Design a Bot Post Detection ML Pipeline — Meta

Problem Statement

You're tasked with building a real-time spam detection system for a social media platform that processes millions of posts, comments, and messages daily. The system must identify and flag various types of spam including promotional content, phishing attempts, coordinated inauthentic behavior, and automated bot activity. The platform currently struggles with sophisticated spam rings that mimic human behavior patterns and adapt to simple rule-based filters.

Your solution needs to balance accuracy with performance, minimizing false positives that could frustrate legitimate users while catching the majority of spam before it reaches end users. The system should support continuous learning as spam tactics evolve and integrate seamlessly with existing content moderation workflows.

Key Requirements

Functional

Real-time Classification -- detect spam in posts, comments, and messages as they're submitted, typically within 100-200ms
Multi-Signal Analysis -- incorporate content features, user behavioral patterns, network relationships, and temporal dynamics
Adaptive Learning -- continuously update models based on new spam patterns and moderator feedback
Confidence Scoring -- provide probability scores to enable tiered response strategies (auto-remove, shadow-ban, flag for review)
Explainability -- surface key features that triggered spam classification for moderation teams

Non-Functional

Scalability -- handle 50,000+ content submissions per second during peak hours
Reliability -- maintain 99.95% uptime with graceful degradation when ML services are unavailable
Latency -- p95 inference latency under 150ms, p99 under 300ms
Accuracy -- achieve 95%+ precision with 85%+ recall, false positive rate below 0.5%

What Interviewers Focus On

Based on real interview experiences, these are the areas interviewers probe most deeply:

1. Feature Engineering and Signal Selection

Understanding which signals effectively distinguish spam from legitimate content is critical. Interviewers want to see you think beyond simple keyword matching to behavioral and network-based features.

Hints to consider:

Content features (text patterns, links, media fingerprints) versus behavioral features (posting frequency, interaction patterns)
Graph-based features that detect coordinated networks of spam accounts
Temporal patterns like burst posting or activity during suspicious hours
Device and session fingerprints to identify automated behavior

2. Online vs Offline Learning Architecture

The balance between real-time inference and model training is crucial for adapting to evolving spam tactics while maintaining low latency.

Hints to consider:

Separate hot path (real-time inference) from cold path (batch feature computation and model training)
Feature stores to precompute expensive features offline while keeping inference fast
Online learning approaches for rapid adaptation versus periodic batch retraining
A/B testing framework to safely deploy model updates and measure impact

3. Handling Class Imbalance and Labeling

Spam is typically a small percentage of total content, creating severe class imbalance. Obtaining high-quality labels is expensive and time-consuming.

Hints to consider:

Sampling strategies for training data (undersampling majority class, oversampling minority, SMOTE)
Active learning to prioritize which examples humans should label
Combining explicit moderator labels with implicit signals (user reports, content removal)
Ensemble methods that combine multiple models trained on different data distributions

4. Multi-Stage Detection Pipeline

A single model often can't balance speed, accuracy, and cost. Most production systems use cascaded filtering approaches.

Hints to consider:

Lightweight rule-based pre-filters to catch obvious spam at minimal compute cost
Fast shallow models (logistic regression, small trees) for initial screening
Complex deep learning models reserved for borderline cases
Post-processing heuristics and reputation scores to adjust final decisions

5. Feedback Loops and Model Monitoring

Spam detection systems can create their own feedback loops where model predictions influence what data gets labeled, potentially degrading performance over time.

Hints to consider:

Monitoring precision/recall across different content types and user segments
Detecting concept drift when spam tactics evolve
Ensuring training data represents the full distribution, not just flagged content
Hold-out sets from earlier time periods to measure temporal generalization

Suggested Approach

Step 1: Clarify Requirements

Start by understanding the scope and constraints:

What types of content need spam detection (posts, comments, direct messages, profile updates)?
What's the current volume and growth trajectory?
What's the acceptable false positive rate for different content types?
Are there regulatory requirements around content moderation and appeals?
What existing systems need integration (content delivery, user notifications, moderation dashboards)?
What's the cost tolerance for compute resources (inference and training)?

Step 2: High-Level Architecture

Sketch the major components:

Ingestion Layer: Message queues to buffer incoming content and decouple submission from classification
Feature Pipeline: Real-time feature extraction (content analysis) plus batch-computed features (user history, graph features)
Inference Service: Multi-stage classifier with rule engine → fast ML model → complex ML model
Action Engine: Applies decisions based on confidence scores (block, shadow-ban, flag for review)
Feedback Loop: Collects moderator decisions and user appeals to continuously improve models
Training Pipeline: Offline system for feature engineering, model training, validation, and deployment

Discuss data flow: Content → Feature Extraction → Model Inference → Action → Feedback Collection → Model Update

Step 3: Deep Dive on Feature Engineering and Model Architecture

Walk through your ML approach in detail:

Feature categories:

Text features: n-grams, embeddings, linguistic patterns, sentiment, toxicity scores
Media features: image hashes, OCR text extraction, NSFW detection
User features: account age, follower/following ratios, historical violation rates
Behavioral features: posting velocity, geographic diversity, interaction patterns
Network features: cluster coefficients, connection to known spam accounts

Model architecture:

Start with gradient boosted trees (XGBoost/LightGBM) as a strong baseline with good interpretability
Consider transformer-based models for text understanding if latency budget allows
Discuss ensemble approaches combining multiple specialized models
Address how to handle different content modalities (text, images, videos)

Training strategy:

Explain train/validation/test splits with temporal holdout for realistic evaluation
Discuss handling class imbalance through weighted loss functions or sampling
Explain hyperparameter tuning and model selection process

Step 4: Address Scalability and Operational Concerns

Cover how the system scales and operates in production:

Scalability: Partition inference workload across content type or hash of user ID. Use model serving frameworks (TensorFlow Serving, TorchServe) with auto-scaling based on queue depth. Cache expensive features like user reputation scores.

Latency optimization: Implement timeout-based fallbacks where if complex model exceeds latency budget, fall back to fast model decision. Batch inference requests where possible without exceeding latency SLAs.

Monitoring: Track model metrics (precision/recall/F1) by content type, user segment, and time window. Alert on sudden changes in prediction distribution. Monitor feature drift and data quality issues.

Adversarial robustness: Discuss how spammers will adapt and how to detect evasion attempts. Explain importance of not exposing exact features that triggered classification to prevent gaming the system.

Problem Statement

Key Requirements

Functional

Real-time Classification -- detect spam in posts, comments, and messages as they're submitted, typically within 100-200ms
Multi-Signal Analysis -- incorporate content features, user behavioral patterns, network relationships, and temporal dynamics
Adaptive Learning -- continuously update models based on new spam patterns and moderator feedback
Confidence Scoring -- provide probability scores to enable tiered response strategies (auto-remove, shadow-ban, flag for review)
Explainability -- surface key features that triggered spam classification for moderation teams

Non-Functional

Scalability -- handle 50,000+ content submissions per second during peak hours
Reliability -- maintain 99.95% uptime with graceful degradation when ML services are unavailable
Latency -- p95 inference latency under 150ms, p99 under 300ms
Accuracy -- achieve 95%+ precision with 85%+ recall, false positive rate below 0.5%

What Interviewers Focus On

Based on real interview experiences, these are the areas interviewers probe most deeply:

1. Feature Engineering and Signal Selection

Hints to consider:

Content features (text patterns, links, media fingerprints) versus behavioral features (posting frequency, interaction patterns)
Graph-based features that detect coordinated networks of spam accounts
Temporal patterns like burst posting or activity during suspicious hours
Device and session fingerprints to identify automated behavior

2. Online vs Offline Learning Architecture

The balance between real-time inference and model training is crucial for adapting to evolving spam tactics while maintaining low latency.

Hints to consider:

Separate hot path (real-time inference) from cold path (batch feature computation and model training)
Feature stores to precompute expensive features offline while keeping inference fast
Online learning approaches for rapid adaptation versus periodic batch retraining
A/B testing framework to safely deploy model updates and measure impact

3. Handling Class Imbalance and Labeling

Spam is typically a small percentage of total content, creating severe class imbalance. Obtaining high-quality labels is expensive and time-consuming.

Hints to consider:

Sampling strategies for training data (undersampling majority class, oversampling minority, SMOTE)
Active learning to prioritize which examples humans should label
Combining explicit moderator labels with implicit signals (user reports, content removal)
Ensemble methods that combine multiple models trained on different data distributions

4. Multi-Stage Detection Pipeline

A single model often can't balance speed, accuracy, and cost. Most production systems use cascaded filtering approaches.

Hints to consider:

Lightweight rule-based pre-filters to catch obvious spam at minimal compute cost
Fast shallow models (logistic regression, small trees) for initial screening
Complex deep learning models reserved for borderline cases
Post-processing heuristics and reputation scores to adjust final decisions

5. Feedback Loops and Model Monitoring

Spam detection systems can create their own feedback loops where model predictions influence what data gets labeled, potentially degrading performance over time.

Hints to consider:

Monitoring precision/recall across different content types and user segments
Detecting concept drift when spam tactics evolve
Ensuring training data represents the full distribution, not just flagged content
Hold-out sets from earlier time periods to measure temporal generalization

Suggested Approach

Step 1: Clarify Requirements

Start by understanding the scope and constraints:

What types of content need spam detection (posts, comments, direct messages, profile updates)?
What's the current volume and growth trajectory?
What's the acceptable false positive rate for different content types?
Are there regulatory requirements around content moderation and appeals?
What existing systems need integration (content delivery, user notifications, moderation dashboards)?
What's the cost tolerance for compute resources (inference and training)?

Step 2: High-Level Architecture

Sketch the major components:

Ingestion Layer: Message queues to buffer incoming content and decouple submission from classification
Feature Pipeline: Real-time feature extraction (content analysis) plus batch-computed features (user history, graph features)
Inference Service: Multi-stage classifier with rule engine → fast ML model → complex ML model
Action Engine: Applies decisions based on confidence scores (block, shadow-ban, flag for review)
Feedback Loop: Collects moderator decisions and user appeals to continuously improve models
Training Pipeline: Offline system for feature engineering, model training, validation, and deployment

Discuss data flow: Content → Feature Extraction → Model Inference → Action → Feedback Collection → Model Update

Step 3: Deep Dive on Feature Engineering and Model Architecture

Walk through your ML approach in detail:

Feature categories:

Text features: n-grams, embeddings, linguistic patterns, sentiment, toxicity scores
Media features: image hashes, OCR text extraction, NSFW detection
User features: account age, follower/following ratios, historical violation rates
Behavioral features: posting velocity, geographic diversity, interaction patterns
Network features: cluster coefficients, connection to known spam accounts

Model architecture:

Start with gradient boosted trees (XGBoost/LightGBM) as a strong baseline with good interpretability
Consider transformer-based models for text understanding if latency budget allows
Discuss ensemble approaches combining multiple specialized models
Address how to handle different content modalities (text, images, videos)

Training strategy:

Explain train/validation/test splits with temporal holdout for realistic evaluation
Discuss handling class imbalance through weighted loss functions or sampling
Explain hyperparameter tuning and model selection process

Step 4: Address Scalability and Operational Concerns

Cover how the system scales and operates in production: