research-article

The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks

Authors:
Oana Goga

MPI-SWS, Saarbrucken, Germany

MPI-SWS, Saarbrucken, Germany
View Profile

,
Giridhari Venkatadri

MPI-SWS, Giridhari Venkatadri giridhar, Germany

MPI-SWS, Giridhari Venkatadri giridhar, Germany
View Profile

,
Krishna P. Gummadi

MPI-SWS, Saarbrucken, Germany

MPI-SWS, Saarbrucken, Germany
View Profile

IMC '15: Proceedings of the 2015 Internet Measurement ConferenceOctober 2015Pages 141–153https://doi.org/10.1145/2815675.2815699

Published:28 October 2015Publication History

IMC '15: Proceedings of the 2015 Internet Measurement Conference

Pages 141–153

ABSTRACT

People have long been aware of malicious users that impersonate celebrities or launch identity theft attacks in social networks. However, beyond anecdotal evidence, there have been no in-depth studies of impersonation attacks in today's social networks. One reason for the lack of studies in this space is the absence of datasets about impersonation attacks. To this end, we propose a technique to build extensive datasets of impersonation attacks in current social networks and we gather 16,572 cases of impersonation attacks in the Twitter social network. Our analysis reveals that most identity impersonation attacks are not targeting celebrities or identity theft. Instead, we uncover a new class of impersonation attacks that clone the profiles of ordinary people on Twitter to create real-looking fake identities and use them in malicious activities such as follower fraud. We refer to these as the doppelgänger bot attacks. Our findings show (i) that identity impersonation attacks are much broader than believed and can impact any user, not just celebrities and (ii) that attackers are evolving and create real-looking accounts that are harder to detect by current systems. We also propose and evaluate methods to automatically detect impersonation attacks sooner than they are being detected in today's Twitter social network.

