Detection of Malicious Accounts in Social Networks
Source: https://doi.org/10.1016/j.jnca.2016.11.030
The paper, “Malicious accounts: Dark of the social network,” by Adewole, Anuar, Kamsin, Varathan, and Razak, provides a comprehensive review about the emergence of malicious activities such as spamming, phishing and distribution of malware as online social networks (OSNs) scales immensely over the past decade. In response to these malicious practices that exploit the relative anonymity of OSNs, researchers working with the companies behind these OSNs have developed techniques to detect these malicious accounts. Some attempts made to identify malicious accounts makes use of social network features, such as the social relationships between accounts, contents posted by the account, profile information, sentiment features and URL posting patterns.
An example that was presented to demonstrate how social network features was examined is the Facebook Immune System, which assumes that malicious users will try to establish social relationships with many people (who will then be spammed and contacted by these malicious users). This feature of how malicious users make connections will distinguish them as being surrounded by the social networks created by actual users. As the actual users share common friends and interests and build large social networks, these malicious users will not “fit” into any of the social networks. This line of reasoning was then applied in the development of many Sybil defense algorithms, which intends to defend against Sybil attacks. However, this approach does have weakness due to how social platforms operate differently. After malicious accounts add more legitimate users, some users might follow them back out of courtesy while not being fully aware of the identity of these malicious accounts. In addition, if malicious accounts that are produced in large quantities can make connections with each other and appear as legitimate accounts due to the network they form.
In general, the discussion of how researchers use social network features to detect fake accounts is relevant to the topic of graph and network covered in this course as social network is applied in this situation to model social relationship and identify specific users. Different social networks can be constructed to model OSNs by utilizing different social network features (as mentioned above) and customizing the edges to convey both qualitative and quantitative information. This paper conveys a crucial real-life application of social networks, which do have much larger scale compared to the ones discussed in this course. In addition, the principle of the triadic closure is relevant to the assumption made in the Facebook Immune System. As the principle of triadic closure implies, when A is linked to B and C, there exists an incentive for the link between B and C to form as A might introduce them to each other and they might have more similarities. Therefore, it is suspicious within a OSN when one node has links with many nodes that are not related to each other at all and each form social networks of their own. This phenomenon contrasts against the implication of triadic closure and makes it highly probable that the node is a spammer.