pp.

533_540.

36
[11] Park J Y, N. O'Hare, R. Schifanella, A. Jaimes, and C.-W. Chung, ``A large scale study of
user image search behavior on the Web,'' in Proc.33rd Annu. ACM Conf. Hum. Factors Comput.
Syst., Seoul, South Korea, 2015, pp. 985_994.
[12]Sahlabadi M, R. C. Muniyandi, and Z. Shukur, ``Detecting abnormal behavior in social
networkWebsites by using a process mining technique,'' J. Comput. Sci., vol.
10, no. 3, pp. 393_402, 2014.
[13] Zhang Z, C. Li, B. B. Gupta, and D. Niu, ``Ef_cient compressed ciphertext length scheme
using multi-authority CP-ABE for hierarchical attributes,'' IEEE Access, vol. 6, pp.
38273_38284, 2018. doi: 10.1109/ACCESS.2018.2854600.
[14] Zhang Z, R. Sun, X. Wang, and C. Zhao, ``A situational analytic method for user behavior
pattern in multimedia social networks,'' IEEE Trans. Big Data, to be published. doi:
10.1109/TBDATA.2017.2657623.
[15] [13] Zhou Y et al., ``ProGuard: Detecting malicious accounts in socialnetwork- based
online promotions,'' IEEE Access, vol. 5, pp. 1990_1999, 2017.
[16] Xuan Dau Hoang and Quynh Chi Nguyen, Botnet Detection Grounded On Machine
Learning Ways Using DNS Query Data.
[17] [Link], Situation analytics- A foundation for a new software engineering paradigm,
Computer, vol. 49, no.1, pp. 24-33, Jan. 2016. 38 39 [9]
[18] Efthimion Phillip George, Payne, Scott and Proferes, Nicholas( 2018) ‖ Supervised
Machine Learning Bot Discovery Ways to Identify Social Twitter Bots, ‖ SMU Data Science
ReviewVol. 1No. 2, Composition 5.
[19] Ranjana Battur, Nagaratna Yaligar ‖ Twitter Bot Discovery using Machine Learning
Algorithms, ‖ International Journal of Science and Research( IJSR) ISSN 2319- 7064
ResearchGate Impact Factor( 2018)0.28 — SJIF( 2018)7.42
[20] C. Cai, L. Li, and D. Zengi, Behavior enhanced deep bot discovery in social media, ‖ in
Proc. IEEE Int. Conf. Intell. Secur. Inform. ( ISI), Beijing, China, Jul. 2017, pp. 128- 130.

37
38
40