research-article

On Detecting Growing-Up Behaviors of Malicious Accounts in Privacy-Centric Mobile Social Networks

Authors:

Neil Zhenqiang Gong,

Shaofeng HuAuthors Info & Claims

ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

Pages 297 - 310

https://doi.org/10.1145/3485832.3488013

Published: 06 December 2021 Publication History

Abstract

Privacy-centric mobile social network (PC-MSN), which allows users to build intimate and private social circles, is an increasingly popular type of online social networks (OSNs). Because of strict usage policy enforced by PC-MSNs (such as restricted account and content access), malicious accounts (or users) have to act like normal accounts to accumulate credentials before committing malicious activities. Therefore, analysis merely relying on static account profile information or social graphs is ineffective to detect such growing-up accounts. Besides, existing behavior-based malicious account detection methods fail to effectively detect growing-up accounts who pretend to be benign and have similar behaviors to benign users during the growing-up stage.

In this paper, we present the first comprehensive study of growing-up behaviors of malicious accounts in WeChat, one of the major PC-MSNs with billions of daily active users across the globe. Our analysis reveals that the behavior patterns of growing-up accounts are very similar to that of benign users, and yet quite different from typical malicious accounts. Based on this observation, we design Muses, a detection system that can automatically identify subtle yet effective behaviors (features) to distinguish growing-up accounts before they engage in obvious malicious campaigns. Muses is unsupervised so that it can adapt to new malicious campaigns even if the behavior patterns of malicious accounts are unknown a priori. In particular, Muses addresses the limitations of the previous supervised techniques, i.e., requiring manually labeled training sets, which is time-consuming and costly. We evaluate Muses on a large-scale anonymized dataset from WeChat with roughly 440k accounts. The experimental results show that Muses achieves 2x recall, with similar precision, compared with the previous methods. Specifically, Muses detects over 82% growing-up accounts with a precision of 90% and achieves an AUC of 0.95. Notably, Muses can also effectively detect growing-up accounts even if malicious users applied various evasion strategies.

References

[1]

Lorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, and Alessandro Panconesi. 2013. Sok: The evolution of sybil defense via social networks. In IEEE S&P.

[2]

Vincent�D Blondel, Jean-Loup Guillaume, Renaud Lambiotte, and Etienne Lefebvre. 2008. Fast unfolding of communities in large networks. Journal of statistical mechanics: theory and experiment (2008).

[3]

Yazan Boshmaf, Dionysios Logothetis, Georgos Siganos, Jorge Ler�a, Jose Lorenzo, Matei Ripeanu, and Konstantin Beznosov. 2015. Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs. In NDSS.

[4]

Zhuhua Cai and Christopher Jermaine. 2012. The latent community model for detecting sybil attacks in social networks. In NDSS.

[5]

Qiang Cao, Michael Sirivianos, Xiaowei Yang, and Tiago Pregueiro. 2012. Aiding the detection of fake accounts in large scale social online services. In NSDI.

[6]

Qiang Cao, Xiaowei Yang, Jieqi Yu, and Christopher Palow. 2014. Uncovering large groups of active malicious accounts in online social networks. In ACM CCS.

[7]

George Danezis and Prateek Mittal. 2009. Sybilinfer: Detecting sybil nodes using social networks. In NDSS.

[8]

Manuel Egele, Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2015. Towards detecting compromised accounts on social networks. IEEE TDSC (2015).

[9]

David Freeman, Sakshi Jain, Markus D�rmuth, Battista Biggio, and Giorgio Giacinto. 2016. Who Are You? A Statistical Approach to Measuring User Authenticity. In NDSS.

[10]

Hao Fu, Xing Xie, Yong Rui, Neil�Zhenqiang Gong, Guangzhong Sun, and Enhong Chen. 2017. Robust spammer detection in microblogs: Leveraging user carefulness. ACM Transactions on Intelligent Systems and Technology (TIST) 8, 6(2017).

[11]

Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen, and Ben�Y Zhao. 2010. Detecting and characterizing social spam campaigns. In ACM SIGCOMM.

[12]

Peng Gao, Binghui Wang, Neil�Zhenqiang Gong, Sanjeev�R Kulkarni, Kurt Thomas, and Prateek Mittal. 2018. Sybilfuse: Combining local attributes with global structure to perform robust sybil detection. In IEEE CNS.

[13]

Neil�Zhenqiang Gong, Mario Frank, and Prateek Mittal. 2014. Sybilbelief: A semi-supervised learning approach for structure-based sybil detection. IEEE TIFS (2014).

[14]

Jinyuan Jia, Binghui Wang, and Neil�Zhenqiang Gong. 2017. Random walk based fake account detection in online social networks. In IEEE DSN.

[15]

Anna Leontjeva, Moises Goldszmidt, Yinglian Xie, Fang Yu, and Martín Abadi. 2013. Early security classification of skype users via machine learning. In ACM AIsec.

[16]

Changchang Liu, Peng Gao, Matthew Wright, and Prateek Mittal. 2015. Exploiting temporal dynamics in sybil defenses. In ACM CCS.

[17]

Abedelaziz Mohaisen, Nicholas Hopper, and Yongdae Kim. 2011. Keep your friends close: Incorporating trust into social network-based sybil defenses. In IEEE INFOCOM.

[18]

Jia-Yu Pan, Hyung-Jeong Yang, Christos Faloutsos, and Pinar Duygulu. 2004. Automatic multimedia cross-modal correlation discovery. In ACM SIGKDD.

[19]

Jonghyuk Song, Sangho Lee, and Jong Kim. 2011. Spam filtering in twitter using sender-receiver relationship. In RAID. Springer.

[20]

Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2010. Detecting spammers on social networks. In ACSAC.

[21]

Gianluca Stringhini, Pierre Mourlanne, Gregoire Jacob, Manuel Egele, Christopher Kruegel, and Giovanni Vigna. 2015. {EVILCOHORT}: Detecting Communities of Malicious Accounts on Online Services. In USENIX Security.

[22]

Kurt Thomas, Frank Li, Chris Grier, and Vern Paxson. 2014. Consequences of connectivity: Characterizing account hijacking on twitter. In ACM CCS.

[23]

Bimal Viswanath, Ansley Post, Krishna P Gummadi, and Alan Mislove. 2010. An analysis of social network-based sybil defenses. In ACM SIGCOMM. ACM.

[24]

Alex Hai Wang. 2010. Don’t follow me: Spam detection in twitter. In SECRYPT. IEEE.

[25]

Binghui Wang, Neil Zhenqiang Gong, and Hao Fu. 2017. GANG: Detecting fraudulent users in online social networks via guilt-by-association on directed graphs. In IEEE ICDM.

[26]

Binghui Wang, Jinyuan Jia, and Neil�Zhenqiang Gong. 2019. Graph-based security and privacy analytics via collective classification with joint weight learning and propagation. In NDSS.

[27]

Binghui Wang, Jinyuan Jia, and Neil�Zhenqiang Gong. 2021. Semi-Supervised Node Classification on Graphs: Markov Random Fields vs. Graph Neural Networks. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 35. 10093–10101.

[28]

Binghui Wang, Le Zhang, and Neil Zhenqiang Gong. 2017. SybilSCAR: Sybil detection in online social networks via local rule based propagation. In IEEE INFOCOM.

[29]

Gang Wang, Tristan Konolige, Christo Wilson, Xiao Wang, Haitao Zheng, and Ben Y Zhao. 2013. You are how you click: Clickstream analysis for sybil detection. In USENIX Security.

[30]

Zenghua Xia, Chang Liu, Neil Zhenqiang Gong, Qi Li, Yong Cui, and Dawn Song. 2019. Characterizing and Detecting Malicious Accounts in Privacy-Centric Mobile Social Networks: A Case Study. In ACM SIGKDD.

[31]

Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot Gillum, Krish Vitaldevaria, Jason Walter, Junxian Huang, and Zhuoqing Morley Mao. 2012. Innocent by association: early recognition of legitimate users. In ACM CCS.

[32]

Jilong Xue, Zhi Yang, Xiaoyong Yang, Xiao Wang, Lijiang Chen, and Yafei Dai. 2013. Votetrust: Leveraging friend invitation graph to defend against social network sybils. In IEEE INFOCOM.

[33]

Chao Yang, Robert Harkreader, Jialong Zhang, Seungwon Shin, and Guofei Gu. 2012. Analyzing spammers’ social networks for fun and profit: a case study of cyber criminal ecosystem on twitter. In WWW. ACM.

[34]

Chao Yang, Robert Chandler Harkreader, and Guofei Gu. 2011. Die free or live hard? empirical evaluation and new design for fighting evolving twitter spammers. In RAID. Springer.

[35]

Zhi Yang, Christo Wilson, Xiao Wang, Tingting Gao, Ben Y Zhao, and Yafei Dai. 2014. Uncovering social network sybils in the wild. ACM TKDD (2014).

[36]

Haifeng Yu, Phillip B Gibbons, Michael Kaminsky, and Feng Xiao. 2008. Sybillimit: A near-optimal social network defense against sybil attacks. In IEEE S & P. IEEE.

[37]

Dong Yuan, Yuanli Miao, Neil�Zhenqiang Gong, Zheng Yang, Qi Li, Dawn Song, Qian Wang, and Xiao Liang. 2019. Detecting Fake Accounts in Online Social Networks at the Time of Registrations. In CCS.

[38]

Haizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang, and Keith Ross. 2018. Smoke screener or straight shooter: Detecting elite sybil attacks in user-review social networks. In NDSS.

Cited By

Wang YLiu YWang NLi PHu JFu XWang WSun KLi QXu K(2024)Enhancing Fraud Transaction Detection via Unlabeled Suspicious Records2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS)10.1109/IWQoS61813.2024.10682918(1-10)Online publication date: 19-Jun-2024
https://doi.org/10.1109/IWQoS61813.2024.10682918
Yin QLi QGong NXu KLiang XHu S(2023)Detecting Fake Users in Online Social NetworksAI Embedded Assurance for Cyber Systems10.1007/978-3-031-42637-7_11(201-217)Online publication date: 11-Aug-2023
https://doi.org/10.1007/978-3-031-42637-7_11
El Mendili FLouhab FBerros NFilaly YBadri HEl Bouzekri El Idrissi YFattah M(2023)Fake Profile Identification Using Machine LearningArtificial Intelligence and Smart Environment10.1007/978-3-031-26254-8_61(427-432)Online publication date: 8-Mar-2023
https://doi.org/10.1007/978-3-031-26254-8_61

Index Terms

On Detecting Growing-Up Behaviors of Malicious Accounts in Privacy-Centric Mobile Social Networks

Index terms have been assigned to the content through auto-classification.

Recommendations

Uncovering Large Groups of Active Malicious Accounts in Online Social Networks
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

The success of online social networks has attracted a constant interest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social ...
Characterizing and Detecting Malicious Accounts in Privacy-Centric Mobile Social Networks: A Case Study
KDD '19: Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining

Malicious accounts are one of the biggest threats to the security and privacy of online social networks (OSNs). In this work, we study a new type of OSN, called privacy-centric mobile social network (PC-MSN), such as KakaoTalk and LINE, which has ...
LBSNShield: Malicious Account Detection in Location-Based Social Networks
CSCW '16 Companion: Proceedings of the 19th ACM Conference on Computer Supported Cooperative Work and Social Computing Companion

Given the popularity of GPS-enabled smart devices, location-based social networks (LBSNs) have attracted numerous users around the world. The openness of LBSN platforms has also made themselves the targets of malicious attack-ers. In LBSNs, attackers ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

December 2021

1077 pages

ISBN:9781450385794

DOI:10.1145/3485832

Copyright � 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 December 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ACSAC '21

ACSAC '21: Annual Computer Security Applications Conference

December 6 - 10, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
230
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)4

Reflects downloads up to 19 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang YLiu YWang NLi PHu JFu XWang WSun KLi QXu K(2024)Enhancing Fraud Transaction Detection via Unlabeled Suspicious Records2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS)10.1109/IWQoS61813.2024.10682918(1-10)Online publication date: 19-Jun-2024
https://doi.org/10.1109/IWQoS61813.2024.10682918
Yin QLi QGong NXu KLiang XHu S(2023)Detecting Fake Users in Online Social NetworksAI Embedded Assurance for Cyber Systems10.1007/978-3-031-42637-7_11(201-217)Online publication date: 11-Aug-2023
https://doi.org/10.1007/978-3-031-42637-7_11
El Mendili FLouhab FBerros NFilaly YBadri HEl Bouzekri El Idrissi YFattah M(2023)Fake Profile Identification Using Machine LearningArtificial Intelligence and Smart Environment10.1007/978-3-031-26254-8_61(427-432)Online publication date: 8-Mar-2023
https://doi.org/10.1007/978-3-031-26254-8_61

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents