Coordinated Reply Attacks in Influence Operations: Characterization and Detection

TL;DR

This paper analyzes coordinated reply attacks in influence operations on Twitter, characterizes their targets, and develops machine learning models to detect both targeted tweets and involved accounts with high accuracy.

Contribution

It introduces the first characterization of reply attacks in influence campaigns and proposes supervised models for their detection, achieving high classification performance.

Findings

Reply attacks mainly target influential figures like journalists and politicians.

The proposed models achieve AUC scores of 0.88 for tweet classification and 0.97 for account classification.

Detected accounts involved in reply attacks can serve as indicators for influence operations.

Abstract

Coordinated reply attacks are a tactic observed in online influence operations and other coordinated campaigns to support or harass targeted individuals, or influence them or their followers. Despite its potential to influence the public, past studies have yet to analyze or provide a methodology to detect this tactic. In this study, we characterize coordinated reply attacks in the context of influence operations on Twitter. Our analysis reveals that the primary targets of these attacks are influential people such as journalists, news media, state officials, and politicians. We propose two supervised machine-learning models, one to classify tweets to determine whether they are targeted by a reply attack, and one to classify accounts that reply to a targeted tweet to determine whether they are part of a coordinated attack. The classifiers achieve AUC scores of 0.88 and 0.97, respectively. These results indicate that accounts involved in reply attacks can be detected, and the targeted accounts themselves can serve as sensors for influence operation detection.