References

Bing Maps API. http://www.microsoft.com/maps/developers/web.aspx.Google Scholar
Get better results with less effort with Mechanical Turk Masters -- The Mechanical Turk blog. http://bit.ly/112GmQI.Google Scholar
F. Benevenuto, G. Magno, T. Rodrigues, and V. Almeida. Detecting spammers on Twitter. In CEAS'10.Google Scholar
P. Bhattacharya, M. B. Zafar, N. Ganguly, S. Ghosh, and K. P. Gummadi. Inferring user interests in the twitter social network. In RecSys '14. Google ScholarDigital Library
L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: Automated identity theft attacks on social networks. In WWW'09. Google ScholarDigital Library
Q. Cao, M. Sirivianos, X. Yang, and T. Pregueiro. Aiding the detection of fake accounts in large scale social online services. In NSDI'12. Google ScholarDigital Library
W. W. Cohen, P. Ravikumar, and S. E. Fienberg. A comparison of string distance metrics for name-matching tasks. In IJCAI'03.Google Scholar
S. Corpus, 2015. http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/snowball/stopwords/.Google Scholar
O. Goga. Matching User Accounts Across Online Social Networks: Methods and Applications. PhD thesis, Université Pierre et Marie Curie, 2014.Google Scholar
O. Goga, P. Loiseau, R. Sommer, R. Teixeira, and K. Gummadi. On the reliability of profile matching across large online social networks. In KDD, 2015. Google ScholarDigital Library
B.-Z. He, C.-M. Chen, Y.-P. Su, and H.-M. Sun. A defence scheme against identity theft attack based on multiple social networks. Expert Syst. Appl., 2014. Google ScholarDigital Library
Internetnews. Microsoft survey: Online 'reputation' counts, 2010. http://www.internetnews.com/webcontent/article.php/3861241/Microsoft+Survey+Online+Reputation+Counts.htm.Google Scholar
L. Jin, H. Takabi, and J. B. Joshi. Towards active detection of identity clone attacks on online social networks. In CODASPY '11. Google ScholarDigital Library
A. M. Kakhki, C. Kliman-Silver, and A. Mislove. Iolaus: Securing online content rating systems. In WWW'13.Google Scholar
M. Y. Kharaji, F. S. Rizi, and M. Khayyambashi. A new approach for finding cloned profiles in online social networks. International Journal of Network Security, 2014.Google Scholar
Klout. Klout, 2014. http://klout.com/.Google Scholar
G. Kontaxis, I. Polakis, S. Ioannidis, and E. Markatos. Detecting social network profile cloning. In PERCOM'11.Google Scholar
D. G. Lowe. Distinctive image features from scale-invariant keypoints. Int. J. Comput. Vision, 2004. Google ScholarDigital Library
Mediabistro. Was twitter right to suspend 'christopher walken'?, 2009. https://www.mediabistro.com/alltwitter/was-twitter-right-to-suspend-christopher-walken_b5021.Google Scholar
A. Mislove, A. Post, K. P. Gummadi, and P. Druschel. Ostra: Leveraging trust to thwart unwanted communication. In NSDI'08. Google ScholarDigital Library
M. Mondal, B. Viswanath, A. Clement, P. Druschel, K. P. Gummadi, A. Mislove, and A. Post. Defending against large-scale crawls in online social networks. In CoNEXT'12. Google ScholarDigital Library
Nairobiwire. Sonko's facebook impersonator arrested, 2014. http://nairobiwire.com/2014/07/mike-sonko-arrested-swindling-public.html?utm_source=rss&utm_medium=rss&utm_campaign=mike-sonko-arrested-swindling-public.Google Scholar
D. Perito, C. Castelluccia, M. Ali Kâafar, and P. Manils. How unique and traceable are usernames? In Proceedings of the 11th Privacy Enhancing Technologies Symposium (PETS), 2011. Google ScholarDigital Library
Phash. http://www.phash.org.Google Scholar
A. Post, V. Shah, and A. Mislove. Bazaar: Strengthening user reputations in online marketplaces. In NSDI'11. Google ScholarDigital Library
Seattlepi. Racism and twitter impersonation prompt lawsuit for kirkland teen, 2010. http://www.seattlepi.com/local/sound/article/Racism-and-Twitter-impersonation-prompt-lawsuit-893555.php.Google Scholar
Social Intelligence Corp. http://www.socialintel.com/.Google Scholar
Spokeo. http://www.spokeo.com/.Google Scholar
T. Stein, E. Chen, and K. Mangla. Facebook immune system. In SNS'11. Google ScholarDigital Library
Turnto23. Impersonator continuously creating fake facebook profiles of a well known bakersfield pastor. http://www.turnto23.com/news/local-news/impersonator-continuously-creating-fake-facebook-profiles-of-a-bakersfield-pastor.Google Scholar
Twitter. Explaining twitter's efforts to shut down spam. https://blog.twitter.com/2012/shutting-down-spammers, 2012.Google Scholar
Twitter. Twitter reporting impersonation accounts, 2014. https://support.twitter.com/articles/20170142-reporting-impersonation-accounts.Google Scholar
B. Viswanath, M. A. Bashir, M. Crovella, S. Guha, K. Gummadi, B. Krishnamurthy, and A. Mislove. Towards detecting anomalous user behavior in online social networks. In USENIX Security'14. Google ScholarDigital Library
B. Viswanath, M. A. Bashir, M. B. Zafar, L. Espin, K. P. Gummadi, and A. Mislove. Trulyfollowing: Discover twitter accounts with suspicious followers. http://trulyfollowing.app-ns.mpi-sws.org/, April 2012. Last accessed Sept 6, 2015.Google Scholar
B. Viswanath, M. Mondal, A. Clement, P. Druschel, K. Gummadi, A. Mislove, and A. Post. Exploring the design space of social network-based sybil defenses. In COMSNETS'12.Google Scholar
B. Viswanath, A. Post, K. P. Gummadi, and A. Mislove. An analysis of social network-based sybil defenses. In SIGCOMM '10. Google ScholarDigital Library
G. Wang, M. Mohanlal, C. Wilson, X. Wang, M. J. Metzger, H. Zheng, and B. Y. Zhao. Social turing tests: Crowdsourcing sybil detection. In NDSS'13.Google Scholar
Wikibin. Employers using social networks for screening applicants, 2008. http://wikibin.org/articles/employers-using-social-networks-for-screening-applicants.html.Google Scholar
H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman. Sybilguard: Defending against sybil attacks via social networks. In SIGCOMM '06. Google ScholarDigital Library
C. M. Zhang and V. Paxson. Detecting and analyzing automated activity on twitter. In PAM'11. Google ScholarDigital Library

Index Terms

The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks
1. Information systems
  1. World Wide Web
    1. Web applications
      1. Internet communications tools

Recommendations

Distributed denial of service attacks and its defenses in IoT: a survey
Abstract
A distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or ...
Read More
A defence scheme against Identity Theft Attack based on multiple social networks

Recently, on-line social networking sites become more and more popular. People like to share their personal information such as their name, birthday and photos on these public sites. However, personal information could be misused by attackers. One kind ...
Read More
Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems
Abstract
Due to the numerous advantages of machine learning (ML) algorithms, many applications now incorporate them. However, many studies in the field of image classification have shown that MLs can be fooled by a variety of adversarial attacks. These ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IMC '15: Proceedings of the 2015 Internet Measurement Conference
October 2015
550 pages
ISBN:9781450338486
DOI:10.1145/2815675
General Chairs:
Kenjiro Cho
IIJ/Keio University
,
Kensuke Fukuda
NII/Sokendai
,
Program Chairs:
Vivek Pai
Google
,
Neil Spring
University of Maryland
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 October 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
identity impersonation
online identity
security and privacy
social networks
Qualifiers
- research-article
Conference

Acceptance Rates
IMC '15 Paper Acceptance Rate31of96submissions,32%Overall Acceptance Rate277of1,083submissions,26%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 33
  Total Citations
  View Citations
- 654
  Total Downloads
- Downloads (Last 12 months)72
- Downloads (Last 6 weeks)9
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

The Doppelgänger Bot Attack: Exploring Identity Impersonation in Online Social Networks

IMC '15: Proceedings of the 2015 Internet Measurement Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Distributed denial of service attacks and its defenses in IoT: a survey

A defence scheme against Identity Theft Attack based on multiple social networks

Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems