The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks

People have long been aware of malicious users that impersonate celebrities or launch identity theft attacks in social networks. However, beyond anecdotal evidence, there have been no in-depth studies of impersonation attacks in today's social networks. One reason for the lack of studies in this space is the absence of datasets about impersonation attacks. To this end, we propose a technique to build extensive datasets of impersonation attacks in current social networks and we gather 16,572 cases of impersonation attacks in the Twitter social network. Our analysis reveals that most identity impersonation attacks are not targeting celebrities or identity theft. Instead, we uncover a new class of impersonation attacks that clone the profiles of ordinary people on Twitter to create real-looking fake identities and use them in malicious activities such as follower fraud. We refer to these as the doppelgänger bot attacks. Our findings show (i) that identity impersonation attacks are much broader than believed and can impact any user, not just celebrities and (ii) that attackers are evolving and create real-looking accounts that are harder to detect by current systems. We also propose and evaluate methods to automatically detect impersonation attacks sooner than they are being detected in today's Twitter social network.

[1]  Hassan Takabi,et al.  Towards active detection of identity clone attacks on online social networks , 2011, CODASPY '11.

[2]  Sotiris Ioannidis,et al.  Detecting social network profile cloning , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[3]  Gang Wang,et al.  Social Turing Tests: Crowdsourcing Sybil Detection , 2012, NDSS.

[4]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[5]  Claude Castelluccia,et al.  How Unique and Traceable Are Usernames? , 2011, PETS.

[6]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[7]  Krishna P. Gummadi,et al.  An analysis of social network-based Sybil defenses , 2010, SIGCOMM '10.

[8]  Krishna P. Gummadi,et al.  Towards Detecting Anomalous User Behavior in Online Social Networks , 2014, USENIX Security Symposium.

[9]  G LoweDavid,et al.  Distinctive Image Features from Scale-Invariant Keypoints , 2004 .

[10]  Fatemeh Salehi Rizi,et al.  An IAC Approach for Detecting Profile Cloning in Online Social Networks , 2014, ArXiv.

[11]  Matthijs C. Dorst Distinctive Image Features from Scale-Invariant Keypoints , 2011 .

[12]  Alan Mislove,et al.  Iolaus: securing online content rating systems , 2013, WWW.

[13]  Krishna P. Gummadi,et al.  Ostra: Leveraging Trust to Thwart Unwanted Communication , 2008, NSDI.

[14]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[15]  Oana Goga,et al.  Matching user accounts across online social networks : methods and applications. (Corrélation des profils d'utilisateurs dans les réseaux sociaux : méthodes et applications) , 2014 .

[16]  Virgílio A. F. Almeida,et al.  Detecting Spammers on Twitter , 2010 .

[17]  Krishna P. Gummadi,et al.  On the Reliability of Profile Matching Across Large Online Social Networks , 2015, KDD.

[18]  Michael Kaminsky,et al.  SybilGuard: Defending Against Sybil Attacks via Social Networks , 2008, IEEE/ACM Transactions on Networking.

[19]  Krishna P. Gummadi,et al.  Defending against large-scale crawls in online social networks , 2012, CoNEXT '12.

[20]  Krishna P. Gummadi,et al.  Exploring the design space of social network-based Sybil defenses , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[21]  Alan Mislove,et al.  Bazaar: Strengthening User Reputations in Online Marketplaces , 2011, NSDI.

[22]  Vern Paxson,et al.  Detecting and Analyzing Automated Activity on Twitter , 2011, PAM.

[23]  Krishna P. Gummadi,et al.  Inferring user interests in the Twitter social network , 2014, RecSys '14.

[24]  Hung-Min Sun,et al.  A defence scheme against Identity Theft Attack based on multiple social networks , 2014, Expert Syst. Appl..

[25]  Mohammad-Reza Khayyambashi,et al.  A New Approach for Finding Cloned Profiles in Online Social Networks , 2014, ArXiv.

[26]  Pradeep Ravikumar,et al.  A Comparison of String Distance Metrics for Name-Matching Tasks , 2003, IIWeb.