=Paper=
{{Paper
|id=Vol-3688/paper8
|storemode=property
|title=Methodology for Countering Malicious Information on Social Networks
|pdfUrl=https://ceur-ws.org/Vol-3688/paper8.pdf
|volume=Vol-3688
|authors=Svitlana Popereshnyak,Viktoriia Zhebka,Anastasiya Vecherkovskaya
|dblpUrl=https://dblp.org/rec/conf/colins/PopereshnyakZV24
}}
==Methodology for Countering Malicious Information on Social Networks==
https://ceur-ws.org/Vol-3688/paper8.pdf
Methodology for Countering Malicious Information on
Social Networks
Svitlana Popereshnyak1, Viktoriia Zhebka2 and Anastasiya Vecherkovskaya3
1 National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 37, Prospect Beresteiskyi, Kyiv,
03056, Ukraine
2 State University of Information and Communication Technologies, str. Solomyanska, Kyiv, 03110, 7, Ukraine
3 Taras Shevchenko National University of Kyiv, 24, Bohdana Gavrylyshyn Street, Kyiv, 02000, Ukraine
Abstract
This work is devoted to an urgent problem, namely, the fight against malicious information on social
networks. The goal of this work is to increase the effectiveness of countering malicious information in
social networks by analyzing the sources of malicious information and automating the process of
selecting countermeasures. The theoretical significance of this work lies in its contribution to the
development of the theory and methodology of information security. The proposed approach allows us
to determine scientifically based requirements for solving problems related to the analysis of sources of
malicious information on social networks and countering both the message itself and its source. In
addition, the developed models, algorithms, methods and architecture can be included in the operator’s
decision support system in order to combat malicious information. The proposed models, algorithms,
methods and architecture, as well as their practical implementation, together provide a solution to the
current scientific and technical problem of increasing the effectiveness of countering the spread of
malicious information on social networks.
Keywords
Model, algorithm, methodology, malicious information, social networks, information security1
1. Introduction
The deep implementation of social media in daily life is huge, and its advantage is that the
participants of communication can quickly express their opinions to a large audience and share
media files. Nowadays, social networks play not only the role of a means of communication, but
also a tool for information dissemination. One of the obvious problems of information security in
modern society is the spread of malicious information. Terrorist and criminal groups are
increasingly using the means of information influence, developing strategies to expand their
influence and attract new supporters through social networks. Therefore, one of the key elements
of information security is to control, analyze and actively counteract malicious information in
social networks. The concept of "malicious information" is considered by experts from various
sciences, but no consensus has yet been reached.
Currently, the problem of combating malicious information has an insufficient number of
scientific and technical solutions. The known means of detecting and counteracting malicious
information in social networks do not meet the requirements for speed, completeness, accuracy
and adequacy of decisions. This is due to several reasons, including the division of systems into
two independent modules (Figure 1): monitoring and counteraction.
In between these modules is the operator, which plays a central role. In addition, social
networks have a complex structure and contain many different messages, which is often not taken
into account when defining countermeasure targets, such as message type, message source and
COLINS-2024: 8th International Conference on Computational Linguistics and Intelligent Systems, April 12–13, 2024,
Lviv, Ukraine
spopereshnyak@gmail.com (S. Popereshnyak); viktoria.zhebka@ukr.net (V. Zhebka);
vecherkovskaia90@gmail.com (A. Vecherkovskaya
0000-0002-0531-9809 (S. Popereshnyak ) ; 0000-0003-4051-1190 (V. Zhebka); 0000-0003-2054-2715
(A. Vecherkovskaya )
© 2024 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR
ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
�other parameters. It is important to note that huge volumes of messages need to be processed in
real time and targets for countermeasures need to be identified quickly. Manually, a
countermeasure operator cannot completely stop the spread of malicious information.
Monitoring Operator Opposition
Figure 1: System modules for detecting and countering malicious information on a social
network
Consequently, the main problem in combating malicious information in social networks is
directly related to the current trends in the development of the information sphere, namely: (1)
increasing the volume of messages containing malicious information; (2) increasing the speed of
malicious information dissemination; (3) increasing the speed of message replication; (4)
increasing the speed of new sources of information dissemination in social networks; (5)
increasing the number of ways to attract the attention of the audience; (6) increasing the level of
heterogeneity; (7) increasing the number of ways to attract the audience's attention; and (8)
increasing the level of information dissemination in social networks. This requires improved
effectiveness in combating malicious information on social networks, including more rapid and
well-founded countermeasures.
Thus, the task that this study addresses - developing models, algorithms and methods to
combat malicious information in social networks - is highly relevant.
The goal of this work is to increase the effectiveness of countering malicious information in
social networks by analyzing the sources of malicious information and automating the process of
selecting countermeasures.
The theoretical significance of this work lies in its contribution to the development of
information security theory and methodology. The proposed approach makes it possible to define
scientifically sound requirements for solving problems related to analyzing the sources of
malicious information in social networks and counteracting both the message itself and its
source. In addition, the developed models, algorithms, methodology and architecture can be
included in the operator's decision support system to combat malicious information.
