Jianyu Wang,Rui Wen,Chunming Wu,Jian Xiong

DOI: https://doi.org/10.1145/3366424.3383756

2020-01-01

Abstract:The online review system provides a platform for consumers to express their opinions and make decisions. However, the spam review has become a widespread problem recently. Existing detection systems are mostly designed for fraudsters who write fake reviews to promote their products or mislead consumers in E-commerce (e.g., Amazon, Yelp, Alibaba). In this paper, we focus on spams in the large-scale online app review platform. Through an in-depth analysis of 5 million reviews from the Tencent App store, we find almost half of the reviews are spams. Even worse, most of the reviews are deliberately designed by fraud reviewers for misleading classifiers. Specially, we conclude three popular patterns of generating adversarial spams by attackers. Considering the characteristics of spam reviews are adversarial, irregular, and distributed. Human labeling is costly. We build our detection system by utilizing a collective method to spot suspicious users and reviews. First, we trained our two models based on the Behavior-Based Module (BBM) and Content-Based Module (CBM) individually. Then, they are co-trained by getting the feedback from each other. Experiment results show that our method outperforms the state-of-the-art baselines in identifying adversarial examples. Besides, the scalability and effectiveness of our approach have also been demonstrated by deploying it on Tencent Beacon Anti-Fraud System.

Jianyu Wang,Chunming Wu

DOI: https://doi.org/10.1177/0020294020970213

2020-01-01

Abstract:Given users and products that he/she reviews, can we recognize fake reviews just using the text information, or determine whether a reviewer is a fraud or not? Automatically detecting fake reviews and reviewers is an urgent problem and lots of work attempts for discovering linguistics, behaviors and graph patterns. However, in reality, there are new kinds of fraudsters who can change their behaviors to camouflage as genuine reviewers to avoid detection systems. With the fraudsters become distributed, dynamic, and adversarial, anti-spam tasks face a new challenge. In this paper, we tackle the challenge of adversarial fraudsters in online app review platform and propose a system called DDF (Detect, Defense, and Forecast) to uncover camouflage accounts. Firstly, we select a small set of seed with high-precision based on text and behavior features; Secondly, we build our graph-based detection model for uncovering hidden (distant) users who serve structurally similar to the seed by utilizing Graph Convolutional Network (GCN) algorithm. Thirdly, we evaluate DDF using real-world data set from Tencent APP Store and analyze the potential fraudsters detected by DDF. It is worth mentioning that precision can achieve 0.95+. Finally, we validate the efficiency and scalability of DDF and show that it can be well transferred to other anti-spam tasks.

wei deng,ze hui qu,li ye,zhi guang qin

DOI: https://doi.org/10.4028/www.scientific.net/AMR.433-440.5053

2012-01-01

Abstract:With the wide applications of machine learning techniques in spam filtering, malicious adversaries have been increasingly launching attacks against the filtering systems. In this paper, we model the interaction between the data miner and the adversary as Stackelberg games. Though existing algorithms for Stackelberg games efficiently find optimal solutions, they critically assume the follower plays optimally and rationally. Unfortunately, in real-world applications, because of follower's bounded rationality and limited observation of the leader's strategy, it may deviate from their expected optimal response. Considering this crucial problem, this paper solve for the Nash equilibrium. Experiments on real spam dataset demonstrate that bounded rationality and limited observation can make Stackelberg games more practical and provide interesting insights about the interaction between the data miner and the spammer in spam filtering.

Yushun Xie,Zhaoquan Gu,Xiaopeng Fu,Le Wang,Weihong Han,Yuexuan Wang

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics50389.2020.00103

2020-01-01

Abstract:Deep neural networks are vulnerable to the adversarial examples that are generated by adding small perturbations to the original inputs. Similarly, traditional machine learning models such as logistic regression and support vector machine are also threatened by such carefully generated adversarial examples. In this paper, we study the adversarial texts that could mislead the sentiment analysis of traditional machine learning models. We present the Ensemble Word Addition (EWA) algorithm, which filters out a small number of words that have large attack ability and these words are added at the end of the original text. By extensive experiments, we show that the generated adversarial texts could fool some traditional machine learning models with a very high confidence, but they cannot affect human's judgment. The experimental results show that the proposed algorithm has a powerful attack ability to misleading the sentiment analysis, specifically the attack success rate could reach above 95% by only adding 4.6% words.

Guangchen Ruan,Ying Tan

DOI: https://doi.org/10.1109/icnc.2007.448

2007-01-01

Abstract:This paper proposes intelligent detection approaches based on Incremental Support Vector Machine and Artificial Immune System for the spam of e-mail stream. In the approaches, a window is used to hold several classifiers each of which classifies the e-mail independently and the label of the e-mail is given by a strategy of majority voting. Exceeding margin update technique is also used for the dynamical update of each classifier in the window. A sliding window is employed for purge of out-of-date knowledge so far. Techniques above endow our algorithm with dynamical and adaptive properties as well as the ability to trace the changing of the content of e-mails and user's interests in a continuous way. We conduct many experiments on two public benchmark corpus called PU1 and Ling. Experimental results demonstrate that the proposed intelligent detection approaches for spam give a promising performance.

Yuanchun Zhu,Ying Tan

DOI: https://doi.org/10.1109/tifs.2010.2103060

IF: 7.231

2011-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Inspired from the biological immune system, we propose a local concentration (LC)-based feature extraction approach for anti-spam. The LC approach is considered to be able to effectively extract position-correlated information from messages by transforming each area of a message to a corresponding LC feature. Two implementation strategies of the LC approach are designed using a fixed-length sliding window and a variable-length sliding window. To incorporate the LC approach into the whole process of spam filtering, a generic LC model is designed. In the LC model, two types of detector sets are at first generated by using term selection methods and a well-defined tendency threshold. Then a sliding window is adopted to divide the message into individual areas. After segmentation of the message, the concentration of detectors is calculated and taken as the feature for each local area. Finally, all the features of local areas are combined as a feature vector of the message. To evaluate the proposed LC model, several experiments are conducted on five benchmark corpora using the cross-validation method. It is shown that the LC approach cooperates well with three term selection methods, which endows it with flexible applicability in the real world. Compared to the global-concentration-based approach and the prevalent bag-of-words approach, the LC approach has better performance in terms of both accuracy and F1 measure. It is also demonstrated that the LC approach is robust against messages with variable message length.

Lili Diao,Chengzhong Yang,Hao Wang

DOI: https://doi.org/10.1080/0952813x.2011.610033

2011-01-01

Journal of Experimental & Theoretical Artificial Intelligence

Abstract:The Internet has been flooded with spam emails, and during the last decade there has been an increasing demand for reliable anti-spam email filters. The problem of filtering emails can be considered as a classification problem in the field of supervised learning. Theoretically, many mature technologies, for example, support vector machines (SVM), can be used to solve this problem. However, in real enterprise applications, the training data are typically collected via honeypots and thus are always of huge amounts and highly biased towards spam emails. This challenges both efficiency and effectiveness of conventional technologies. In this article, we propose an undersampling method to compress and balance the training set used for the conventional SVM classifier with minimal information loss. The key observation is that we can make a trade-off between training set size and information loss by carefully defining a similarity measure between data samples. Our experiments show that the SVM classifier provides a better performance by applying our compressing and balancing approach.

Tao Wang,Hua Zhu

DOI: https://doi.org/10.48550/arXiv.1409.4504

2014-09-16

Computation and Language

Abstract:Consumers' purchase decisions are increasingly influenced by user-generated online reviews. Accordingly, there has been growing concern about the potential for posting deceptive opinion spam fictitious reviews that have been deliberately written to sound authentic, to deceive the readers. Existing approaches mainly focus on developing automatic supervised learning based methods to help users identify deceptive opinion spams. This work, we used the LSI and Sprinkled LSI technique to reduce the dimension for deception detection. We make our contribution to demonstrate what LSI is capturing in latent semantic space and reveal how deceptive opinions can be recognized automatically from truthful opinions. Finally, we proposed a voting scheme which integrates different approaches to further improve the classification performance.

Chen-Wei Chang,Shailik Sarkar,Shutonu Mitra,Qi Zhang,Hossein Salemi,Hemant Purohit,Fengxiu Zhang,Michin Hong,Jin-Hee Cho,Chang-Tien Lu

2024-12-01

Abstract:Can we trust Large Language Models (LLMs) to accurately predict scam? This paper investigates the vulnerabilities of LLMs when facing adversarial scam messages for the task of scam detection. We addressed this issue by creating a comprehensive dataset with fine-grained labels of scam messages, including both original and adversarial scam messages. The dataset extended traditional binary classes for the scam detection task into more nuanced scam types. Our analysis showed how adversarial examples took advantage of vulnerabilities of a LLM, leading to high misclassification rate. We evaluated the performance of LLMs on these adversarial scam messages and proposed strategies to improve their robustness.

Cryptography and Security,Artificial Intelligence,Computers and Society

Federico Concone,Salvatore Gaglio,Andrea Giammanco,Giuseppe Lo Re,Marco Morana

DOI: https://doi.org/10.1145/3643563

IF: 2.717

2024-01-26

ACM Transactions on Privacy and Security

Abstract:In recent years, the widespread adoption of Machine Learning (ML) at the core of complex IT systems has driven researchers to investigate the security and reliability of ML techniques. A very specific kind of threats concerns the adversary mechanisms through which an attacker could induce a classification algorithm to provide the desired output. Such strategies, known as Adversarial Machine Learning (AML), have a twofold purpose: to calculate a perturbation to be applied to the classifier’s input such that the outcome is subverted, while maintaining the underlying intent of the original data. Although any manipulation that accomplishes these goals is theoretically acceptable, in real scenarios perturbations must correspond to a set of permissible manipulations of the input, which is rarely considered in the literature. In this paper, we present AdverSPAM , an AML technique designed to fool the spam account detection system of an Online Social Network (OSN). The proposed black-box evasion attack is formulated as an optimization problem that computes the adversarial sample while maintaining two important properties of the feature space, namely statistical correlation and semantic dependency . Although being demonstrated in an OSN security scenario, such an approach might be applied in other context where the aim is to perturb data described by mutually related features. Experiments conducted on a public dataset show the effectiveness of AdverSPAM compared to five state-of-the-art competitors, even in the presence of adversarial defense mechanisms.

computer science, information systems

Ying Tan,Chao Deng,Guangchen Ruan

DOI: https://doi.org/10.1109/ijcnn.2009.5178651

2009-01-01

Abstract:Inspired by human immune system, a concentration based feature construction (CFC) approach which utilizes a two-element concentration vector as the feature vector is proposed for spam detection in this paper. In the CFC approach, 'self' and 'non-self' concentrations are constructed by using 'self' and 'non-self' gene libraries, respectively, and subsequently are used to form a vector with two elements of concentrations for characterizing the e-mail efficiently. As a result, the design of classifier actually amounts to establishing a mapping between two real-value inputs and one binary output. The classification of the e-mail is considered as an optimization problem aiming at minimizing a formulated cost function. A clonal particle swarm optimization (CPSO) algorithm proposed by the leading author is also employed for this purpose. Several classifiers including linear discriminant, multi-layer neural networks and support vector machine are used to verify the effectiveness and robustness of the CFC approach. Experimental results demonstrate that the proposed CFC approach not only has a very much fast speed but also gives 97% and 99% of accuracy just using a two-element concentration feature vector on corpus PU1 and Ling, respectively.

Yuanchun Zhu,Ying Tan

DOI: https://doi.org/10.1109/CEC.2010.5586290

2010-01-01

Abstract:Inspired from Biological Immune System, we propose a local concentration based feature extraction (LC) approach for anti-spam. A general anti-spam model is built to incorporate the LC approach with term selection methods and classifiers. In the LC model, each message is divided into areas by a sliding window. At each area, a two-dimensional feature is constructed by calculating the concentrations of spam and legitimate email. Then all the features of each area are combined together as a whole feature vector. Several experiments are conducted on four benchmark corpora, by using 10-fold cross-validation. It is shown that the LC approach can extract the effective position correlated information from messages. Compared to the prevalent Bag-of-Words approach, the LC has better performance in terms of both accuracy and F1 measure. Most significantly, the LC approach can reduce feature dimensionality greatly and has much faster speed.

Qianqiao Xu,Zhiliang Tian,Hongyan Wu,Zhen Huang,Yiping Song,Feng Liu,Dongsheng Li

2024-04-03

Abstract:With the enhanced performance of large models on natural language processing tasks, potential moral and ethical issues of large models arise. There exist malicious attackers who induce large models to jailbreak and generate information containing illegal, privacy-invasive information through techniques such as prompt engineering. As a result, large models counter malicious attackers' attacks using techniques such as safety alignment. However, the strong defense mechanism of the large model through rejection replies is easily identified by attackers and used to strengthen attackers' capabilities. In this paper, we propose a multi-agent attacker-disguiser game approach to achieve a weak defense mechanism that allows the large model to both safely reply to the attacker and hide the defense intent. First, we construct a multi-agent framework to simulate attack and defense scenarios, playing different roles to be responsible for attack, disguise, safety evaluation, and disguise evaluation tasks. After that, we design attack and disguise game algorithms to optimize the game strategies of the attacker and the disguiser and use the curriculum learning process to strengthen the capabilities of the agents. The experiments verify that the method in this paper is more effective in strengthening the model's ability to disguise the defense intent compared with other methods. Moreover, our approach can adapt any black-box large model to assist the model in defense and does not suffer from model version iterations.

Artificial Intelligence,Computation and Language

Jiwei Li,Claire Cardie,Sujian Li

2013-01-01

Abstract:Product reviews are now widely used by individuals and organizations for decision making (Litvin et al., 2008; Jansen, 2010). And because of the profits at stake, people have been known to try to game the system by writing fake reviews to promote target products. As a result, the task of deceptive review detection has been gaining increasing attention. In this paper, we propose a generative LDA-based topic modeling approach for fake review detection. Our model can aptly detect the subtle differences between deceptive reviews and truthful ones and achieves about 95% accuracy on review spam datasets, outperforming existing baselines by a large margin.

Tianchun Wang,Yuanzhou Chen,Zichuan Liu,Zhanwen Chen,Haifeng Chen,Xiang Zhang,Wei Cheng

2024-10-25

Abstract:The advent of large language models (LLMs) has revolutionized the field of text generation, producing outputs that closely mimic human-like writing. Although academic and industrial institutions have developed detectors to prevent the malicious usage of LLM-generated texts, other research has doubt about the robustness of these systems. To stress test these detectors, we introduce a proxy-attack strategy that effortlessly compromises LLMs, causing them to produce outputs that align with human-written text and mislead detection systems. Our method attacks the source model by leveraging a reinforcement learning (RL) fine-tuned humanized small language model (SLM) in the decoding phase. Through an in-depth analysis, we demonstrate that our attack strategy is capable of generating responses that are indistinguishable to detectors, preventing them from differentiating between machine-generated and human-written text. We conduct systematic evaluations on extensive datasets using proxy-attacked open-source models, including Llama2-13B, Llama3-70B, and Mixtral-8*7B in both white- and black-box settings. Our findings show that the proxy-attack strategy effectively deceives the leading detectors, resulting in an average AUROC drop of 70.4% across multiple datasets, with a maximum drop of 90.3% on a single dataset. Furthermore, in cross-discipline scenarios, our strategy also bypasses these detectors, leading to a significant relative decrease of up to 90.9%, while in cross-language scenario, the drop reaches 91.3%. Despite our proxy-attack strategy successfully bypassing the detectors with such significant relative drops, we find that the generation quality of the attacked models remains preserved, even within a modest utility budget, when compared to the text produced by the original, unattacked source model.

Machine Learning,Computation and Language,Cryptography and Security

Tian Xia,Xuemin Chen,Jiacun Wang,Feng Qiu

DOI: https://doi.org/10.3390/s23218975

2023-11-04

Abstract:Short message services (SMS), microblogging tools, instant message apps, and commercial websites produce numerous short text messages every day. These short text messages are usually guaranteed to reach mass audience with low cost. Spammers take advantage of short texts by sending bulk malicious or unwanted messages. Short texts are difficult to classify because of their shortness, sparsity, rapidness, and informal writing. The effectiveness of the hidden Markov model (HMM) for short text classification has been illustrated in our previous study. However, the HMM has limited capability to handle new words, which are mostly generated by informal writing. In this paper, a hybrid model is proposed to address the informal writing issue by weighting new words for fast short text filtering with high accuracy. The hybrid model consists of an artificial neural network (ANN) and an HMM, which are used for new word weighting and spam filtering, respectively. The weight of a new word is calculated based on the weights of its neighbor, along with the spam and ham (i.e., not spam) probabilities of short text message predicted by the ANN. Performance evaluations on benchmark datasets, including the SMS message data maintained by University of California, Irvine; the movie reviews, and the customer reviews are conducted. The hybrid model operates at a significantly higher speed than deep learning models. The experiment results show that the proposed hybrid model outperforms other prominent machine learning algorithms, achieving a good balance between filtering throughput and accuracy.

Guang Lin,Qibin Zhao

2024-08-28

Abstract:Over the past two years, the use of large language models (LLMs) has advanced rapidly. While these LLMs offer considerable convenience, they also raise security concerns, as LLMs are vulnerable to adversarial attacks by some well-designed textual perturbations. In this paper, we introduce a novel defense technique named Large LAnguage MOdel Sentinel (LLAMOS), which is designed to enhance the adversarial robustness of LLMs by purifying the adversarial textual examples before feeding them into the target LLM. Our method comprises two main components: a) Agent instruction, which can simulate a new agent for adversarial defense, altering minimal characters to maintain the original meaning of the sentence while defending against attacks; b) Defense guidance, which provides strategies for modifying clean or adversarial examples to ensure effective defense and accurate outputs from the target LLMs. Remarkably, the defense agent demonstrates robust defensive capabilities even without learning from adversarial examples. Additionally, we conduct an intriguing adversarial experiment where we develop two agents, one for defense and one for attack, and engage them in mutual confrontation. During the adversarial interactions, neither agent completely beat the other. Extensive experiments on both open-source and closed-source LLMs demonstrate that our method effectively defends against adversarial attacks, thereby enhancing adversarial robustness.

Computation and Language,Artificial Intelligence,Cryptography and Security

Malte Josten,Torben Weis

2024-08-26

Abstract:Spam and phishing remain critical threats in cybersecurity, responsible for nearly 90% of security incidents. As these attacks grow in sophistication, the need for robust defensive mechanisms intensifies. Bayesian spam filters, like the widely adopted open-source SpamAssassin, are essential tools in this fight. However, the emergence of large language models (LLMs) such as ChatGPT presents new challenges. These models are not only powerful and accessible, but also inexpensive to use, raising concerns about their misuse in crafting sophisticated spam emails that evade traditional spam filters. This work aims to evaluate the robustness and effectiveness of SpamAssassin against LLM-modified email content. We developed a pipeline to test this vulnerability. Our pipeline modifies spam emails using GPT-3.5 Turbo and assesses SpamAssassin's ability to classify these modified emails correctly. The results show that SpamAssassin misclassified up to 73.7% of LLM-modified spam emails as legitimate. In contrast, a simpler dictionary-replacement attack showed a maximum success rate of only 0.4%. These findings highlight the significant threat posed by LLM-modified spam, especially given the cost-efficiency of such attacks (0.17 cents per email). This paper provides crucial insights into the vulnerabilities of current spam filters and the need for continuous improvement in cybersecurity measures.

Cryptography and Security

Maxime Labonne,Sean Moran

2023-05-07

Abstract:This paper investigates the effectiveness of large language models (LLMs) in email spam detection by comparing prominent models from three distinct families: BERT-like, Sentence Transformers, and Seq2Seq. Additionally, we examine well-established machine learning techniques for spam detection, such as Naïve Bayes and LightGBM, as baseline methods. We assess the performance of these models across four public datasets, utilizing different numbers of training samples (full training set and few-shot settings). Our findings reveal that, in the majority of cases, LLMs surpass the performance of the popular baseline techniques, particularly in few-shot scenarios. This adaptability renders LLMs uniquely suited to spam detection tasks, where labeled samples are limited in number and models require frequent updates. Additionally, we introduce Spam-T5, a Flan-T5 model that has been specifically adapted and fine-tuned for the purpose of detecting email spam. Our results demonstrate that Spam-T5 surpasses baseline models and other LLMs in the majority of scenarios, particularly when there are a limited number of training samples available. Our code is publicly available at <a class="link-external link-https" href="https://github.com/jpmorganchase/emailspamdetection" rel="external noopener nofollow">this https URL</a>.

Computation and Language,Artificial Intelligence

Yang Gao,Guyue Mi,Ying Tan

DOI: https://doi.org/10.1007/978-3-319-11857-4_26

2014-01-01

Abstract:Concentration based feature construction (CFC) approach has been proposed for spam detection. In the CFC approach, Global concentration (GC) and local concentration (LC) are used independently to convert emails to 2-dimensional or 2n-dimensional feature vectors. In this paper, we propose a novel model which selects concentration construction methods adaptively according to the match between testing samples and different kinds of concentration features. By determining which concentration construction method is proper for the current sample, the email is transformed into a corresponding concentration feature vector, which will be further employed by classification techniques in order to obtain the corresponding class. The k-nearest neighbor method is introduced in experiments to evaluate the proposed concentration selection model on the classic and standard corpora, namely PU1, PU2, PU3 and PUA. Experimental results demonstrate that the model performs better than using GC or LC separately, which provides support to the effectiveness of the proposed model and endows it with application in the real world.