Detecting reputation manipulation among browser extensions

Abstract

A common practice on platforms today is implementing a review system where the users can recommend products or warn other users of potential faults. With this, a rise of malicious actors abusing the system to favor their products follow. In this study, We examine user reviews with novel methodologies to detect reputation manipulation. We build a modular framework incorporating multi-step processes, including data crawling, indexing, filtering, processing, and classification. The methods include Aggregated Time Window (ATW), Co-author Analysis (COA), Written ratio, and Spam detection. Each of the methods is designed to uncover different patterns of manipulation. For example, our novel method ATW targets fake accounts and coordinated review campaigns by linking reviews posted within close temporal proximity. On the other hand, the COA method identifies connections between users who frequently review the same extensions, detecting coordinated review campaigns and incentivized reviews. Ultimately, the aim is to detect and cluster reputation manipulation, which could be used in various ways. One use case is exploring the results to find malicious extensions, which could be done by exploring the results and analyzing the top-scoring extensions. The cluster results could also be traversed to find similar extensions to already known malicious extensions, providing clusters of malicious extensions.