ABSTRACT
People have long been aware of malicious users that impersonate celebrities or launch identity theft attacks in social networks. However, beyond anecdotal evidence, there have been no in-depth studies of impersonation attacks in today's social networks. One reason for the lack of studies in this space is the absence of datasets about impersonation attacks. To this end, we propose a technique to build extensive datasets of impersonation attacks in current social networks and we gather 16,572 cases of impersonation attacks in the Twitter social network. Our analysis reveals that most identity impersonation attacks are not targeting celebrities or identity theft. Instead, we uncover a new class of impersonation attacks that clone the profiles of ordinary people on Twitter to create real-looking fake identities and use them in malicious activities such as follower fraud. We refer to these as the doppelgänger bot attacks. Our findings show (i) that identity impersonation attacks are much broader than believed and can impact any user, not just celebrities and (ii) that attackers are evolving and create real-looking accounts that are harder to detect by current systems. We also propose and evaluate methods to automatically detect impersonation attacks sooner than they are being detected in today's Twitter social network.
- Bing Maps API. http://www.microsoft.com/maps/developers/web.aspx.Google Scholar
- Get better results with less effort with Mechanical Turk Masters -- The Mechanical Turk blog. http://bit.ly/112GmQI.Google Scholar
- F. Benevenuto, G. Magno, T. Rodrigues, and V. Almeida. Detecting spammers on Twitter. In CEAS'10.Google Scholar
- P. Bhattacharya, M. B. Zafar, N. Ganguly, S. Ghosh, and K. P. Gummadi. Inferring user interests in the twitter social network. In RecSys '14. Google ScholarDigital Library
- L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: Automated identity theft attacks on social networks. In WWW'09. Google ScholarDigital Library
- Q. Cao, M. Sirivianos, X. Yang, and T. Pregueiro. Aiding the detection of fake accounts in large scale social online services. In NSDI'12. Google ScholarDigital Library
- W. W. Cohen, P. Ravikumar, and S. E. Fienberg. A comparison of string distance metrics for name-matching tasks. In IJCAI'03.Google Scholar
- S. Corpus, 2015. http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/snowball/stopwords/.Google Scholar
- O. Goga. Matching User Accounts Across Online Social Networks: Methods and Applications. PhD thesis, Université Pierre et Marie Curie, 2014.Google Scholar
- O. Goga, P. Loiseau, R. Sommer, R. Teixeira, and K. Gummadi. On the reliability of profile matching across large online social networks. In KDD, 2015. Google ScholarDigital Library
- B.-Z. He, C.-M. Chen, Y.-P. Su, and H.-M. Sun. A defence scheme against identity theft attack based on multiple social networks. Expert Syst. Appl., 2014. Google ScholarDigital Library
- Internetnews. Microsoft survey: Online 'reputation' counts, 2010. http://www.internetnews.com/webcontent/article.php/3861241/Microsoft+Survey+Online+Reputation+Counts.htm.Google Scholar
- L. Jin, H. Takabi, and J. B. Joshi. Towards active detection of identity clone attacks on online social networks. In CODASPY '11. Google ScholarDigital Library
- A. M. Kakhki, C. Kliman-Silver, and A. Mislove. Iolaus: Securing online content rating systems. In WWW'13.Google Scholar
- M. Y. Kharaji, F. S. Rizi, and M. Khayyambashi. A new approach for finding cloned profiles in online social networks. International Journal of Network Security, 2014.Google Scholar
- Klout. Klout, 2014. http://klout.com/.Google Scholar
- G. Kontaxis, I. Polakis, S. Ioannidis, and E. Markatos. Detecting social network profile cloning. In PERCOM'11.Google Scholar
- D. G. Lowe. Distinctive image features from scale-invariant keypoints. Int. J. Comput. Vision, 2004. Google ScholarDigital Library
- Mediabistro. Was twitter right to suspend 'christopher walken'?, 2009. https://www.mediabistro.com/alltwitter/was-twitter-right-to-suspend-christopher-walken_b5021.Google Scholar
- A. Mislove, A. Post, K. P. Gummadi, and P. Druschel. Ostra: Leveraging trust to thwart unwanted communication. In NSDI'08. Google ScholarDigital Library
- M. Mondal, B. Viswanath, A. Clement, P. Druschel, K. P. Gummadi, A. Mislove, and A. Post. Defending against large-scale crawls in online social networks. In CoNEXT'12. Google ScholarDigital Library
- Nairobiwire. Sonko's facebook impersonator arrested, 2014. http://nairobiwire.com/2014/07/mike-sonko-arrested-swindling-public.html?utm_source=rss&utm_medium=rss&utm_campaign=mike-sonko-arrested-swindling-public.Google Scholar
- D. Perito, C. Castelluccia, M. Ali Kâafar, and P. Manils. How unique and traceable are usernames? In Proceedings of the 11th Privacy Enhancing Technologies Symposium (PETS), 2011. Google ScholarDigital Library
- Phash. http://www.phash.org.Google Scholar
- A. Post, V. Shah, and A. Mislove. Bazaar: Strengthening user reputations in online marketplaces. In NSDI'11. Google ScholarDigital Library
- Seattlepi. Racism and twitter impersonation prompt lawsuit for kirkland teen, 2010. http://www.seattlepi.com/local/sound/article/Racism-and-Twitter-impersonation-prompt-lawsuit-893555.php.Google Scholar
- Social Intelligence Corp. http://www.socialintel.com/.Google Scholar
- Spokeo. http://www.spokeo.com/.Google Scholar
- T. Stein, E. Chen, and K. Mangla. Facebook immune system. In SNS'11. Google ScholarDigital Library
- Turnto23. Impersonator continuously creating fake facebook profiles of a well known bakersfield pastor. http://www.turnto23.com/news/local-news/impersonator-continuously-creating-fake-facebook-profiles-of-a-bakersfield-pastor.Google Scholar
- Twitter. Explaining twitter's efforts to shut down spam. https://blog.twitter.com/2012/shutting-down-spammers, 2012.Google Scholar
- Twitter. Twitter reporting impersonation accounts, 2014. https://support.twitter.com/articles/20170142-reporting-impersonation-accounts.Google Scholar
- B. Viswanath, M. A. Bashir, M. Crovella, S. Guha, K. Gummadi, B. Krishnamurthy, and A. Mislove. Towards detecting anomalous user behavior in online social networks. In USENIX Security'14. Google ScholarDigital Library
- B. Viswanath, M. A. Bashir, M. B. Zafar, L. Espin, K. P. Gummadi, and A. Mislove. Trulyfollowing: Discover twitter accounts with suspicious followers. http://trulyfollowing.app-ns.mpi-sws.org/, April 2012. Last accessed Sept 6, 2015.Google Scholar
- B. Viswanath, M. Mondal, A. Clement, P. Druschel, K. Gummadi, A. Mislove, and A. Post. Exploring the design space of social network-based sybil defenses. In COMSNETS'12.Google Scholar
- B. Viswanath, A. Post, K. P. Gummadi, and A. Mislove. An analysis of social network-based sybil defenses. In SIGCOMM '10. Google ScholarDigital Library
- G. Wang, M. Mohanlal, C. Wilson, X. Wang, M. J. Metzger, H. Zheng, and B. Y. Zhao. Social turing tests: Crowdsourcing sybil detection. In NDSS'13.Google Scholar
- Wikibin. Employers using social networks for screening applicants, 2008. http://wikibin.org/articles/employers-using-social-networks-for-screening-applicants.html.Google Scholar
- H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman. Sybilguard: Defending against sybil attacks via social networks. In SIGCOMM '06. Google ScholarDigital Library
- C. M. Zhang and V. Paxson. Detecting and analyzing automated activity on twitter. In PAM'11. Google ScholarDigital Library
Index Terms
- The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks
Recommendations
Distributed denial of service attacks and its defenses in IoT: a survey
AbstractA distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or ...
A defence scheme against Identity Theft Attack based on multiple social networks
Recently, on-line social networking sites become more and more popular. People like to share their personal information such as their name, birthday and photos on these public sites. However, personal information could be misused by attackers. One kind ...
Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems
AbstractDue to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. These ...
Comments