Risk Assessment in Social Networks Based on User Anomalous Behaviors

Although the dramatic increase in Online Social Network (OSN) usage, there are still a lot of security and privacy concerns. In such a scenario, it would be very beneficial to have a mechanism able to assign a risk score to each OSN user. For this reason, in this paper, we propose a risk assessment based on the idea that the more a user behavior diverges from what it can be considered as a ‘normal behavior’, the more it should be considered risky. In doing this, we have taken into account that OSN population is really heterogeneous in observed behaviors. As such, it is not possible to define a unique standard behavioral model that fits all OSN users’ behaviors. However, we expect that similar people tend to follow similar rules with the results of similar behavioral models. For this reason, we propose a risk assessment approach organized into two phases: similar users are first grouped together, then, for each identified group, we build one or more models for normal behavior. The carried out experiments on a real Facebook dataset show that the proposed model outperforms a simplified behavioral-based risk assessment where behavioral models are built over the whole OSN population, without a group identification phase.

[1]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[2]  Ben Y. Zhao,et al.  Uncovering social network sybils in the wild , 2011, IMC '11.

[3]  Markus Strohmaier,et al.  A categorization scheme for socialbot attacks in online social networks , 2014, ArXiv.

[4]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[5]  Marcus A. Maloof,et al.  Machine Learning and Data Mining for Computer Security , 2006 .

[6]  Christa S. C. Asterhan,et al.  Online and face-to-face discussions in the classroom: a study on the experiences of 'active' and 'silent' students , 2009, CSCL.

[7]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.

[8]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[9]  U. Fayyad,et al.  Scaling EM (Expectation Maximization) Clustering to Large Databases , 1998 .

[10]  Hossein Saidi,et al.  Malware propagation in Online Social Networks , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[11]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[12]  A. Stewart,et al.  Gender in psychology. , 2002, Annual review of psychology.

[13]  Steven M. Bellovin,et al.  The Failure of Online Social Network Privacy Settings , 2011 .

[14]  Jun Hu,et al.  Detecting and characterizing social spam campaigns , 2010, IMC '10.

[15]  Konstantin Beznosov,et al.  Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs , 2015, NDSS.

[16]  Peter Lehmann,et al.  Data Mining with Microsoft SQL Server 2005 , 2007 .

[17]  Konstantin Beznosov,et al.  Graph-based Sybil Detection in social and information systems , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[18]  Aaron Smith,et al.  Social Media & Mobile Internet Use among Teens and Young Adults. Millennials. , 2010 .

[19]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[20]  Lakshminarayanan Subramanian,et al.  Sybil-Resilient Online Content Voting , 2009, NSDI.

[21]  E. Menesini,et al.  Cyberbullying definition and measurement: Some critical considerations , 2009 .

[22]  Aziz Mohaisen,et al.  Measuring the mixing time of social graphs , 2010, IMC '10.

[23]  Chandra Prakash,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2011 .

[24]  Michalis Faloutsos,et al.  Efficient and Scalable Socware Detection in Online Social Networks , 2012, USENIX Security Symposium.

[25]  Songqing Chen,et al.  UNIK: unsupervised social network spam detection , 2013, CIKM.

[26]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[27]  Gang Wang,et al.  Northeastern University , 2021, IEEE Pulse.

[28]  T. Moon The expectation-maximization algorithm , 1996, IEEE Signal Process. Mag..

[29]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[30]  Yin Zhang,et al.  ViceROI: catching click-spam in search ad networks , 2013, CCS.

[31]  Barbara Carminati,et al.  Privacy in Social Networks: How Risky is Your Social Graph? , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[32]  Gianluca Stringhini,et al.  COMPA: Detecting Compromised Accounts on Social Networks , 2013, NDSS.

[33]  Fabrício Benevenuto,et al.  Reverse engineering socialbot infiltration strategies in Twitter , 2014, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[34]  Michalis Faloutsos,et al.  An analysis of socware cascades in online social networks , 2013, WWW.

[35]  Yuval Elovici,et al.  Online Social Networks: Threats and Solutions , 2013, IEEE Communications Surveys & Tutorials.

[36]  Phil McKenna The rise of cyberbullying , 2007 .

[37]  Krishna P. Gummadi,et al.  An analysis of social network-based Sybil defenses , 2010, SIGCOMM 2010.

[38]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, SIGCOMM.

[39]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[40]  Hassan Takabi,et al.  Analysing security and privacy issues of using e-mail address as identity , 2011, Int. J. Inf. Priv. Secur. Integr..

[41]  William V. Pelfrey,et al.  Talking smack and the telephone game: conceptualizing cyberbullying with middle and high school youth , 2014 .

[42]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[43]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[44]  H. Takabi,et al.  Sybil Attacks VS Identity Clone Attacks in Online Social Networks , 2012 .

[45]  Krishna P. Gummadi,et al.  Towards Detecting Anomalous User Behavior in Online Social Networks , 2014, USENIX Security Symposium.