2. Related Works
The emergence of online social networking platforms has completely transformed how students
interact with information and one another. With the internet's ascent and the interactive nature
of online spaces, a global phenomenon known as social networking has emerged. This
encompasses a wide array of activities, ranging from the creation of virtual communities to casual
conversations and blogging. A study [1] explores the extensive utilization of Social Networking
Sites and their influence, particularly on student. The primary objective of the research [2] was
to explore the dynamics of knowledge sharing within academic social networks among university
students. The results of the study revealed a notable correlation between perceived personal
outcome expectations, perceived social expectations, and knowledge sharing among students.
As social media usage escalates, individuals using these platforms become increasingly
susceptible to their negative impacts. Detecting cyberbullying on social media platforms poses a
significant challenge, particularly due to the constant evolution of slang. Nonetheless, in the paper
[3] proposes a practical solution—an application designed to identify cyberbullying across
various social media platforms, leveraging data from Twitter and Wikipedia. The paper utilizes
Deep Learning techniques to accomplish this task effectively.
In the study [4], two prevalent algorithms for network community detection were examined:
Agglomerative Hierarchical Clustering and the Louvain Method. The research delved into their
�mechanisms, investigating and contrasting their implementation nuances and the outcomes of
their clustering behavior on a standardized dataset.
Advancements in technology have resulted in the accumulation of vast amounts of data from
diverse sources, such as biological and social networking data. Consequently, there has been
significant interest in social network analysis, given the abundance of raw datasets that can be
conceptualized using a network framework. The majority of these datasets can be represented as
social networks, characterized by a graph structure comprising actors and their relationships.
Numerous tools have been developed for social network analysis, aimed at extracting insights
from these networks. In [5], an enhanced version of NetDriller is presented, incorporating new
essential features, including the construction of social networks through data collected from
platforms like Twitter, IEEE, and DBLP.
As machine learning techniques increasingly intersect with real-world scenarios, the
application contexts for these algorithms become progressively complex. Various domains across
different fields have embraced and profited from the implementation of diverse machine learning
algorithms. This complexity is particularly pronounced within the realm of social networks [6].
Unfortunately, there are limited studies that have explored the integration of convolutional
neural networks for automating opinion discretization. In their paper [7], the authors introduce
a novel distributed architecture aimed at addressing the challenge of opinion classification
mining. With experimental results yielding high accuracy (72.99% ± 3.64), it can be inferred that
implementing the authors' proposed distributed framework for opinion discretization on
Facebook is indeed viable.
The study outlined in reference [8, 9] explores primary categories of social networks and their
respective analytical methodologies. It delves into various types of connections and scrutinizes
issues pertaining to ties within social networks. Additionally, it investigates and confirms the
correlation between graph theory principles and the analysis of social networks.
Social networks have experienced significant success in facilitating online social interaction.
However, malicious users exploit these platforms to disseminate rumors. Recent studies indicate
that integrating social applications can enhance efficiency. Regrettably, new security challenges
arise as malicious users exploit this integration to spread rumors across multiple social networks.
In paper [10], which addresses cross propagation in multilayer social networks, the S2IR2 model
is introduced to analyze the dynamics of rumor spreading.
The research [11] examines several network metrics, including modularity-based algorithms
for community detection and dsynamics within and between groups. Additionally, it explores
network measures such as Degree centrality, betweenness centrality, closeness centrality,
authority, and hub, which could correspond to essential leadership qualities such as influence,
attentiveness, communication, adaptability, dissemination of information, and social adeptness.
Social network analysis proves to be a valuable tool in addressing challenges such as money
laundering, identity theft, network fraud, cyberattacks, and similar issues. Numerous researchers
have dedicated their efforts to investigating the dynamics of social networks [12-13]. The works
[14-15] is dedicated to exploring methods for detecting and combating malicious accounts and
spammers within online social networks. The paper [16] explores countering misinformation
campaigns on social media using social network analysis, addressing challenges in identifying
and attributing campaigns, tracing information flows, and understanding spheres of influence,
ultimately proposing tactical approaches for mitigation.
3. Models and algorithm for source analysis and ranking of
countermeasures
Based on the conducted research, a set of functional and non-functional properties of
countermeasures against malicious information in social networks and requirements for
countermeasures methodology are identified.
The following properties of countering malicious information in a social network are
highlighted:
� • Responsiveness - the time it takes to counter malicious information on social media;
• validity - a set of considered parameters for the selected objects of influence and
countermeasures in the process of counteraction;
• resource consumption - the probability that the amount of resources used will not exceed
an acceptable value.
The input and output parameters for the study were determined.
Given:
DATASET ⊆ {messages, sources}, (1)
where 𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑠 – is the set of messages containing malicious information, 𝑠𝑜𝑢𝑟𝑐𝑒𝑠 – is the
set of sources of these messages.
MESSAGE = < messageURL, source, activity, messageType >, (2)
where 𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑈𝑅𝐿 is the address of the post on the social network, 𝑠𝑜𝑢𝑟𝑐𝑒 is the source of
the post, 𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑇𝑦𝑝𝑒 is the post type (post, comment, or reply to a comment), and 𝑎𝑐𝑡𝑖𝑣𝑖𝑡𝑦𝑦 is
the characteristics of the post.
SOURCE = < sourceID, sourceURL >, (3)
where 𝑠𝑜𝑢𝑟𝑐𝑒𝐼𝐷 is the source's unique identifier, 𝑠𝑜𝑢𝑟𝑐𝑒𝑈𝑅𝐿 is the source's social media
address.
ACTIVITY =< countLike, countRepost, countView, countComment >, (4)
where 𝑐𝑜𝑢𝑛𝑡𝐿𝑖𝑘𝑒 is the number of "like" marks, 𝑐𝑜𝑢𝑛𝑡𝑅𝑒𝑝𝑜𝑠𝑡 is the number of "reposts"
(copies with a link to the source), 𝑐𝑜𝑢𝑛𝑡𝑉𝑖𝑒𝑤 is the number of views, and 𝑐𝑜𝑢𝑛𝑡𝐶𝑜𝑚𝑚𝑒𝑛𝑡 is the
number of comments.
Required Finding:
DATASET_MAX ⊆ {messages_max, sources_max}, (5)
where 𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑠_𝑚𝑎𝑥 is the set of messages (𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑠) that will have the highest 𝑎𝑐𝑡𝑖𝑣𝑖𝑡𝑦
characteristics compared to other messages in the set 𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑠, and 𝑠𝑜𝑢𝑟𝑐𝑒𝑠_𝑚𝑎𝑥 is the set of
sources (𝑠𝑜𝑢𝑟𝑐𝑒𝑠) that are associated with the maximum number of messages (𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑠) in the
set 𝑚𝑒𝑠𝑠𝑎𝑔𝑒𝑠_𝑚𝑎𝑥.
The objective of the study is to develop:
1. malicious information models based on the social network model and source.;
2. a set of algorithms for analyzing sources of malicious information in social networks
and ranking countermeasures.
3. techniques for countering malicious information on social media;
4. architecture and software prototypes of the components of a system for countering
malicious information in social networks.
The aim of the research is to improve the effectiveness of countering malicious information in
social networks. In this paper, the effectiveness indicator is defined through the indicator of
validity, as well as considering the requirements for efficiency and resource consumption.
Based on the models of social network and malicious information source, a theoretical-
multiple model of malicious information in a social network is developed, which includes such
basic elements as:
• information object 𝐼𝑂 (from English information object),
• 𝑇 information threat attribute (from the English threat),
• 𝑀𝐼𝑂 malicious information object,
• An information threat attribute contained in a malicious information object 𝑇𝑜𝑘𝑒𝑛
(token),
• discrete feature of an information object 𝐹𝑒𝑒𝑎𝑡𝑢𝑟𝑒 (from English feature)
• connections between objects.
The set-theoretic model is formally represented as follows:
𝐼𝑂 = {𝑖𝑜}; 𝑀𝐼𝑂 = {𝑖𝑜}; 𝑀𝐼𝑂𝑖 = {𝑖𝑜}, (6)
𝑀𝐼𝑂 ⊂ 𝐼𝑂; ∀ 𝑖𝑜 ∈ 𝑀𝐼𝑂: 𝑖𝑜 ∈ 𝐼𝑂,
𝑀𝐼𝑂𝑖 ⊆ 𝑀𝐼𝑂; ∀ 𝑖𝑜 ∈ 𝑀𝐼𝑂𝑖 ∶ 𝑖𝑜 ∈ 𝑀𝐼𝑂,
𝑇𝑜𝑘𝑒𝑛𝑚𝑖𝑜𝑖 ⊂ 𝑇; 𝑇𝑜𝑘𝑒𝑛𝑚𝑖𝑜𝑖 = {𝑡},
𝐶ℎ𝑒𝑐𝑘𝐹𝑒𝑎𝑡𝑢𝑟𝑒(𝑖𝑜, 𝑡) = {𝑇𝑟𝑢𝑒; 𝐹𝑎𝑙𝑠𝑒},
� 𝑖𝑜 ∈ 𝑀𝐼𝑂𝑖 ⇔ ∃ 𝑇𝑜𝑘𝑒𝑛𝑚𝑖𝑜𝑖 : 𝑐ℎ𝑒𝑐𝑘𝐹𝑒𝑎𝑡𝑢𝑟𝑒 (𝑖𝑜, 𝑡) = 𝑇𝑟𝑢𝑒,
where 𝐼𝑂 – is a set of information objects, 𝑖𝑜1 – is a single information object, 𝑇 – is a set of all
possible attributes of an information threat, 𝑡𝑛 – is a single attribute, 𝑀𝐼𝑂 – is a set of malicious
information (a set of malicious information objects), 𝑀𝐼𝑂𝑖 – is a separate class of malicious
information, 𝑇𝑜𝑘𝑒𝑛𝑚𝑖𝑜𝑖 – a set of attributes characterizing 𝑀𝐼𝑂.
To form a set of attributes of malicious information, consider an information and attribute
model that includes the following elements:
1. information threat - specified by the countermeasure system operator;
2. malicious information in the social network - specified by the countermeasure system
operator by forming a set of keywords;
3. information features forming the set of all possible features.
The developed set of models of social network, source and malicious information contains new
classes and attributes of objects, new relations between them, and also allows to form
requirements to algorithms for analyzing and evaluating sources and choosing countermeasures.
The set of algorithms for analyzing malicious information sources and ranking
countermeasures (Fig. 1) consists of:
1. an algorithm for ranking sources by potential,
2. of the source estimation algorithm,
3. an algorithm for sorting the objects of influence,
4. a ranking algorithm for countermeasures.
Figure 2: Schematic of a set of algorithms for analyzing sources and ranking countermeasures
The formal notation of the complex of source analysis and countermeasure ranking is as
follows:
Z = SC → max , (7)
� 𝑓1 (𝑆) → 𝐼𝑝𝑆 = {0,1,2},
𝐼𝑖
𝑓2 (𝑆) → 𝐼𝑖𝑆 [0,1,2], (𝐼𝑖 = ),
max 𝐼+1
𝑆
𝑓3 (𝑆) → 𝐼𝑝𝑟 = 𝐼𝑝𝑆 + 𝐼𝑖𝑆 = [0, 4], (8)
|𝐾𝐶| |𝐾𝐶 |
𝑐𝑤𝑥 ∙ ∑𝑖=1 𝑤𝑖 ∙ (∑𝑗=1𝑖 (𝑐𝑝𝑥,𝑖,𝑗 ∙ 𝑙𝑐𝑥,𝑖,𝑗 ))
𝑓(𝐶) → 𝑐𝑜𝑚𝑝𝑙𝑒𝑥𝑖𝑡𝑦(𝑐𝑥 ) = , 𝑓(𝑐) → (0; 1]
100 ∙ |𝐾𝐶|
where: 𝑆 - source, 𝐶 - countermeasure, 𝑓1(𝑆) - source potential index (𝐼𝑝𝑆 ) is equal to 0, 1, 2
depending on the number of messages in the analyzed dataset belonging to the source. It is
calculated using the "source potential ranking algorithm". 𝑓2(𝑆)- source influence index (𝐼𝑖𝑆 ),
whose value is between 0 and 2. The calculation of the inferentiality index follows the "source
evaluation algorithm". 𝑓3(𝑆) is the priority of the source (𝐼𝑝𝑟 𝑆
) as an influence object in the
analyzed dataset. The "impact object sorting algorithm" is applied to obtain the value. 𝑓(𝐶) -
ranked countermeasures based on their complexity. The ranking is done according to the
countermeasure ranking algorithm.
At the output of the set of algorithms, lists of target-countermeasure pairs are generated, with
the following rules for selecting objects of influence as targets (𝑡𝑎𝑟𝑔𝑒𝑡):
{𝑠𝑜𝑢𝑟𝑐𝑒 ∈ 𝑇𝐴𝑅𝐺𝐸𝑇 | 𝐼𝑝𝑟 𝑠
≅ 𝑚𝑎𝑥} , (9)
𝑠
{𝑚𝑒𝑠𝑠𝑒𝑔𝑒 ∈ 𝑇𝐴𝑅𝐺𝐸𝑇 | 𝐼𝑝𝑟 ≅ 𝑚𝑖𝑛} , (10)
where 𝑇𝐴𝑅𝐺𝐸𝑇 is the set of objects of influence.
The developed set of algorithms for analyzing sources of malicious information and ranking
countermeasures differs from existing analogues by taking into account such attributes as source
potential, user activity on the source page, and the number of views of messages with malicious
information. The algorithm for ranking countermeasures differs from analogs by taking into
account coefficients and complexity levels for each countermeasure. At the same time, the
developed set of algorithms allows to form the requirements to the methodology of counteraction
to malicious information and is the basis for the counteraction system.
4. Methodology for countering malicious information in social
networks
Let's consider the methodology of countering malicious information in a social network. The
methodology for countering malicious information in a social network consists of two stages: (1)
the customization stage and (2) the exploitation stage. The operation stage of the technique
consists of 3 steps and is presented in Figure 2.
At the same time, the customization stage of the technique consists of two steps:
Step 1. "Query system customization", in which the operator defines information threats and
their attributes, and the countermeasure system generates and stores lists of threats and their
attributes.
Step 2. "Countermeasure ranking", in which the operator selects available implementation
agents, and the system generates and saves lists of available implementation agents.
