TY - JOUR
T1 - Íntegro
T2 - Leveraging victim prediction for robust fake account detection in large scale OSNs
AU - Boshmaf, Yazan
AU - Logothetis, Dionysios
AU - Siganos, Georgos
AU - Lería, Jorge
AU - Lorenzo, Jose
AU - Ripeanu, Matei
AU - Beznosov, Konstantin
AU - Halawa, Hassan
N1 - Publisher Copyright:
© 2016 Elsevier Ltd. All rights reserved.
PY - 2016/8/1
Y1 - 2016/8/1
N2 - Detecting fake accounts in online social networks (OSNs) protects both OSN operators and their users from various malicious activities. Most detection mechanisms attempt to classify user accounts as real (i.e., benign, honest) or fake (i.e., malicious, Sybil) by analyzing either user-level activities or graph-level structures. These mechanisms, however, are not robust against adversarial attacks in which fake accounts cloak their operation with patterns resembling real user behavior. In this article, we show that victims - real accounts whose users have accepted friend requests sent by fakes - form a distinct classification category that is useful for designing robust detection mechanisms. In particular, we present Íntegro - a robust and scalable defense system that leverages victim classification to rank most real accounts higher than fakes, so that OSN operators can take actions against low-ranking fake accounts. Íntegro starts by identifying potential victims from user-level activities using supervised machine learning. After that, it annotates the graph by assigning lower weights to edges incident to potential victims. Finally, Íntegro ranks user accounts based on the landing probability of a short random walk that starts from a known real account. As this walk is unlikely to traverse low-weight edges in a few steps and land on fakes, Íntegro achieves the desired ranking. We implemented Íntegro using widely-used, open-source distributed computing platforms, where it scaled nearly linearly. We evaluated Íntegro against SybilRank, which is the state-of-the-art in fake account detection, using real-world datasets and a large-scale deployment at Tuenti - the largest OSN in Spain with more than 15 million active users. We show that Íntegro significantly outperforms SybilRank in user ranking quality, with the only requirement that the employed victim classifier is better than random. Moreover, the deployment of Íntegro at Tuenti resulted in up to an order of magnitude higher precision in fake account detection, as compared to SybilRank.
AB - Detecting fake accounts in online social networks (OSNs) protects both OSN operators and their users from various malicious activities. Most detection mechanisms attempt to classify user accounts as real (i.e., benign, honest) or fake (i.e., malicious, Sybil) by analyzing either user-level activities or graph-level structures. These mechanisms, however, are not robust against adversarial attacks in which fake accounts cloak their operation with patterns resembling real user behavior. In this article, we show that victims - real accounts whose users have accepted friend requests sent by fakes - form a distinct classification category that is useful for designing robust detection mechanisms. In particular, we present Íntegro - a robust and scalable defense system that leverages victim classification to rank most real accounts higher than fakes, so that OSN operators can take actions against low-ranking fake accounts. Íntegro starts by identifying potential victims from user-level activities using supervised machine learning. After that, it annotates the graph by assigning lower weights to edges incident to potential victims. Finally, Íntegro ranks user accounts based on the landing probability of a short random walk that starts from a known real account. As this walk is unlikely to traverse low-weight edges in a few steps and land on fakes, Íntegro achieves the desired ranking. We implemented Íntegro using widely-used, open-source distributed computing platforms, where it scaled nearly linearly. We evaluated Íntegro against SybilRank, which is the state-of-the-art in fake account detection, using real-world datasets and a large-scale deployment at Tuenti - the largest OSN in Spain with more than 15 million active users. We show that Íntegro significantly outperforms SybilRank in user ranking quality, with the only requirement that the employed victim classifier is better than random. Moreover, the deployment of Íntegro at Tuenti resulted in up to an order of magnitude higher precision in fake account detection, as compared to SybilRank.
KW - Fake account detection
KW - Online social networks
KW - Social infiltration
KW - Socialbots
KW - Victim account prediction
UR - http://www.scopus.com/inward/record.url?scp=84974733314&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2016.05.005
DO - 10.1016/j.cose.2016.05.005
M3 - Article
AN - SCOPUS:84974733314
SN - 0167-4048
VL - 61
SP - 142
EP - 168
JO - Computers and Security
JF - Computers and Security
ER -