Abstract:
Online social networks (OSNs) are efficient platforms for information dissemination and facilitate our daily life. The value of OSN accounts increases with the popularity of OSNs. In order to obtain profits illegally, attackers leverage OSNs to construct various attacks such as fraud and gambling. A number of solutions have been proposed to protect users’ security, which mainly focuses on detecting malicious accounts (or Sybils) by analyzing user behavior or the propagation of user relations. Unfortunately, it usually takes much time to collect enough data to perform malicious account detection. Attackers can perform different kinds of attacks during the data collection phase. To detect Sybils efficiently, we propose a new approach that leverages account registration attributes to detect Sybils. First, we analyze the existing detection methods in sybil detection. Then, we analyze the registration data of WeChat. We analyze and compare the distribution of Sybils and benign accounts in different registration attributes, and find that Sybils are prone to cluster with some registration attributes. According to these statistics, we extract two kinds of features from different attributes, i.e., synchronization-based features and anomaly-based features, and calculate the similarity of two accounts based on those features. The accounts that have high similarity are more likely to be malicious. Finally, we build a graph upon accounts having a high similarity to cluster malicious users. We calculate a malicious score for each user to infer whether it is a Sybil. We prototype our approach, and the experimental results with real WeChat show that our approach can achieve 96% precision and 60% recall.