ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2021, Vol. 58 ›› Issue (11): 2319-2332.doi: 10.7544/issn1000-1239.2021.20210461

所属专题: 2021密码学与网络空间安全治理专题

• 信息安全 •    下一篇

微信恶意账号检测研究

杨征1,殷其雷1,李浩然1,苗园莉1,元东1,王骞2,沈超3,李琦1   

  1. 1(清华大学网络科学与网络空间研究院 北京 100084);2(武汉大学国家网络安全学院 武汉 430072);3(西安交通大学网络空间安全学院 西安 710049) (yz17@mails.tsinghua.edu.cn)
  • 出版日期: 2021-11-01
  • 基金资助: 
    国家重点研发计划项目(2018YFB1800304);国家自然科学基金项目(61572278,U20B2049,61822207,61822309,61773310,U1736205,62132011);北京信息科学与技术国家研究中心项目(BNR2020RC0101);陕西省重点产业创新链项目(2021ZDLGY01-02)

Study of Wechat Sybil Detection

Yang Zheng1, Yin Qilei1, Li Haoran1, Miao Yuanli1, Yuan Dong1, Wang Qian2, Shen Chao3, Li Qi1   

  1. 1(Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084);2(School of Cyber Science and Engineering, Wuhan University, Wuhan 430072);3(School of Cyber Science and Engineering, Xi’an Jiaotong University, Xi’an 710049)
  • Online: 2021-11-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2018YFB1800304), the National Natural Science Foundation of China (61572278, U20B2049, 61822207, 61822309, 61773310, U1736205, 62132011), the Project of BNRist (BNR2020RC0101), and the Shaanxi Province Key Industry Innovation Program (2021ZDLGY01-02).

摘要: 社交网络是一个有效的信息传播平台,使得人们的生活更加便捷.同时,在线社交网络也不断提高了社交网络账号的价值.然而,为了获取非法利益,犯罪团伙会利用社交网络平台隐秘地开展各种诈骗、赌博等犯罪活动.为了保护用户的社交安全,各种基于用户行为、关系传播的恶意账号检测方法被提出.此类方法需要积累足够的用户数据才能进行恶意检测,利用这个时间差,犯罪团伙可以开展大量的犯罪活动.首先系统分析了现有恶意账号检测工作.为克服现有方法的缺点而更快地检测恶意账号,设计了一种基于账号注册属性的恶意账号检测方法.方法首先通过分析恶意账号和正常账号在不同属性值上的分布,设计并提取了账号的相似性特征和异常特征;然后基于此计算两两账号的相似度构图以聚类挖掘恶意注册团体,从而有效实现注册阶段的恶意账号检测.

关键词: 在线社交网络, 聚类, 恶意账号检测, 账号注册属性, 统计分析

Abstract: Online social networks (OSNs) are efficient platforms for information dissemination and facilitate our daily life. The value of OSN accounts increases with the popularity of OSNs. In order to obtain profits illegally, attackers leverage OSNs to construct various attacks such as fraud and gambling. A number of solutions have been proposed to protect users’ security, which mainly focuses on detecting malicious accounts (or Sybils) by analyzing user behavior or the propagation of user relations. Unfortunately, it usually takes much time to collect enough data to perform malicious account detection. Attackers can perform different kinds of attacks during the data collection phase. To detect Sybils efficiently, we propose a new approach that leverages account registration attributes to detect Sybils. First, we analyze the existing detection methods in sybil detection. Then, we analyze the registration data of WeChat. We analyze and compare the distribution of Sybils and benign accounts in different registration attributes, and find that Sybils are prone to cluster with some registration attributes. According to these statistics, we extract two kinds of features from different attributes, i.e., synchronization-based features and anomaly-based features, and calculate the similarity of two accounts based on those features. The accounts that have high similarity are more likely to be malicious. Finally, we build a graph upon accounts having a high similarity to cluster malicious users. We calculate a malicious score for each user to infer whether it is a Sybil. We prototype our approach, and the experimental results with real WeChat show that our approach can achieve 96% precision and 60% recall.

Key words: online social network, clustering, sybil detection, account registration characteristics, statistical analysis

中图分类号: