Uncovering large groups of active malicious accounts in online social networks

Conference Paper

The success of online social networks has attracted a constant interest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social spam, malware distribution, and online rating distortion. To defend against these attacks, we design and implement a ma-licious account detection system called SynchroTrap. We observe that malicious accounts usually perform loosely synchronized actions in a variety of social network context. Our system clusters user accounts according to the similarity of their actions and uncovers large groups of malicious accounts that act similarly at around the same time for a sustained period of time. We implement SynchroTrap as an incremental processing system on Hadoop and Giraph so that it can process the massive user activity data in a large online social network efficiently. We have deployed our system in five applications at Facebook and Instagram. SynchroTrap was able to unveil more than two million malicious accounts and 1156 large attack campaigns within one month. Copyright is held by the author/owner(s).

Full Text

Duke Authors

Cited Authors

  • Cao, Q; Yang, X; Yu, J; Palow, C

Published Date

  • November 3, 2014

Published In

Start / End Page

  • 477 - 488

International Standard Serial Number (ISSN)

  • 1543-7221

International Standard Book Number 13 (ISBN-13)

  • 9781450329576

Digital Object Identifier (DOI)

  • 10.1145/2660267.2660269

Citation Source

  • Scopus