1 / 18

Uncovering Social Network Sybils in the Wild

Uncovering Social Network Sybils in the Wild. Sybils on OSNs. Large OSNs are attractive targets for… Spam dissemination Theft of personal information Sybil, sɪbəl , Noun: a fake account that attempts to create many friendships with honest users

vidal
Download Presentation

Uncovering Social Network Sybils in the Wild

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Uncovering Social NetworkSybils in the Wild

  2. Sybils on OSNs • Large OSNs are attractive targets for… • Spam dissemination • Theft of personal information • Sybil,sɪbəl, Noun: a fake account that attempts to create many friendships with honest users • Friendships are precursor to other malicious activity • Does not include benign fakes • Research has identified malicious Sybils on OSNs • Twitter [CCS 2010] • Facebook [IMC 2010]

  3. Understanding Sybil Behavior • Prior work has focused on spam • Content, dynamics, campaigns • Includes compromised accounts • Open question: What is the behavior of Sybils in the wild? • Important for evaluating Sybil detectors • Partnership with largest OSN in China: Renren • Leverage ground-truth data on 560K Sybils • Develop measurement-based, real-time Sybil detector • Deployed, caught additional 100K Sybils in 6 months

  4. Outline Introduction Sybils on Renren Sybil Analysis Conclusion

  5. Sybils on Renren • Renren is the oldest and largest OSN in China • 160M users • Facebook’s Chinese twin • Ad-hoc Sybil detectors • Threshold-based spam traps • Keyword and URL blacklists • Crowdsourced account flagging • 560K Sybils banned as of August 2010

  6. Sybil Detection 2.0 • Developed improved Sybil detector for Renren • Analyzed ground-truth data on existing Sybils • Identified four reliable Sybil indicators • Evaluated threshold and SVM detectors • Similar accuracy for both • Deployed threshold, less CPU intensive, real-time • Friend Request Frequency • Outgoing Friend Requests Accepted • Incoming Friend Requests Accepted • Clustering Coefficient

  7. Detection Results • Caught 100K Sybils in the first six months • Vast majority are spammers • Many banned before generating content • Low false positive rate • Use customer complaint rate as signal • Complaints evaluated by humans • 25 real complaints per 3000 bans (<1%) Spammers attempted to recover banned Sybils by complaining to Renren customer support! • More details • in the paper

  8. Outline Introduction Sybils on Renren Sybil Analysis Conclusion

  9. Community-based Sybil Detectors • Prior work on decentralized OSN Sybil detectors • SybilGuard, SybilLimit, SybilInfer, Sumup • Key assumption: Sybils form tight-knit communities Attack Edges Edges Between Sybils

  10. Do Sybils Form Connected Components? • Vast majority of Sybils blend completely into the social graph • Few communities to detect 80% have degree = 0 No edges to other Sybils!

  11. Can Sybil Components be Detected? • Sybil components are internally sparse • Not amenable to community detection

  12. Sybil Cluster Analysis • Are edges between Sybils formed intentionally? • Temporal analysis indicates random formation • How are random edges between Sybils formed? • Surveyed Sybil management tools • Biased sampling for friend request targets • Likelihood of Sybils inadvertently friending is high • More details • in the paper

  13. Outline Introduction Sybils on Renren Sybil Analysis Conclusion

  14. Conclusion • First look at Sybils in the wild • Ground-truth from inside a large OSN • Deployed detector is still active • Sybils are quite sophisticated • Cheap labor  very realistic fakes • Created and managed by-hand • Need for new, decentralized Sybil detectors • Results may not generalize beyond Renren • Evaluation on other large OSNs

  15. Questions?Slides and paper available at http://www.cs.ucsb.edu/~bowlin Christo Wilson UC Santa Barbara bowlin@cs.ucsb.edu P.S.: I’m on the job market…

  16. Backup Slides Only use in case of emergency!

  17. Creation of Edges Between Sybils The majority of edges between Sybils form randomly

  18. Friend Target Selection • High degree nodes are often Sybils! • Sybils unknowingly friend each other

More Related