10 likes | 103 Views
Spectrum Based Fraud Detection in Social Networks Xiaowei Ying, Xintao Wu , Daniel Barbará * University of North Carolina at Charlotte, * George Mason University. Collaborative Attack & Graph Spectrum
E N D
Spectrum Based Fraud Detection in Social Networks Xiaowei Ying, Xintao Wu, Daniel Barbará* University of North Carolina at Charlotte, * George Mason University Collaborative Attack & Graph Spectrum Collaborative attacks in matrix form: An: the adjacency matrix of legitimate nodes; B: b_ij=1 if node i is attacked by attacker j; C: the adjacency matrix of the inner-structure of the attackers. The eigenvalues and eigenvectors are given by: Original: , eigenvalue: , eigenvector: After attacks: , eigenvalue: , eigenvector: Spectral coordinate of node u is its location in the k-dimensional spectral space: Approximation of eigenvector entries for the attacking and regular nodes: Spectrum Based RLA Detection Spectral property : the eigenvector entries for the attacking nodes, , has the normal distribution with mean and variance bounded by: • Introduction • Social networks are vulnerable to various attacks such as spam emails, viral marketing, etc. It is difficult to detect collaborative attacks based on the topology of a large social network. In our work, we project the topology of the network to the spectral space. Our theoretical study shows that the spectral coordinates of the collaborative attackers are mainly determined by that of the victims, and the inner structure among the attackers has negligible impact. In particular, we focus on Random Link Attacks (RLAs).We present an effective algorithm to detect RLAs using the set of suspects filtered by their spectral characteristics. Experimental results show that our spectrum based detection technique is very effective in detecting those attackers and outperforms topology based techniques. • Random Link Attack (RLA) • Attackers create some fake nodes and randomly connect to regular nodes; • Fake nodes form some inner structure among themselves to evade detection. • A Topology Based Approach [1] • Mechanism • randomly selected victims of RLAs have few links among them, while the neighbors of regular nodes form more triangles. • Outline of algorithm • Testing step: mark a node as suspect if it satisfies either of the following two properties: • Clustering Property: the node has few triangles round it; • Neighborhood Independence Property: neighborhood of the node contains a large independent set. • Grouping step (Greedy): examine cliques in the neighborhood of each suspect, repeatedly include a new node or filter out a suspect, and check whether they form RLA groups. • Drawbacks • Difficult to detect collaborative attacks; • May only detect part of the collaborative attacking groups; • High complexity. • [1] N. Shrivastava, A. Majumder, R. Rastogi. Mining (Social) Network Graphs to Detect Random Link Attacks, ICDE08 Outline of Spectral RLA Detection Algorithm Compute the leading eigenvalues, eigenvectors of the adjacency matrix, and the associated means and standard deviations; Identify suspects in the spectral space; Find dense subgraphs in the graph formed by suspects. These dense subgraphs are very likely formed by the collaborative RLA attackers. Evaluation Data Set and Setting. Web Spam Challenge 2007 data, million pages in 114,529 hosts in the .UK domain. There are 1,836,228 links among hosts. We add 8 simulating attacking groups in the network. The 8 groups either form an ER graph or a power law degree distribution among themselves. first order second order Acknowledgments This work was supported in part by U.S. National Science Foundation IIS-0546027 and CNS-0831204. 17th ACM Conference on Computer and Communications Security, Oct. 2010, Chicago, IL.