TY - GEN
T1 - Uncovering large groups of active malicious accounts in online social networks
AU - Cao, Qiang
AU - Yang, Xiaowei
AU - Yu, Jieqi
AU - Palow, Christopher
PY - 2014/11/3
Y1 - 2014/11/3
N2 - The success of online social networks has attracted a constant interest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social spam, malware distribution, and online rating distortion. To defend against these attacks, we design and implement a ma-licious account detection system called SynchroTrap. We observe that malicious accounts usually perform loosely synchronized actions in a variety of social network context. Our system clusters user accounts according to the similarity of their actions and uncovers large groups of malicious accounts that act similarly at around the same time for a sustained period of time. We implement SynchroTrap as an incremental processing system on Hadoop and Giraph so that it can process the massive user activity data in a large online social network efficiently. We have deployed our system in five applications at Facebook and Instagram. SynchroTrap was able to unveil more than two million malicious accounts and 1156 large attack campaigns within one month. Copyright is held by the author/owner(s).
AB - The success of online social networks has attracted a constant interest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social spam, malware distribution, and online rating distortion. To defend against these attacks, we design and implement a ma-licious account detection system called SynchroTrap. We observe that malicious accounts usually perform loosely synchronized actions in a variety of social network context. Our system clusters user accounts according to the similarity of their actions and uncovers large groups of malicious accounts that act similarly at around the same time for a sustained period of time. We implement SynchroTrap as an incremental processing system on Hadoop and Giraph so that it can process the massive user activity data in a large online social network efficiently. We have deployed our system in five applications at Facebook and Instagram. SynchroTrap was able to unveil more than two million malicious accounts and 1156 large attack campaigns within one month. Copyright is held by the author/owner(s).
KW - Malicious account detection
KW - Online social networks
KW - Scalable clustering system
UR - https://www.scopus.com/pages/publications/84910660900
U2 - 10.1145/2660267.2660269
DO - 10.1145/2660267.2660269
M3 - 会议稿件
AN - SCOPUS:84910660900
SN - 9781450329576
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 477
EP - 488
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014
Y2 - 3 November 2014 through 7 November 2014
ER -