Abstract
Sybil accounts are fake identities created to unfairly increase the power or resources of a single malicious user. Researchers have long known about the existence of Sybil accounts in online communities such as file-sharing systems, but they have not been able to perform large-scale measurements to detect them or measure their activities. In this article, we describe our efforts to detect, characterize, and understand Sybil account activity in the Renren Online Social Network (OSN). We use ground truth provided by Renren Inc. to build measurement-based Sybil detectors and deploy them on Renren to detect more than 100,000 Sybil accounts. Using our full dataset of 650,000 Sybils, we examine several aspects of Sybil behavior. First, we study their link creation behavior and find that contrary to prior conjecture, Sybils in OSNs do not form tight-knit communities. Next, we examine the fine-grained behaviors of Sybils on Renren using clickstream data. Third, we investigate behind-the-scenes collusion between large groups of Sybils. Our results reveal that Sybils with no explicit social ties still act in concert to launch attacks. Finally, we investigate enhanced techniques to identify stealthy Sybils. In summary, our study advances the understanding of Sybil behavior on OSNs and shows that Sybils can effectively avoid existing community-based Sybil detectors. We hope that our results will foster new research on Sybil detection that is based on novel types of Sybil features.
- Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. 2007. Low-resource routing attacks against Tor. In Proc. of Workshop on Privacy in Electronic Society. Google ScholarDigital Library
- Fabricio Benevenuto, Gabriel Magno, Tiago Rodrigues, and Virgilio Almeida. 2010. Detecting spammers on Twitter. In Proc. of CEAS.Google Scholar
- Fabricio Benevenuto, Tiago Rodrigues, Meeyoung Cha, and Virgilio Almeida. 2009. Characterizing user behavior in online social networks. In Proc. of IMC. Google ScholarDigital Library
- Vincent D. Blondel, Jean-Loup Guillaume, Renaud Lambiotte, and Etienne Lefebvre. 2008. Fast unfolding of communities in large networks. Journal of Statistical Mechanics: Theory and Experiment 10.Google ScholarCross Ref
- Qiang Cao, Michael Sirivianos, Xiaowei Yang, and Tiago Pregueiro. 2012. Aiding the detection of fake accounts in large scale social online services. In Proc. of NSDI. Google ScholarDigital Library
- George Danezis and Prateek Mittal. 2009. SybilInfer: Detecting Sybil nodes using social networks. In Proc of NDSS.Google Scholar
- John R. Douceur. 2002. The Sybil attack. In Proc. of IPTPS. Google ScholarDigital Library
- H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Y. Zhao. 2010. Detecting and characterizing social spam campaigns. In Proc. of IMC. Google ScholarDigital Library
- C. Grier, K. Thomas, V. Paxson, and M. Zhang. 2010. @spam: The underground on 140 characters or less. In Proc. of CCS. Google ScholarDigital Library
- J. Jiang, C. Wilson, X. Wang, P. Huang, W. Sha, Y. Dai, and B. Y. Zhao. 2010. Understanding latent interactions in online social networks. In Proc. of IMC. Google ScholarDigital Library
- C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, V. Paxson, and S. Savage. 2008. Spamalytics: An empirical analysis of spam marketing conversion. In Proc. of CCS. Google ScholarDigital Library
- Haewoon Kwak, Changhyun Lee, Hosung Park, and Sue B. Moon. 2010. What is Twitter, a social network or a news media? In Proc. of WWW. Google ScholarDigital Library
- Kyumin Lee, Brian David Eoff, and James Caverlee. 2011. Seven months with the devils: A long-term study of content polluters on Twitter. In Proc. of ICWSM.Google Scholar
- Amanda Lenhart, Kristen Purcell, Aaron Smith, and Kathryn Zickuhr. 2010. Social media and young adults. Pew Research Center.Google Scholar
- Qiao Lian, Zheng Zhang, Mao Yang, Ben Y. Zhao, Yafei Dai, and Xiaoming Li. 2007. An empirical study of collusion behavior in the Maze P2P file-sharing system. In Proc. of ICDCS. Google ScholarDigital Library
- Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim. 2010. Measuring the mixing time of social graphs. In Proc. of IMC. Google ScholarDigital Library
