ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (11): 2319-2332.doi: 10.7544/issn1000-1239.2021.20210461

Special Issue: 2021密码学与网络空间安全治理专题

    Next Articles

Study of Wechat Sybil Detection

Yang Zheng1, Yin Qilei1, Li Haoran1, Miao Yuanli1, Yuan Dong1, Wang Qian2, Shen Chao3, Li Qi1   

  1. 1(Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084);2(School of Cyber Science and Engineering, Wuhan University, Wuhan 430072);3(School of Cyber Science and Engineering, Xi’an Jiaotong University, Xi’an 710049)
  • Online:2021-11-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2018YFB1800304), the National Natural Science Foundation of China (61572278, U20B2049, 61822207, 61822309, 61773310, U1736205, 62132011), the Project of BNRist (BNR2020RC0101), and the Shaanxi Province Key Industry Innovation Program (2021ZDLGY01-02).

Abstract: Online social networks (OSNs) are efficient platforms for information dissemination and facilitate our daily life. The value of OSN accounts increases with the popularity of OSNs. In order to obtain profits illegally, attackers leverage OSNs to construct various attacks such as fraud and gambling. A number of solutions have been proposed to protect users’ security, which mainly focuses on detecting malicious accounts (or Sybils) by analyzing user behavior or the propagation of user relations. Unfortunately, it usually takes much time to collect enough data to perform malicious account detection. Attackers can perform different kinds of attacks during the data collection phase. To detect Sybils efficiently, we propose a new approach that leverages account registration attributes to detect Sybils. First, we analyze the existing detection methods in sybil detection. Then, we analyze the registration data of WeChat. We analyze and compare the distribution of Sybils and benign accounts in different registration attributes, and find that Sybils are prone to cluster with some registration attributes. According to these statistics, we extract two kinds of features from different attributes, i.e., synchronization-based features and anomaly-based features, and calculate the similarity of two accounts based on those features. The accounts that have high similarity are more likely to be malicious. Finally, we build a graph upon accounts having a high similarity to cluster malicious users. We calculate a malicious score for each user to infer whether it is a Sybil. We prototype our approach, and the experimental results with real WeChat show that our approach can achieve 96% precision and 60% recall.

Key words: online social network, clustering, sybil detection, account registration characteristics, statistical analysis

CLC Number: