BotHunter: An Approach to Detect Software Bots in GitHub
Bots have become popular in software projects as they play critical roles, from running tests to fixing bugs/vulnerabilities. However, the large number of software bots adds extra effort on practitioners and researchers to distinguish human accounts from bot accounts to avoid bias in data-driven studies. Researchers developed several approaches to identify bots at specific activity levels (issue/pull request or commit), considering a single repository, and disregarding features that were shown to be effective in other domains. To address this gap, we propose using a machine learning based approach to identify the bot accounts regardless of their activity level. We extracted 19 features related to the account’s profile information, activities, and comment similarity. Then, we evaluated the performance of five machine learning classifiers using a dataset that has more than 5,000 GitHub accounts. Our results show that the Random Forest classifier performs the best with an F1-score of 92.4% and AUC of 98.7%. Furthermore, the account profile information (e.g., account login) are the most important features to identify the account type. Finally, we compare the performance of the Random Forest classifier to the state-of-the-art approaches, and our results show that our Random Forest model outperforms the state-of-the-art techniques in identifying the account types regardless of their activity level.