- M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker. 2011. Dirty jobs: The role of freelance labor in Web service abuse. In Proc. of Usenix Security. Google ScholarDigital Library
- Samantha Murphy. 2010. Teens ditch e-mail for texting and Facebook. MSNBC.com.Google Scholar
- Atif Nazir, Saqib Raza, Chen-Nee Chuah, and Burkhard Schipper. 2010. Ghostbusting Facebook: Detecting and characterizing phantom profiles in online social gaming applications. In Proc. of WOSN. Google ScholarDigital Library
- James Newsome, Elaine Shi, Dawn Song, and Adrian Perrig. 2004. The Sybil attack in sensor networks: Analysis and defenses. In Proc. of IPSN. Google ScholarDigital Library
- Sophos. 2007. Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.Google Scholar
- Tao Stein, Erdong Chen, and Karan Mangla. 2011. Facebook immune system. In Proc. of EuroSys Social Network Systems (SNS). Google ScholarDigital Library
- Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2010. Detecting spammers on social networks. In Proc. of ACSAC. Google ScholarDigital Library
- K. Thomas, C. Grier, V. Paxson, and D. Song. 2011. Suspended accounts in retrospect: An analysis of Twitter spam. In Proc. of IMC. Google ScholarDigital Library
- Nguyen Tran, Bonan Min, Jinyang Li, and Lakshminarayanan Subramanian. 2009. Sybil-resilient online content voting. In Proc. of NSDI. Google ScholarDigital Library
- B. Viswanath, A. Post, K. P. Gummadi, and A. Mislove. 2010. An analysis of social network-based Sybil defenses. In Proc. of SIGCOMM. Google ScholarDigital Library
- Alex Hai Wang. 2010. Don’t follow me: Spam detection on Twitter. In Proc. of SECRYPT.Google Scholar
- Gang Wang, Tristan Konolige, Christo Wilson, Xiao Wang, Heather Zheng, and Ben Zhao. 2013. You are how you click: Clickstream analysis for Sybil detection. In Proc. of Usenix Security. Google ScholarDigital Library
- G. Wang, C. Wilson, X. Zhao, Y. Zhu, M. Mohanlal, H. Zheng, and B. Y. Zhao. 2012. Serf and turf: Crowdturfing for fun and profit. In Proc. of WWW. Google ScholarDigital Library
- Steve Webb, James Caverlee, and Calton Pu. 2008. Social honeypots: Making friends with a spammer near you. In Proc. of CEAS.Google Scholar
- Christo Wilson, Bryce Boe, Alessandra Sala, Krishna P. N. Puttaswamy, and Ben Y. Zhao. 2009. User interactions in social networks and their implications. In Proc. of EuroSys. Google ScholarDigital Library
- Zhi Yang, Christo Wilson, Xiao Wang, Tingting Gao, Ben Y. Zhao, and Yafei Dai. 2011. Uncovering social network Sybils in the wild. In Proc. of IMC. Google ScholarDigital Library
- Sarita Yardi, Daniel Romero, Grant Schoenebeck, and Danah Boyd. 2010. Detecting spam in a Twitter network. First Monday 15, 1.Google Scholar
- Haifeng Yu, Phillip B. Gibbons, Michael Kaminsky, and Feng Xiao. 2008. SybilLimit: A near-optimal social network defense against Sybil attacks. In Proc. of IEEE S&P. Google ScholarDigital Library
- Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman. 2006. SybilGuard: Defending against Sybil attacks via social networks. In Proc. of SIGCOMM. Google ScholarDigital Library
Index Terms
- Uncovering social network Sybils in the wild
Recommendations
Uncovering social network sybils in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conferenceSybil accounts are fake identities created to unfairly increase the power or resources of a single user. Researchers have long known about the existence of Sybil accounts in online communities such as file-sharing systems, but have not been able to ...
An analysis of social network-based Sybil defenses
SIGCOMM '10Recently, there has been much excitement in the research community over using social networks to mitigate multiple identity, or Sybil, attacks. A number of schemes have been proposed, but they differ greatly in the algorithms they use and in the ...
An analysis of social network-based Sybil defenses
SIGCOMM '10: Proceedings of the ACM SIGCOMM 2010 conferenceRecently, there has been much excitement in the research community over using social networks to mitigate multiple identity, or Sybil, attacks. A number of schemes have been proposed, but they differ greatly in the algorithms they use and in the ...
Comments