Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
Statistical properties of community structure in large social and information networks
Proceedings of the 17th international conference on World Wide Web
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Proceedings of the 5th International Workshop on Adversarial Information Retrieval on the Web
Botnet spam campaigns can be long lasting: evidence, implications, and analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
BotGraph: large scale spamming botnet detection
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Detecting spammers and content promoters in online video social networks
Proceedings of the 32nd international ACM SIGIR conference on Research and development in information retrieval
A case for unsupervised-learning-based spam filtering
Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Uncovering social spammers: social honeypots + machine learning
Proceedings of the 33rd international ACM SIGIR conference on Research and development in information retrieval
An analysis of social network-based Sybil defenses
Proceedings of the ACM SIGCOMM 2010 conference
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
@spam: the underground on 140 characters or less
Proceedings of the 17th ACM conference on Computer and communications security
Detecting and characterizing social spam campaigns
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Measuring the mixing time of social graphs
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Design and Evaluation of a Real-Time URL Spam Filtering Service
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Social network spam increases explosively with the rapid development and wide usage of various social networks on the Internet. To timely detect spam in large social network sites, it is desirable to discover unsupervised schemes that can save the training cost of supervised schemes. In this work, we first show several limitations of existing unsupervised detection schemes. The main reason behind the limitations is that existing schemes heavily rely on spamming patterns that are constantly changing to avoid detection. Motivated by our observations, we first propose a sybil defense based spam detection scheme SD2 that remarkably outperforms existing schemes by taking the social network relationship into consideration. In order to make it highly robust in facing an increased level of spam attacks, we further design an unsupervised spam detection scheme, called UNIK. Instead of detecting spammers directly, UNIK works by deliberately removing non-spammers from the network, leveraging both the social graph and the user-link graph. The underpinning of UNIK is that while spammers constantly change their patterns to evade detection, non-spammers do not have to do so and thus have a relatively non-volatile pattern. UNIK has comparable performance to SD2 when it is applied to a large social network site, and outperforms SD2 significantly when the level of spam attacks increases. Based on detection results of UNIK, we further analyze several identified spam campaigns in this social network site. The result shows that different spammer clusters demonstrate distinct characteristics, implying the volatility of spamming patterns and the ability of UNIK to automatically extract spam signatures.