Discovering hidden suspicious accounts in online social networks

It describes a method that can discover hidden suspicious accounts that are sparsely connected on a social graph, but which forward certain suspicious messages together.It proposes a forwarding message tree to collect messages forwarding from the same source.A new detection approach focus on accounts in bulk instead of single account or message.Our approach is proved to detect hidden suspicious accounts with significant results. Hidden suspicious accounts are sparsely connected in social graphs; however, certain suspicious messages are usually forwarded in bulk to extend their overall propagation scope. Existing anti-attack methods only detect single messages or accounts. Because most algorithms rely on the connection relations among the accounts in social graphs, they may repeatedly detect the same account. Furthermore, these hidden suspicious accounts cannot be identified and eliminated completely. Therefore, messages forwarded by hidden suspicious accounts should be merged, and the accounts should be eliminated simultaneously rather than individually. This paper introduces the forwarding message tree, which combines accounts based on the relations among their forwarded messages. Our approach clearly exposes the inner relations among hidden suspicious accounts and conveniently deletes those accounts. First, we present the forwarding message tree and identify six effective features: the forwarding layer relation, propagation depth, propagation breadth, repeated forwarding behavior, propagation speed, and average tree weight. Next, to illustrate the effectiveness of these features, we incorporate them into machine learning algorithms. The detection accuracy and false-positive rates for a real dataset collected from an online social network are 95.32% and 0.5%, respectively. Most of the proposed features rate at the top of a gain ranking. We conclude that the forwarding message tree can indeed detect and delete hidden suspicious accounts.

[1]  Ponnurangam Kumaraguru,et al.  PhishAri : Automatic Realtime Phishing Detection on Twitter Anupama Aggarwal , 2012 .

[2]  Xing Xie,et al.  Leveraging Careful Microblog Users for Spammer Detection , 2015, WWW.

[3]  Jong Kim,et al.  WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream , 2013, IEEE Transactions on Dependable and Secure Computing.

[4]  Jong Kim,et al.  CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks , 2015, CCS.

[5]  Calton Pu,et al.  Click traffic analysis of short URL spam on Twitter , 2013, 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[6]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[7]  Cao Xiao,et al.  Detecting Clusters of Fake Accounts in Online Social Networks , 2015, AISec@CCS.

[8]  Chao Yang,et al.  Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers , 2013, IEEE Trans. Inf. Forensics Secur..

[9]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[10]  Gianluca Stringhini,et al.  Towards Detecting Compromised Accounts on Social Networks , 2015, IEEE Transactions on Dependable and Secure Computing.

[11]  Alok N. Choudhary,et al.  Towards Online Spam Filtering in Social Networks , 2012, NDSS.

[12]  Venkatesan Guruswami,et al.  CopyCatch: stopping group attacks by spotting lockstep behavior in social networks , 2013, WWW.

[13]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[14]  Hiroyuki Kitagawa,et al.  TURank: Twitter User Ranking Based on User-Tweet Graph Analysis , 2010, WISE.

[15]  James Caverlee,et al.  Detecting Spam URLs in Social Media via Behavioral Analysis , 2015, ECIR.

[16]  Xue Liu,et al.  Does "Like" Really Mean Like? A Study of the Facebook Fake Like Phenomenon and an Efficient Countermeasure , 2015, ArXiv.

[17]  Qiang Cao,et al.  Uncovering Large Groups of Active Malicious Accounts in Online Social Networks , 2014, CCS.

[18]  Gianluca Stringhini,et al.  COMPA: Detecting Compromised Accounts on Social Networks , 2013, NDSS.

[19]  Fengyuan Xu,et al.  SybilDefender: Defend against sybil attacks in large social networks , 2012, 2012 Proceedings IEEE INFOCOM.

[20]  Konstantin Beznosov,et al.  Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs , 2015, NDSS.

[21]  Krishna P. Gummadi,et al.  Understanding and combating link farming in the twitter social network , 2012, WWW.

[22]  Mohammad Zulkernine,et al.  EINSPECT: Evolution-Guided Analysis and Detection of Malicious Web Pages , 2013, 2013 IEEE 37th Annual Computer Software and Applications Conference.

[23]  Komminist Weldemariam,et al.  BINSPECT: Holistic Analysis and Detection of Malicious Web Pages , 2012, SecureComm.

[24]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[25]  Gang Wang,et al.  Northeastern University , 2021, IEEE Pulse.