Next, the operator selects the available countermeasures, the system generates a list of
countermeasures and selects the complexity coefficients of countermeasures based on expert
judgment, then the system generates and saves the list of ranked countermeasures.
The outputs of the methodology are:
1. possible information threats, attributes, countermeasures and their coefficients,
available agents of countermeasure realization;
2. different parameters of impact objects, according to which the operator distributes his
attention and the order of decision making on countermeasures;
3. formed target-countermeasure pairs to counter malicious information in social
networks through available realization agents.
The developed methodology differs from the known ones by using the author's algorithms for
analyzing sources and ranking countermeasures, which increases the validity of decision making
�about countering the target and choosing a countermeasure and reduces the operator's work
time in the process of countering malicious information in the social network.
Actions of the Components of
Actions of countermeasures countermeasures External
operator system system systems
1. Data Collection Request
Begin Loading data from
social networks
Messages Collection and
Selection of an
Requesting semantic analysis
information threat and Sources
and system
its information
characteristics receiving Options
information
Starting a Component of
request to visualization
Generating the
collect initial data set
information Shared data storage
2. Ranking and sorting of impact targets
Ranking of sources Analysis and sorting
by potential of impact objects
Source options
Evaluation of
sources Parameters of
impact objects
Sorting of impact
objects Shared data storage
Component of
visualization
3.Counteracting a malicious operation
Component of
Adjustment of lists Formation of lists of
Countermeasures
of impact objects impact objects with
parameters Databases of
ranked
Pair adjustment: target- Pair formation: target-
countermeasures
countermeasure countermeasure
Databases of
implementation
Starting a Starting a agent
Counter- Counter-
measures measures
Shared data storage
Displaying results
and saving data Component of Implementation
visualization agents
Generating a
report Component of
implementation
Social
End
network
Figure 3: Representation of a methodology for countering malicious information at the
operational stage
5. Architecture of a system for countering malicious information in
social networks
The architecture and software prototypes of the components of the anti-malware system are
presented in Figure 3.
�Figure 4: Architecture of the system of counteraction to malicious information in social
networks stage
The architecture includes three levels:
1. management level (management component (flow and request management),
visualization component (reporting));
2. content evaluation level (source analysis and evaluation component, SQL server and
database);
3. the level of countermeasure implementation (countermeasure selection component
and countermeasure implementation component).
Elements of the architecture are implemented as software prototypes:
1. a software prototype of a social network source analysis and evaluation component
that includes a source ranking algorithm, a source evaluation algorithm, and an impact
object sorting algorithm;
2. a software prototype of a countermeasure selection component that includes a
countermeasure ranking algorithm, an expert judgment algorithm for generating
coefficients;
3. a software prototype of the Information Threat and Countermeasure Database
(DBITandC), which contains information on countermeasures against malicious
information in the social network, the types of information objects to which
countermeasures may be applicable, and the implementation agents through which
countermeasures may be implemented.
6. Experiment
The experimental evaluation was carried out in several stages. First, the developed software
prototypes and components were evaluated, then the operator's work time when countering
malicious information without using a technique, and the operator's work time using a technique,
were experimentally assessed. Resource consumption was assessed based on the data obtained
in the two previous stages.
� For experimental evaluation, data from the social network were collected, time measurements
of the complex algorithms of source analysis and countermeasure ranking were made, CPU and
RAM load indicators were obtained.
The information threat was chosen the dataset that contained to one of 19 categories: Adult
English, Beer, Casino, Cigarette, Cigars, Cults, Dating, Religious, Marijuana, Occults, Prescription
drugs, Racist groups, Religion, Spirits, Sport betting, Violence, Wine, Weapon, Other.
15,132 messages were collected from social networks, including posts, comments, and replies
to comments. For each message, information was collected on the number of likes, comments,
reposts, views, and information with the name of the source was obtained (Fig. 5). The data was
obtained in csv format and converted into an excel workbook.
Figure 5: Example of experimental data set
Next, the large data set was divided into 10 small sets of 1000 messages each. Each small set
was analyzed and ranked using a software prototype component for analysis and evaluation of
sources in social networks, the following results and characteristics were obtained (Table 1,
Table 2).
Table 1
Results of analysis and sorting of impact objects
Target2 (Objects Target3
Data set Target1 (Source)
for the operator) (MessageURL)
1 11 96 570
2 14 87 553
3 10 81 598
4 9 58 588
5 5 82 617
6 4 55 627
7 2 12 661
8 2 21 631
9 1 32 673
10 13 105 568
In the Target1 column, Source is recommended as the object of influence and shows the
number of sources with high priority for counteraction, which own 334 messages out of 1000 for
1 data set, 360 messages out of 1000 for the second, etc. The Target2 column shows the number
of messages that have medium priority and require additional evaluation by the operator. 118
Column Target3 recommends MessageURL as the target and shows the number of such low
priority messages for each set. Thus, the sequence of the operator’s work according to the results
obtained is as follows (for the 1st data set): 1) the operator needs to agree on 11 objects of
influence (sources) with high priority to counter them; 2) the operator needs to analyze 96
objects of influence, taking into account all characteristics (number of comments, likes, views,
reposts, activity index, viewability index, potential, influence index); 3) check 570 targets last,
�due to their low priority for counteraction. An experimental evaluation of a set of algorithms
showed the efficiency of the approach to analyzing and sorting objects of influence.
Table 2
Results of an experimental assessment of the performance characteristics of a software prototype of
a component for analysis and evaluation of sources in social networks
Time in seconds for Additional load on Additional memory
Data set
the algorithm the CPU load
1 42.53 25 % 512 Mb
2 40.86 22 % 512 Mb
3 41.07 28 % 128 Mb
4 41.19 24 % 300 Mb
5 41.71 29 % 100 Mb
6 41.11 22 % 128 Mb
7 40.63 28 % 212 Mb
8 40.68 22 % 300 Mb
9 42.49 21 % 410 Mb
10 41.07 28 % 512 Mb
Next, an experimental evaluation of the countermeasure ranking algorithm was carried out.
At the beginning, a list of countermeasures dependent on implementation agents was compiled.
Then 10 experts were invited to participate in the experiment and were sent a voting
questionnaire completed in the Google Forms service.
At the first stage of voting, experts assessed the possibility of using countermeasures to
counter malicious information on social networks. Then a summary table was sent to the experts
for the next vote, in which for each specified value the experts gave difficulty ratings from 1 to 10.
The following results were obtained at the output (Table 3, 10 lines out of 35).
Table 3
Result of expert assessment of countermeasures and their subsequent ranking
Method of impact Type of impact
Comp-
Countermeasure Positive Negative Neutral Auto Automated Manual
lexity
2 1 3 1 2 3
Message Notification 1 0 0 0 0 1 4
Source Notice 1 0 0 0 0 1 4
Blocking a message in
0 1 0 1 0 0 6
the browser
Blocking the source in
0 1 0 1 0 0 6
the browser
Blocking a message via
0 1 0 1 0 0 6
antivirus
Blocking the source via
0 1 0 1 0 0 6
antivirus
Blocking a message
through the operating 0 1 0 1 0 0 6
system
Blocking the source
through the operating 0 1 0 1 0 0 6
system
Blocking a message via a
0 1 0 1 1 0 8
social network
Blocking a source via a
0 1 0 1 1 0 8
social network
� As a result of the experiment, countermeasures were ranked taking into account the
coefficients and levels of complexity for each countermeasure.
7. Results of experimental and theoretical evaluation of the
methodology
For experimental evaluation, data from the social network were collected, time measurements of
the complex algorithms of source analysis and countermeasure ranking were made, CPU and RAM
load indicators were obtained. Further, research and experiments were conducted to form the
initial data, it was found out that the most costly process in terms of operability is the operator
work time at the stage of setting up the methodology at the 1st, 4th step at the stage of operation
of the methodology. To evaluate the indicator of operator's work time to make a decision on
counteraction with and without the methodology, experiments were conducted, in which 10
experts participated. According to the results of the experimental evaluation of operability, the
probability of performing the technique in a given time was calculated, which is 𝑃operability (𝑇𝑚 ≤
acceptable
𝑇 𝑎𝑑𝑑𝑖𝑡𝑖𝑜𝑛𝑎𝑙 ) = 0,9942, which meets the requirements (𝑃operability = 0.99) for responsiveness.
Resource consumption was assessed using a number of specific indicators typical for step 2 of
the operation phase of the social network anti-malware technique. CPU load, RAM utilization, and
operator work time were considered. It is shown that the resource utilization estimate meets the
acceptable
requirements 𝑃res (𝑟 ≤ 𝑅 acceptable ) ≥ 𝑃res , where 𝑃res is the probability that the resources
𝑟, spent on countering malicious information according to the methodology do not exceed the
acceptable
acceptable value 𝑅 acceptable = 75%, 𝑃res is the acceptable probability value.
As part of the theoretical evaluation, the validity indicators for the developed methodology
were compared with analogs, such as the solutions of Zerofox, ESET, Ithreat Cyber Group Inc. and
others. It is shown that the developed methodology considers a larger number of parameters for
the selected objects of influence and countermeasures in the course of countering malicious
information in the social network, while meeting the requirements for other properties.
Compared to analogs, the number of parameters taken into account when using the technique is
larger, such that 𝑁𝑝𝑎𝑟𝑎𝑚
𝑀 𝑆
> 𝑚𝑎𝑥𝑁𝑝𝑎𝑟𝑎𝑚 , where 𝑁𝑝𝑎𝑟𝑎𝑚
𝑀
– is the number of considered parameters
for the technique, 𝑚𝑎𝑥𝑁𝑝𝑎𝑟𝑎𝑚 – is the maximum number of considered parameters for analogs.
𝑆
At that 𝑁𝑝𝑎𝑟𝑎𝑚
𝑀
= 12, 𝑚𝑎𝑥𝑁𝑝𝑎𝑟𝑎𝑚
𝑆
= 8.
8. Discussions
A comparative analysis of the developed methodology with known methods in terms of the
functionalities used, such as:
• A - possibility to form tasks of message collection and analysis for the monitoring system;
• B - the ability to customize the available countermeasures in the system;
• B- the ability to analyze the sources of messages in the resulting dataset;
• D - possibility of ranking and sorting the objects of influence in the obtained dataset;
• E - the ability to rank and sort the available countermeasures from the countermeasure
database for each dataset;
• G - the ability to select the target of influence for counteraction.
The results are shown in Table 4 (the following designations and scores are used: "+" -
presence of the parameter in the work (1 point); "+/-" - partial compliance with the parameter
(0.5 points); "-" - absence of the parameter (0 points).
The analysis of the results of comparing the methodology for countering malicious
information in social networks with analogs allows us to draw the following conclusions. First,
none of the techniques, except for the proposed one, satisfies all functional requirements at the
same time. Second, all techniques allow ranking countermeasures to a greater or lesser extent.
Third, the parameters of messages, sources, countermeasures are considered only in the
�proposed methodology and in the solution from Creopoint Inc. Fourth, the lag of the closest
analogs from the proposed methodology ranges from 1.5 points to 4 points. That is, the proposed
method wins over the closest analogs.
Table 4
Comparison of the developed method with known analogues
Methodology for countering Parameters
malicious information on social А B С D E F Rating
networks
Zerofox Inc. “Brand Protection” + + + - +/- +/- 4
ESET Internet Security - - + - +/- +/- 2
Ithreat Cyber Group Inc - + - - +/- - 1,5
Creopoint Inc. + + + +/- +/- +/- 4,5
AVG Internet Security + + - - +/- +/- 3
Developed methodology + + + + + + 6
Thus, the results obtained in the work allow us to assert the achievement of higher efficiency
of the developed methodology compared to the known ones, which proves the realization of the
final goal of the study - to increase the effectiveness of countermeasures against malicious
information by analyzing the sources of malicious information and automating the choice of
countermeasures.
9. Conclusions
The rise of the Internet poses a substantial risk to both personal and state data security.
Consequently, the detection and mitigation of unsuitable content circulating on the worldwide
web emerge as a matter of national significance.
The proposed models, algorithms, methodology and architecture, as well as their practical
implementation together provide a solution to the actual scientific and technical problem of
improving the effectiveness of countering the spread of malicious information in social networks.
The results of the work constitute the following research outcomes:
1. A set of models of social network, source and malicious information is proposed, which
differs from the existing analogs by the possibility of simultaneous consideration of the structure
of information exchange in the social network, sources and malicious information.
2. A set of algorithms for analyzing malicious information sources and ranking
countermeasures has been developed, which, unlike existing algorithms, takes into account
connections and dependent attributes of objects in the social network, such as source potential,
user activity on the page, number of message views, etc. The algorithms for ranking
countermeasures take into account coefficients and complexity levels of each countermeasure.
Countermeasure ranking algorithms take into account coefficients and difficulty levels for each
countermeasure.
3. A methodology of countermeasures against malicious information in a social network is
proposed, focused on automatic and automated selection of objects of influence and
countermeasures against malicious information from a list of ranked countermeasures.
4. The architecture and program components of the system of countermeasures against
malicious information are developed, which differs from existing architectures in that it supports
ranking and selection of countermeasures available to the operator in the system for malicious
information specified by the operator. The architecture contains original components for
analyzing and evaluating the source of malicious information, a database with information on
countermeasures for malicious information in social networks.
As recommendations for further development of the topic are to expand the class of algorithms
for analyzing the behavior of sources and authors of messages, algorithms for analyzing the
dissemination of information in a social network, integration of automatic and automated
countermeasures mechanisms into existing architectures and systems.
� References
[1] Z. A. Shanaa, K. M. Naser, M. Abualrish, E. A. Zaitoun and J. Yousef. "Effects of Social
Networking Sites on the Academic Performance of Graduate Students," Tenth International
Conference on Social Networks Analysis, Management and Security (SNAMS), Abu Dhabi,
United Arab Emirates(2023): 1-6. doi: 10.1109/SNAMS60348.2023.10375420
[2] A. Kaba, S. Eletter and G. A. E. Refae, "Knowledge Sharing Through Academic Social
Networking: The Impact of Personal and Social Outcome Expectations," Tenth International
Conference on Social Networks Analysis, Management and Security (SNAMS), Abu Dhabi,
United 3Arab Emirates (2023): 1-7. doi: 10.1109/SNAMS60348.2023.10375418
[3] M. Mahat. "Detecting Cyberbullying Across Multiple Social Media Platforms Using Deep
Learning," International Conference on Advance Computing and Innovative Technologies in
Engineering (ICACITE), Greater Noida, India(2021): 299-301. doi:
10.1109/ICACITE51222.2021.9404736
[4] N. Motschnig, A. Ramharter, O. Schweiger, P. Zabka and K. -T. Foerster. "On Comparing and
Enhancing Two Common Approaches to Network Community Detection," 2021 IEEE Global
Communications Conference (GLOBECOM), Madrid, Spain(2021): 1-6. doi:
10.1109/GLOBECOM46510.2021.9685248
[5] S. Afra, T. Özyer, J. Rokne and R. Alhajj. "NetDriller-V3: A Powerful Social Network Analysis
Tool," 2022 IEEE/ACM International Conference on Advances in Social Networks Analysis
and Mining (ASONAM), Istanbul, Turkey(2022): 570-574. doi:
10.1109/ASONAM55673.2022.10068570
[6] D. Oreški, I. Pihir and D. Višnjiű. "Comparative Analysis of Machine Learning Algorithms on
Data Sets of Different Characteristics for Digital Transformation," 2023 46th MIPRO ICT and
Electronics Convention (MIPRO), Opatija, Croatia(2023): 1428-1433, doi:
10.23919/MIPRO57284.2023.10159910
[7] H. Xuan Huynh, V. T. Nguyen, N. Duong-Trung, V. -H. Pham and C. T. Phan. "Distributed
Framework for Automating Opinion Discretization From Text Corpora on Facebook," in IEEE
Access, vol. 7(2019): 78675-78684. doi: 10.1109/ACCESS.2019.2922427
[8] S. Popereshnyak, O. Suprun, Tools and methods for intersubjective relationships in
cyberspace forecasting, Proceedings of the 12th International Scientific and Technical
Conference on Computer Sciences and Information Technologies, CSIT ’2017, Lviv, Ukraine,
2017, pp. 244-247. doi:10.1109/STC-CSIT.2017.8098779.
[9] S. Popereshnyak, I. Yurchuk, Social networks: Analysis, algorithms and their implementation,
CEUR Workshop Proceedings, 2870, 2021, pp. 811–821.
[10] Q. Han, M. Gu, L. You, F. Miao, Rumor, Spreading with Cross Propagation in Multilayer Social
Networks, Proceedings of the Intl Conf on Parallel & Distributed Processing with
Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social
Computing & Networking, ISPA/BDCloud/SocialCom/SustainCom ’2019, Xiamen, China,
2019, pp. 1641-1645. doi: 10.1109/ISPA-BDCloud-SustainCom-
SocialCom48970.2019.00242.
[11] S. Garg, T. Gandhi, B. Panigrahi, Social Network measures association with social and
intelligent behaviors in Dolphin network, Proceedings of the 11th International Conference
on Cloud Computing, Data Science & Engineering, Confluence ’2021, Noida, India, 2021, pp.
655-659. doi: 10.1109/Confluence51648.2021.9377088.
[12] F. Long, N. Ning, C. Song, B. Wu, Strengthening Social Networks Analysis by Networks Fusion,
Proceedings of the ACM International Conference on Advances in Social Networks Analysis
and Mining, ASONAM ’2019, Vancouver, BC, Canada, 2019, pp. 460-463. doi:
10.1145/3341161.3342939.
[13] S. A. Bitaghsir, S. Kashipazha, A. Dadlani, A. Khonsari, Social-aware Mobile Road Side Unit for
Content Distribution in Vehicular Social Networks, in: Proceedings of the 2019 IEEE
Symposium on Computers and Communications, ISCC ’2019, Barcelona, Spain, 2019, pp. 1-6,
doi: 10.1109/ISCC47284.2019.8969669.
�[14] Kayode Sakariyah Adewole, Nor Badrul Anuar, Amirrudin Kamsin, Kasturi Dewi Varathan,
Syed Abdul Razak. ”Malicious accounts: Dark of the social networks.”Journal of Network and
Computer Applications, Volume 79(2017): 41-67.
https://doi.org/10.1016/j.jnca.2016.11.030.
[15] Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna, Detecting spammers on social
networks, in Proceedings of the 26th Annual Computer Security Applications Conference
(ACSAC '10). Association for Computing Machinery, New York, NY, USA, 2010, pp. 1–9.
https://doi.org/10.1145/1920261.1920263
[16] A. Bargar, S. Pitts, J. Butkevics and I. McCulloh, "Challenges and Opportunities to Counter
Information Operations Through Social Network Analysis and Theory," 11th International
Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 2019, pp. 1-18. doi:
10.23919/CYCON.2019.8756832.
[17] Jain, A.K., Sahoo, S.R. & Kaubiyal, J. “Online social networks security and privacy:
comprehensive review and analysis”. Complex Intell. Syst. 7, (2021): 2157–2177.
https://doi.org/10.1007/s40747-021-00409-7
[18] Umit Can, Bilal Alatas. ”A new direction in social network analysis: Online social network
analysis problems and applications.” Physica A: Statistical Mechanics and its Applications,
Volume 535(2019). https://doi.org/10.1016/j.physa.2019.122372.
