The anatomy of a large-scale hypertextual Web search engine
WWW7 Proceedings of the seventh international conference on World Wide Web 7
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Graphs over time: densification laws, shrinking diameters and possible explanations
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
SybilGuard: defending against sybil attacks via social networks
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Analysis of topological characteristics of huge online social networking services
Proceedings of the 16th international conference on World Wide Web
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Sybil-resilient online content voting
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
A sketch-based distance oracle for web-scale graphs
Proceedings of the third ACM international conference on Web search and data mining
An analysis of social network-based Sybil defenses
Proceedings of the ACM SIGCOMM 2010 conference
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A geometric model for on-line social networks
WOSN'10 Proceedings of the 3rd conference on Online social networks
Measuring the mixing time of social graphs
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Innocent by association: early recognition of legitimate users
Proceedings of the 2012 ACM conference on Computer and communications security
Early security classification of skype users via machine learning
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
| Hi-index | 0.00 |
In this paper, we present a framework, SocialWatch, to detect attacker-created accounts and hijacked accounts for online services at a large scale. SocialWatch explores a set of social graph properties that effectively model the overall social activity and connectivity patterns of online users, including degree, PageRank, and social affinity features. These features are hard to mimic and robust to attacker counter strategies. We evaluate SocialWatch using a large, real dataset with more than 682 million users and over 5.75 billion directional relationships. SocialWatch successfully detects 56.85 million attacker-created accounts with a low false detection rate of 0.75% and a low false negative rate of 0.61%. In addition, SocialWatch detects 1.95 million hijacked accounts---among which 1.23 million were not detected previously---with a low false detection rate of 2%. Our work demonstrates the practicality and effectiveness of using large social graphs with billions of edges to detect real attacks.