Results 1 - 10
of
19
Evolutionary Network Analysis: A Survey
"... Evolutionary network analysis has found an increasing interest in the literature because of the importance of different kinds of dynamic social networks, email networks, biological networks, and social streams. When a network evolves, the results of data mining algorithms such as community detection ..."
Abstract
-
Cited by 6 (1 self)
- Add to MetaCart
(Show Context)
Evolutionary network analysis has found an increasing interest in the literature because of the importance of different kinds of dynamic social networks, email networks, biological networks, and social streams. When a network evolves, the results of data mining algorithms such as community detection need to be correspondingly updated. Furthermore, the specific kinds of changes to the structure of the network, such as the impact on community structure or the impact on network structural parameters, such as node degrees, also needs to be analyzed. Some dynamic networks have a much faster rate of edge arrival and are referred to as network streams or graph streams. The analysis of such networks is especially challenging, because it needs to be performed with an online approach, under the one-pass constraint of data streams. The incorporation of content can add further complexity to the evolution analysis process. This survey provides an overview of the vast literature on graph evolution analysis and the numerous applications that arise in different contexts.
Uncovering large groups of active malicious accounts in online social networks
- In Proceedings of the 2014 ACM conference on Computer and communications security
, 2014
"... The success of online social networks has attracted a constant in-terest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social spam, malware distribution, and online rating dis ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
The success of online social networks has attracted a constant in-terest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social spam, malware distribution, and online rating distortion. To defend against these attacks, we design and implement a ma-licious account detection system called SynchroTrap. We observe that malicious accounts usually perform loosely synchronized ac-tions in a variety of social network context. Our system clusters user accounts according to the similarity of their actions and uncov-ers large groups of malicious accounts that act similarly at around the same time for a sustained period of time. We implement Syn-chroTrap as an incremental processing system on Hadoop and Gi-raph so that it can process the massive user activity data in a large online social network efficiently. We have deployed our system in five applications at Facebook and Instagram. SynchroTrap was able to unveil more than two million malicious accounts and 1156 large attack campaigns within one month.
Spotting suspicious link behavior with fbox: An adversarial perspective, 2014. arXiv preprint 1410.3915
"... Abstract—How can we detect suspicious users in large online networks? Online popularity of a user or product (via follows, page-likes, etc.) can be monetized on the premise of higher ad click-through rates or increased sales. Web services and social networks which incentivize popularity thus suffer ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
(Show Context)
Abstract—How can we detect suspicious users in large online networks? Online popularity of a user or product (via follows, page-likes, etc.) can be monetized on the premise of higher ad click-through rates or increased sales. Web services and social networks which incentivize popularity thus suffer from a major problem of fake connections from link fraudsters looking to make a quick buck. Typical methods of catching this suspicious behavior use spectral techniques to spot large groups of often blatantly fraudulent (but sometimes honest) users. However, small-scale, stealthy attacks may go unnoticed due to the nature of low-rank eigenanalysis used in practice. In this work, we take an adversarial approach to find and prove claims about the weaknesses of modern, state-of-the-art spectral methods and propose FBOX, an algorithm designed to catch small-scale, stealth attacks that slip below the radar. Our algorithm has the following desirable properties: (a) it has theoretical underpinnings, (b) it is shown to be highly effective on real data and (c) it is scalable (linear on the input size). We evaluate FBOX on a large, public 41.7 million node, 1.5 billion edge who-follows-whom social graph from Twitter in 2010 and with high precision identify many suspicious accounts which have persisted without suspension even to this day. I.
