Social Network Spam
http://www0.cs.ucl.ac.uk/staff/G.Stringhini/papers/socialnet-spam.pdf
The article posted above is an academic research paper published by three researches at UC Santa Barbara on detection of Social Network Spam/Spammers. It was published in 2010, so it is fairly old in reference to the speed at which social technologies develop (it even mentions Myspace in the study), however it yields fairly good insight into the ways that people or companies can detect fake profiles, especially in comparison to real profiles that have otherwise suspicious looking behavior. One of the ways that a company might be able to do this would be to check the ratio of friends to requests sent. It is true that spam accounts generally only have a few friends (since most users are aware enough to not accept the request), but shy users or users that have abandoned their accounts are also less active when it comes to friending people. The tell is that spam accounts are indiscriminate about the number of requests sent out. On Facebook you cannot see another profiles requests sent, but on Twitter follow requests are public. Additionally, the types of activity that users perform can be different too: while both businesses and spam accounts might prioritize putting urls in their posts as opposed to simple statuses, spam accounts are more focused on third-party/outside urls, while business are more likely to share posts, videos, and other items that are within the Facebook social network already.
I chose this article because on HW 1 there was a question asking users to identify a spam account from a simple graph. The way that we were suggested to parse the graph for the fake node was by looking for triadic closures, or areas where we would expect or not expect to find friendships: in friendship adverse areas we are more likely to find spam profiles connecting users than real users, and this follows when the area dividing a friendship is something logical such as geography (two profiles aren’t connected because one lives in semi-rural Alabama and the other lives in Japan), language, or culture. But for smaller networks, the divides between user groups are less suspicious, such as by activity, and its possible that a real user could persist across multiple groups in areas where we wouldn’t normally expect a connection. I saw myself in the spam node from the HW, who had only a few friend accounts that were spread across different groups not expected to meet. This article’s analysis of some of the other defining features of a spam profile has helped me understand how a security team might look at a small network and determine which users are simply “odd”, and which users aren’t users at all.