skip to main content
research-article

Uncovering social network Sybils in the wild

Published:01 February 2014Publication History
Skip Abstract Section

Abstract

Sybil accounts are fake identities created to unfairly increase the power or resources of a single malicious user. Researchers have long known about the existence of Sybil accounts in online communities such as file-sharing systems, but they have not been able to perform large-scale measurements to detect them or measure their activities. In this article, we describe our efforts to detect, characterize, and understand Sybil account activity in the Renren Online Social Network (OSN). We use ground truth provided by Renren Inc. to build measurement-based Sybil detectors and deploy them on Renren to detect more than 100,000 Sybil accounts. Using our full dataset of 650,000 Sybils, we examine several aspects of Sybil behavior. First, we study their link creation behavior and find that contrary to prior conjecture, Sybils in OSNs do not form tight-knit communities. Next, we examine the fine-grained behaviors of Sybils on Renren using clickstream data. Third, we investigate behind-the-scenes collusion between large groups of Sybils. Our results reveal that Sybils with no explicit social ties still act in concert to launch attacks. Finally, we investigate enhanced techniques to identify stealthy Sybils. In summary, our study advances the understanding of Sybil behavior on OSNs and shows that Sybils can effectively avoid existing community-based Sybil detectors. We hope that our results will foster new research on Sybil detection that is based on novel types of Sybil features.

References

  1. Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. 2007. Low-resource routing attacks against Tor. In Proc. of Workshop on Privacy in Electronic Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Fabricio Benevenuto, Gabriel Magno, Tiago Rodrigues, and Virgilio Almeida. 2010. Detecting spammers on Twitter. In Proc. of CEAS.Google ScholarGoogle Scholar
  3. Fabricio Benevenuto, Tiago Rodrigues, Meeyoung Cha, and Virgilio Almeida. 2009. Characterizing user behavior in online social networks. In Proc. of IMC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Vincent D. Blondel, Jean-Loup Guillaume, Renaud Lambiotte, and Etienne Lefebvre. 2008. Fast unfolding of communities in large networks. Journal of Statistical Mechanics: Theory and Experiment 10.Google ScholarGoogle ScholarCross RefCross Ref
  5. Qiang Cao, Michael Sirivianos, Xiaowei Yang, and Tiago Pregueiro. 2012. Aiding the detection of fake accounts in large scale social online services. In Proc. of NSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. George Danezis and Prateek Mittal. 2009. SybilInfer: Detecting Sybil nodes using social networks. In Proc of NDSS.Google ScholarGoogle Scholar
  7. John R. Douceur. 2002. The Sybil attack. In Proc. of IPTPS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Y. Zhao. 2010. Detecting and characterizing social spam campaigns. In Proc. of IMC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. Grier, K. Thomas, V. Paxson, and M. Zhang. 2010. @spam: The underground on 140 characters or less. In Proc. of CCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. Jiang, C. Wilson, X. Wang, P. Huang, W. Sha, Y. Dai, and B. Y. Zhao. 2010. Understanding latent interactions in online social networks. In Proc. of IMC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, V. Paxson, and S. Savage. 2008. Spamalytics: An empirical analysis of spam marketing conversion. In Proc. of CCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Haewoon Kwak, Changhyun Lee, Hosung Park, and Sue B. Moon. 2010. What is Twitter, a social network or a news media? In Proc. of WWW. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Kyumin Lee, Brian David Eoff, and James Caverlee. 2011. Seven months with the devils: A long-term study of content polluters on Twitter. In Proc. of ICWSM.Google ScholarGoogle Scholar
  14. Amanda Lenhart, Kristen Purcell, Aaron Smith, and Kathryn Zickuhr. 2010. Social media and young adults. Pew Research Center.Google ScholarGoogle Scholar
  15. Qiao Lian, Zheng Zhang, Mao Yang, Ben Y. Zhao, Yafei Dai, and Xiaoming Li. 2007. An empirical study of collusion behavior in the Maze P2P file-sharing system. In Proc. of ICDCS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim. 2010. Measuring the mixing time of social graphs. In Proc. of IMC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker. 2011. Dirty jobs: The role of freelance labor in Web service abuse. In Proc. of Usenix Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Samantha Murphy. 2010. Teens ditch e-mail for texting and Facebook. MSNBC.com.Google ScholarGoogle Scholar
  19. Atif Nazir, Saqib Raza, Chen-Nee Chuah, and Burkhard Schipper. 2010. Ghostbusting Facebook: Detecting and characterizing phantom profiles in online social gaming applications. In Proc. of WOSN. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. James Newsome, Elaine Shi, Dawn Song, and Adrian Perrig. 2004. The Sybil attack in sensor networks: Analysis and defenses. In Proc. of IPSN. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Sophos. 2007. Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.Google ScholarGoogle Scholar
  22. Tao Stein, Erdong Chen, and Karan Mangla. 2011. Facebook immune system. In Proc. of EuroSys Social Network Systems (SNS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2010. Detecting spammers on social networks. In Proc. of ACSAC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. K. Thomas, C. Grier, V. Paxson, and D. Song. 2011. Suspended accounts in retrospect: An analysis of Twitter spam. In Proc. of IMC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Nguyen Tran, Bonan Min, Jinyang Li, and Lakshminarayanan Subramanian. 2009. Sybil-resilient online content voting. In Proc. of NSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. B. Viswanath, A. Post, K. P. Gummadi, and A. Mislove. 2010. An analysis of social network-based Sybil defenses. In Proc. of SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Alex Hai Wang. 2010. Don’t follow me: Spam detection on Twitter. In Proc. of SECRYPT.Google ScholarGoogle Scholar
  28. Gang Wang, Tristan Konolige, Christo Wilson, Xiao Wang, Heather Zheng, and Ben Zhao. 2013. You are how you click: Clickstream analysis for Sybil detection. In Proc. of Usenix Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. G. Wang, C. Wilson, X. Zhao, Y. Zhu, M. Mohanlal, H. Zheng, and B. Y. Zhao. 2012. Serf and turf: Crowdturfing for fun and profit. In Proc. of WWW. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Steve Webb, James Caverlee, and Calton Pu. 2008. Social honeypots: Making friends with a spammer near you. In Proc. of CEAS.Google ScholarGoogle Scholar
  31. Christo Wilson, Bryce Boe, Alessandra Sala, Krishna P. N. Puttaswamy, and Ben Y. Zhao. 2009. User interactions in social networks and their implications. In Proc. of EuroSys. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Zhi Yang, Christo Wilson, Xiao Wang, Tingting Gao, Ben Y. Zhao, and Yafei Dai. 2011. Uncovering social network Sybils in the wild. In Proc. of IMC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Sarita Yardi, Daniel Romero, Grant Schoenebeck, and Danah Boyd. 2010. Detecting spam in a Twitter network. First Monday 15, 1.Google ScholarGoogle Scholar
  34. Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. 2008. SybilLimit: A near-optimal social network defense against Sybil attacks. In Proc. of IEEE S&P. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman. 2006. SybilGuard: Defending against Sybil attacks via social networks. In Proc. of SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Uncovering social network Sybils in the wild

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Knowledge Discovery from Data
          ACM Transactions on Knowledge Discovery from Data  Volume 8, Issue 1
          Casin special issue
          February 2014
          157 pages
          ISSN:1556-4681
          EISSN:1556-472X
          DOI:10.1145/2582178
          Issue’s Table of Contents

          Copyright © 2014 ACM

          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 1 February 2014
          • Revised: 1 September 2012
          • Received: 1 September 2012
          • Accepted: 1 September 2012
          Published in tkdd Volume 8, Issue 1

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader