SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs

Junxian Huang, Yinglian Xie, Fang Yu, Qifa Ke, Martin Abadi, Eliot Gillum, and Z. Morley Mao

Abstract

In this paper, we present a novel framework, called SocialWatch,

to detect online service abuse attacks at a large scale. Such attacks

target normal users by sending spam, phishing links, or malware

from a large number of attacker-created accounts or hijacked ac-

counts.

To accurately and robustly detect such malicious behaviors, we

explore a set of social graph properties, ranging from those that

describe individual user behaviors, to those that capture the inter-

actions among users and their social affinities. Altogether, these

graph features effectively model the overall social activity and con-

nectivity patterns of online users. They are hard to mimic by design

and thus robust to attacker counter strategies. In particular, we se-

lect features such as shortest-path distance, degree, and PageRank

to detect attacker-created accounts and identify hijacked accounts,

demonstrating the robustness of some of these features towards at-

tacker counter strategies. We evaluate SocialWatch using a large

dataset from a major email provider with more than 682 million

users and over 5.75 billion directional relationships. SocialWatch

successfully detects 56.85 million attacker-created accounts with a

low false detection rate of 0.75% and a low false negative rate of

0.61%. In addition, this work also addresses the challenge of iden-

tifying hijacked accounts within the legitimate account set through

a Bayesian decision framework. SocialWatch successfully iden-

tified 1.95 million hijacked accounts—among which 1.23 million

were not detected previously—with a low false detection rate of

2%. Our work demonstrates the effectiveness of using large social

graphs at the scale of billions of edges to detect real attacks.

Details

Publication typeTechReport
NumberMSR-TR-2013-24
PublisherMicrosoft Technical Report
> Publications > SocialWatch: Detection of Online Service Abuse via Large-Scale Social Graphs