CatchSync: Catching Synchronized Behavior in Large Directed Graphs
"... Given a directed graph of millions of nodes, how can we auto-matically spot anomalous, suspicious nodes, judging only from their connectivity patterns? Suspicious graph patterns show up in many applications, from Twitter users who buy fake followers, manipulating the social network, to botnet member ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
(Show Context)
Given a directed graph of millions of nodes, how can we auto-matically spot anomalous, suspicious nodes, judging only from their connectivity patterns? Suspicious graph patterns show up in many applications, from Twitter users who buy fake followers, manipulating the social network, to botnet members performing distributed denial of service attacks, disturbing the network traf-fic graph. We propose a fast and effective method, CATCHSYNC, which exploits two of the tell-tale signs left in graphs by fraudsters: (a) synchronized behavior: suspicious nodes have extremely similar behavior pattern, because they are often required to perform some task together (such as follow the same user); and (b) rare behav-ior: their connectivity patterns are very different from the major-ity. We introduce novel measures to quantify both concepts (“syn-chronicity ” and “normality”) and we propose a parameter-free al-
Inferring strange behavior from connectivity pattern in social networks
- In Advances in Knowledge Discovery and Data Mining
, 2014
"... Abstract. Given a multimillion-node social network, how can we sum-marize connectivity pattern from the data, and how can we find unex-pected user behavior? In this paper we study a complete graph from a large who-follows-whom network and spot lockstep behavior that large groups of followers connect ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
(Show Context)
Abstract. Given a multimillion-node social network, how can we sum-marize connectivity pattern from the data, and how can we find unex-pected user behavior? In this paper we study a complete graph from a large who-follows-whom network and spot lockstep behavior that large groups of followers connect to the same groups of followees. Our first contribution is that we study strange patterns on the adjacency matrix and in the spectral subspaces with respect to several flavors of lockstep. We discover that (a) the lockstep behavior on the graph shapes dense “block ” in its adjacency matrix and creates “ray ” in spectral subspaces, and (b) partially overlapping of the behavior shapes “staircase ” in the matrix and creates “pearl ” in the subspaces. The second contribution is that we provide a fast algorithm, using the discovery as a guide for practi-tioners, to detect users who offer the lockstep behavior. We demonstrate that our approach is effective on both synthetic and real data. 1
Towards Detecting Anomalous User Behavior in Online Social Networks
"... Users increasingly rely on crowdsourced information, such as reviews on Yelp and Amazon, and liked posts and ads on Facebook. This has led to a market for blackhat promotion techniques via fake (e.g., Sybil) and compromised accounts, and collusion networks. Existing approaches to detect such behavio ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
(Show Context)
Users increasingly rely on crowdsourced information, such as reviews on Yelp and Amazon, and liked posts and ads on Facebook. This has led to a market for blackhat promotion techniques via fake (e.g., Sybil) and compromised accounts, and collusion networks. Existing approaches to detect such behavior relies mostly on supervised (or semi-supervised) learning over known (or hypothesized) attacks. They are unable to detect attacks missed by the operator while labeling, or when the attacker changes strategy. We propose using unsupervised anomaly detection techniques over user behavior to distinguish potentially bad behavior from normal behavior. We present a technique based on Principal Component Analysis (PCA) that models the behavior of normal users accurately and identifies significant deviations from it as anomalous. We experimentally validate that normal user behavior (e.g., categories of Facebook pages liked by a user, rate of like activity, etc.) is contained within a low-dimensional subspace amenable to the PCA technique. We demonstrate the practicality and effectiveness of our approach using extensive ground-truth data from Facebook: we successfully detect diverse attacker strategies—fake, compromised, and colluding Facebook identities—with no apriori labeling while maintaining low false-positive rates. Finally, we apply our approach to detect click-spam in Facebook ads and find that a surprisingly large fraction of clicks are from anomalous users. 1
Building Trusted Social Media Communities: A Research Roadmap for Promoting Credible Content
"... Abstract: A growing body of literature and inspirational examples provides guidance for aspiring social media community leaders. We know that design principles for websites can make a substantial difference in getting first-time users to return and to trust commercial, academic, government, and othe ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract: A growing body of literature and inspirational examples provides guidance for aspiring social media community leaders. We know that design principles for websites can make a substantial difference in getting first-time users to return and to trust commercial, academic, government, and other websites. By contrast, building credible social media communities requires large numbers of regular content contributors guided by inspirational and committed leaders. This paper offers a defining framework for discussing the social, technical, and content foundations that encourage trusted contributors to contribute credible content to social media communities. Each component of the framework-- the trusted contributors, credible content, reliable resources, and responsible organizations-- can be undermined. Therefore, researchers and community leaders who attend to each component have a higher chance to produce positive outcomes. This framework provides a road map for research on and management of credible communities.
Paying for Likes? Understanding Facebook Like Fraud Using Honeypots
"... Facebook pages offer an easy way to reach out to a very large audi-ence as they can easily be promoted using Facebook’s advertising platform. Recently, the number of likes of a Facebook page has become a measure of its popularity and profitability, and an under-ground market of services boosting pag ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Facebook pages offer an easy way to reach out to a very large audi-ence as they can easily be promoted using Facebook’s advertising platform. Recently, the number of likes of a Facebook page has become a measure of its popularity and profitability, and an under-ground market of services boosting page likes, aka like farms, has emerged. Some reports have suggested that like farms use a net-work of profiles that also like other pages to elude fraud protection algorithms, however, to the best of our knowledge, there has been no systematic analysis of Facebook pages ’ promotion methods. This paper presents a comparative measurement study of page likes garnered via Facebook ads and by a few like farms. We de-ploy a set of honeypot pages, promote them using both methods, and analyze garnered likes based on likers ’ demographic, temporal, and social characteristics. We highlight a few interesting findings, including that some farms seem to be operated by bots and do not really try to hide the nature of their operations, while others follow a stealthier approach, mimicking regular users ’ behavior. 1.
Graph-Based User Behavior Modeling: From Prediction to Fraud Detection Perspective and Target Audience
"... Abstract How can we model users' preferences? How do anomalies, fraud, and spam effect our models of normal users? How can we modify our models to catch fraudsters? In this tutorial we will answer these questions -connecting graph analysis tools for user behavior modeling to anomaly and fraud ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract How can we model users' preferences? How do anomalies, fraud, and spam effect our models of normal users? How can we modify our models to catch fraudsters? In this tutorial we will answer these questions -connecting graph analysis tools for user behavior modeling to anomaly and fraud detection. In particular, we will focus on the application of subgraph analysis, label propagation, and latent factor models to static, evolving, and attributed graphs. For each of these techniques we will give a brief explanation of the algorithms and the intuition behind them. We will then give examples of recent research using the techniques to model, understand and predict normal behavior. With this intuition for how these methods are applied to graphs and user behavior, we will focus on state-of-the-art research showing how the outcomes of these methods are effected by fraud, and how they have been used to catch fraudsters. Perspective and Target Audience Perspective: In this tutorial we focus on understanding anomaly and fraud detection through the lens of normal user behavior modeling. The data mining and machine learning communities have developed a plethora of models and methods for understanding user behavior. However, these methods generally assume that the behavior is that of real, honest people. On the other hand, fraud detection systems frequently use similar techniques as those used in modeling "normal" behavior, but are often framed as an independent problem. However, by focusing on the relations and intersections of the two perspectives we can gain a more complete understanding of the methods and hopefully inspire new research joining these two communities. Target Audience: This tutorial is aimed at anyone interested in modeling and understanding user behavior, from data mining and machine learning researchers to practitioners from industry and government. For those new to the field, the tutorial will cover the necessary background material to understand these systems and will offer a concise, intuitive overview of the state-of-the-art. Additionally, the tutorial aims to offer a new perspective that will be valuable and interesting even for researchers with more experience in these domains. For those having worked in classic user behavior modeling, we will demonstrate how fraud can effect commonly-used models that expect normal behavior, with the hope that future models will directly account for fraud. For those having worked in fraud detection systems, we hope to inspire new research directions through connecting with recent developments in modeling "normal" behavior.
USENIX Association 23rd USENIX Security Symposium 223 Towards Detecting Anomalous User Behavior in Online Social Networks
, 2014
"... is sponsored by USENIX ..."
(Show Context)
