Guang Yang,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/jiot.2016.2560518

IF: 10.6

2016-01-01

IEEE Internet of Things Journal

Abstract:The past few years have witnessed the dramatic popularity of large-scale social networks where malicious nodes detection is one of the fundamental problems. Most existing works focus on actively detecting malicious nodes by verifying signal correlation or behavior consistency. It may not work well in large-scale social networks since the number of users is extremely large and the difference between normal users and malicious users is inconspicuous. In this paper, we propose a novel approach that leverages the power of users to perform the detection task. We design incentive mechanisms to encourage the participation of users under two scenarios: 1) full information and 2) partial information. In full information scenario, we design a specific incentive scheme for users according to their preferences, which can provide the desirable detection result and minimize overall cost. In partial information scenario, assuming that we only have statistical information about users, we first transform the incentive mechanism design to an optimization problem, and then design the optimal incentive scheme under different system parameters by solving the optimization problem. We perform extensive simulations to validate the analysis and demonstrate the impact of system factors on the overall cost.

Jianyu Wang,Rui Wen,Chunming Wu,Jian Xiong

DOI: https://doi.org/10.1145/3366424.3383756

2020-01-01

Abstract:The online review system provides a platform for consumers to express their opinions and make decisions. However, the spam review has become a widespread problem recently. Existing detection systems are mostly designed for fraudsters who write fake reviews to promote their products or mislead consumers in E-commerce (e.g., Amazon, Yelp, Alibaba). In this paper, we focus on spams in the large-scale online app review platform. Through an in-depth analysis of 5 million reviews from the Tencent App store, we find almost half of the reviews are spams. Even worse, most of the reviews are deliberately designed by fraud reviewers for misleading classifiers. Specially, we conclude three popular patterns of generating adversarial spams by attackers. Considering the characteristics of spam reviews are adversarial, irregular, and distributed. Human labeling is costly. We build our detection system by utilizing a collective method to spot suspicious users and reviews. First, we trained our two models based on the Behavior-Based Module (BBM) and Content-Based Module (CBM) individually. Then, they are co-trained by getting the feedback from each other. Experiment results show that our method outperforms the state-of-the-art baselines in identifying adversarial examples. Besides, the scalability and effectiveness of our approach have also been demonstrated by deploying it on Tencent Beacon Anti-Fraud System.

Rupinder Paul Khandpur,Taoran Ji,Steve Jan,Gang Wang,Chang-Tien Lu,Naren Ramakrishnan

DOI: https://doi.org/10.1145/3132847.3132866

2017-02-25

Abstract:Social media is often viewed as a sensor into various societal events such as disease outbreaks, protests, and elections. We describe the use of social media as a crowdsourced sensor to gain insight into ongoing cyber-attacks. Our approach detects a broad range of cyber-attacks (e.g., distributed denial of service (DDOS) attacks, data breaches, and account hijacking) in an unsupervised manner using just a limited fixed set of seed event triggers. A new query expansion strategy based on convolutional kernels and dependency parses helps model reporting structure and aids in identifying key event characteristics. Through a large-scale analysis over Twitter, we demonstrate that our approach consistently identifies and encodes events, outperforming existing methods.

Cryptography and Security,Human-Computer Interaction,Information Retrieval,Social and Information Networks

Yuli Liu,Yiqun Liu,Min Zhang,Shaoping Ma

2016-01-01

Abstract:A number of existing works have focused on the problem of malicious following activity detection in microblog services. However, most of them make the assumption that the spamming following relationships are either from fraudulent accounts or compromised legitimate users. They therefore developed detection methodologies based on the features derived from this assumption. Recently, a new type of malicious crowdturfing following relationship is provided by the follower market, called voluntary following. Followers who provide voluntary following services (or named volowers) are normal users who are willing to trade their following activities for profit. Since most of their behaviors follow normal patterns, it is difficult for existing methods to detect volowers and their corresponding customers. In this work, we try to solve the voluntary following problem through a newly proposed detection method named DetectVC. This method incorporates both structure information in user following behavior graphs and prior knowledge collected from follower markets. Experimental results on large scale practical microblog data set show that DetectVC is able to detect volowers and their customers simultaneously and it also significantly outperforms existing solutions.

Tian Tian,Jun Zhu,Fen Xia,Xin Zhuang,Tong Zhang

DOI: https://doi.org/10.1145/2736277.2741136

2015-01-01

Abstract:The rise of crowdsourcing brings new types of malpractices in Internet advertising. One can easily hire web workers through malicious crowdsourcing platforms to attack other advertisers. Such human generated crowd frauds are hard to detect by conventional fraud detection methods. In this paper, we carefully examine the characteristics of the group behaviors of crowd fraud and identify three persistent patterns, which are moderateness, synchronicity and dispersivity. Then we propose an effective crowd fraud detection method for search engine advertising based on these patterns, which consists of a constructing stage, a clustering stage and a filtering stage. At the constructing stage, we remove irrelevant data and reorganize the click logs into a surfer-advertiser inverted list; At the clustering stage, we define the sync-similarity between surfers' click histories and transform the coalition detection to a clustering problem, solved by a nonparametric algorithm; and finally we build a dispersity filter to remove false alarm clusters. The nonparametric nature of our method ensures that we can find an unbounded number of coalitions with nearly no human interaction. We also provide a parallel solution to make the method scalable to Web data and conduct extensive experiments. The empirical results demonstrate that our method is accurate and scalable.

Ming-Hsun Yang,Y. -W. Peter Hong,Tsang-Yi Wang,Jwo-Yuh Wu

DOI: https://doi.org/10.1109/icc.2019.8761925

2019-01-01

Abstract:This work proposes efficient methods for the detection of malicious crowdsourcing workers using only privacy-aware group queries. In the proposed system, the crowdsourcing platform first issues a series of standard tasks to the workers, and allows users (i.e., data owners) to access aggregate responses from the workers through group queries that can be described by sparse encoding vectors. The identities of workers associated with individual responses are not explicitly revealed. By exploiting the sparse nature of the encoding vectors, we first propose an approximate maximum a posteriori probability (Approx. MAP) detector to perform the detection. Then, to further reduce computational complexity, we devise a generalized likelihood ratio test (GLRT) where probable malicious workers are first identified before a simple hypothesis test is performed. The identification of malicious workers is performed by a low-complexity probability-based rule that exploits a certain sparse structure inherent in the crowd data as well as the associated statistical assumptions. Computer simulations show that the proposed methods outperform the conventional energy detector.

Xianke Zhou,Ke Chen,Sai Wu,Bingbing Zhang

DOI: https://doi.org/10.1109/icde.2013.6544925

2013-01-01

Abstract:Most crowdsourcing systems leverage the public platforms, such as Amazon Mechanical Turk (AMT), to publish their jobs and collect the results. They are charged for using the platform's service and they are also required to pay the workers for each successful job. Although the average wage of the online human worker is not high, for a 24×7 running service, the crowdsourcing system becomes very expensive to maintain. We observe that there are, in fact, many sources that can provide free online human volunteers. Microblogging system is one of the most promising human resources. In this paper, we present our CrowdAnswer system, which is built on top of Weibo, the largest microblogging system in China. CrowdAnswer is a question-answering system, which distributes various questions to different groups of microblogging users adaptively. The answers are then collected from those users' tweets and visualized for the question originator. CrowdAnswer maintains a virtual credit system. The users need credits to publish questions and they can gain credits by answering the questions. A novel algorithm is proposed to route the questions to the interested users, which tries to maximize the probability of successfully answering a question.

Ping He,Xuhong Zhang,Changting Lin,Ting Wang,Shouling Ji

DOI: https://doi.org/10.1631/fitee.2300068

IF: 2.526

2024-03-24

Frontiers of Information Technology & Electronic Engineering

Abstract:Critical functionality and huge influence of the hot trend/topic page (HTP) in microblogging sites have driven the creation of a new kind of underground service called the bogus traffic service (BTS). BTS provides a kind of illegal service which hijacks the HTP by pushing the controlled topics into it for malicious customers with the goal of guiding public opinions. To hijack HTP, the agents of BTS maintain an army of black-market accounts called bogus traffic accounts (BTAs) and control BTAs to generate a burst of fake traffic by massively retweeting the tweets containing the customer desired topic (hashtag). Although this service has been extensively exploited by malicious customers, little has been done to understand it. In this paper, we conduct a systematic measurement study of the BTS. We first investigate and collect 125 BTS agents from a variety of sources and set up a honey pot account to capture BTAs from these agents. We then build a BTA detector that detects 162 218 BTAs from Weibo, the largest Chinese microblogging site, with a precision of 94.5%. We further use them as a bridge to uncover 296 916 topics that might be involved in bogus traffic. Finally, we uncover the operating mechanism from the perspectives of the attack cycle and the attack entity. The highlights of our findings include the temporal attack patterns and intelligent evasion tactics of the BTAs. These findings bring BTS into the spotlight. Our work will help in understanding and ultimately eliminating this threat.

engineering, electrical & electronic,computer science, information systems, software engineering

Hongyu Gao,Jun Hu,Christo Wilson,Zhichun Li,Yan Chen,Ben Y. Zhao

DOI: https://doi.org/10.1145/1866307.1866396

2010-01-01

Abstract:Online social networks (OSNs) are exceptionally useful collaboration and communication tools for millions of users and their friends. Unfortunately, in the wrong hands, they are also extremely effective tools for executing spam campaigns and spreading malware.In this poster, we present an initial study to detect and quantitatively analyze the coordinated spam campaigns on online social networks in the wild. Our system detected about 200K malicious wall posts with embedded URLs, traced back to roughly 57K accounts. We find that more than 70% of all malicious wall posts are advertising phishing sites.

Cheng Chen,Kui Wu,Venkatesh Srinivasan,Xudong Zhang

DOI: https://doi.org/10.48550/arXiv.1111.4297

2011-11-18

Social and Information Networks

Abstract:We initiate a systematic study to help distinguish a special group of online users, called hidden paid posters, or termed "Internet water army" in China, from the legitimate ones. On the Internet, the paid posters represent a new type of online job opportunity. They get paid for posting comments and new threads or articles on different online communities and websites for some hidden purposes, e.g., to influence the opinion of other people towards certain social events or business markets. Though an interesting strategy in business marketing, paid posters may create a significant negative effect on the online communities, since the information from paid posters is usually not trustworthy. When two competitive companies hire paid posters to post fake news or negative comments about each other, normal online users may feel overwhelmed and find it difficult to put any trust in the information they acquire from the Internet. In this paper, we thoroughly investigate the behavioral pattern of online paid posters based on real-world trace data. We design and validate a new detection mechanism, using both non-semantic analysis and semantic analysis, to identify potential online paid posters. Our test results with real-world datasets show a very promising performance.

Hao Fu,Xing Xie,Yong Rui,Neil Zhenqiang Gong,Guangzhong Sun,Enhong Chen

DOI: https://doi.org/10.1145/3086637

IF: 5

2017-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:Microblogging Web sites, such as Twitter and Sina Weibo, have become popular platforms for socializing and sharing information in recent years. Spammers have also discovered this new opportunity to unfairly overpower normal users with unsolicited content, namely social spams. Although it is intuitive for everyone to follow legitimate users, recent studies show that both legitimate users and spammers follow spammers for different reasons. Evidence of users seeking spammers on purpose is also observed. We regard this behavior as useful information for spammer detection. In this article, we approach the problem of spammer detection by leveraging the “carefulness” of users, which indicates how careful a user is when she is about to follow a potential spammer. We propose a framework to measure the carefulness and develop a supervised learning algorithm to estimate it based on known spammers and legitimate users. We illustrate how the robustness of the detection algorithms can be improved with aid of the proposed measure. Evaluation on two real datasets from Sina Weibo and Twitter with millions of users are performed, as well as an online test on Sina Weibo. The results show that our approach indeed captures the carefulness, and it is effective for detecting spammers. In addition, we find that our measure is also beneficial for other applications, such as link prediction.

Yingcai Ma,Yan Niu,Yan Ren,Yibo Xue

DOI: https://doi.org/10.2991/ccis-13.2013.93

2013-01-01

Abstract:Online social network becomes greatly prevalent and evolves a communication channel for billions of users. Unfortunately, due to the ease of reaching these users, it has been penetrated by spammers who post inappropriate content. After revealing the transmission mechanism of the spam, an automatic detecting framework is designed to identify spam information. The profiles which have multiple discriminative features are extracted for the Machine Learning techniques. In the experiment phase we collected 562K messages posted by 28,679 users on Sina Weibo, then analyzed the different behaviors between malicious accounts and normal ones. We evaluate our approach on a real large-scale dataset. The results demonstrate the effectiveness of the detecting system.

Xiaoxuan Bai,Yingxiao Xiang,Wenjia Niu,Jiqiang Liu,Tong Chen,Jingjing Liu,Tong Wu

DOI: https://doi.org/10.1007/978-3-319-89500-0_50

2018-01-01

Abstract:In recent years, astroturfing can generate abnormal, damaging even illegal behaviors in cyberspace which may mislead the public perception and bring a bad effect on both Internet users and society. This paper aims to design a algorithm to detect astroturfing in online shopping effectively and help users to identify potential online astroturfers quickly. The previous work used single method text-text or image-image to detect astroturfing, while in this paper we first propose a cross-modal canonical correlation analysis model (CCCA) which combines text and images. First, we identify several features of astroturfing and analysis these features. Then, we use feature extraction algorithm, image similarity algorithm and CCA algorithm, and propose a cross-modal method to detect astroturfing which release comments with pictures. We also conduct an experiment on a Taobao dataset to verify our method. The experimental results show that the supervised method proposed is effective.

Yuan Dong,Li Guoliang,Li Qi,Zheng Yudian

DOI: https://doi.org/10.1145/3132847.3133039

2017-01-01

Abstract:Crowdsourcing platforms have been widely deployed to solve many computer-hard problems, e.g., image recognition and entity resolution. Quality control is an important issue in crowdsourcing, which has been extensively addressed by existing quality-control algorithms, e.g., voting-based algorithms and probabilistic graphical models. However, these algorithms cannot ensure quality under sybil attacks, which leverages a large number of sybil accounts to generate results for dominating answers of normal workers. To address this problem, we propose a sybil defense framework for crowdsourcing, which can help crowdsourcing platforms to identify sybil workers and defense the sybil attack. We develop a similarity function to quantify worker similarity. Based on worker similarity, we cluster workers into different groups such that we can utilize a small number of golden questions to accurately identify the sybil groups. We also devise online algorithms to instantly detect sybil workers to throttle the attacks. Our method also has ability to detect multi-attackers in one task. To the best of our knowledge, this is the first framework for sybil defense in crowdsourcing. Experimental results on real-world datasets demonstrate that our method can effectively identify and throttle sybil workers.

Daifeng Li,Jingwei Zhang,Gordon Guo-zheng Sun,Jie Tang,Ying Ding,Zhipeng Luo

DOI: https://doi.org/10.48550/arXiv.1211.2197

2012-11-09

Social and Information Networks

Abstract:China has the largest number of online users in the world and about 20% internet users are from China. This is a huge, as well as a mysterious, market for IT industry due to various reasons such as culture difference. Twitter is the largest microblogging service in the world and Tencent Weibo is one of the largest microblogging services in China. Employ the two data sets as a source in our study, we try to unveil the unique behaviors of Chinese users. We have collected the entire Tencent Weibo from 10th, Oct, 2011 to 5th, Jan, 2012 and obtained 320 million user profiles, 5.15 billion user actions. We study Tencent Weibo from both macro and micro levels. From the macro level, Tencent users are more active on forwarding messages, but with less reciprocal relationships than Twitter users, their topic preferences are very different from Twitter users from both content and time consuming; besides, information can be diffused more efficient in Tencent Weibo. From the micro level, we mainly evaluate users' social influence from two indexes: "Forward" and \Follower", we study how users' actions will contribute to their social influences, and further identify unique features of Tencent users. According to our studies, Tencent users' actions are more personalized and diversity, and the influential users play a more important part in the whole networks. Based on the above analysis, we design a graphical model for predicting users' forwarding behaviors. Our experimental results on the large Tencent Weibo data validate the correctness of the discoveries and the effectiveness of the proposed model. To the best of our knowledge, this work is the first quantitative study on the entire Tencentsphere and information diffusion on it.

Antigoni-Maria Founta,Constantinos Djouvas,Despoina Chatzakou,Ilias Leontiadis,Jeremy Blackburn,Gianluca Stringhini,Athena Vakali,Michael Sirivianos,Nicolas Kourtellis

DOI: https://doi.org/10.48550/arXiv.1802.00393

2018-02-01

Social and Information Networks

Abstract:In recent years, offensive, abusive and hateful language, sexism, racism and other types of aggressive and cyberbullying behavior have been manifesting with increased frequency, and in many online social media platforms. In fact, past scientific work focused on studying these forms in popular media, such as Facebook and Twitter. Building on such work, we present an 8-month study of the various forms of abusive behavior on Twitter, in a holistic fashion. Departing from past work, we examine a wide variety of labeling schemes, which cover different forms of abusive behavior, at the same time. We propose an incremental and iterative methodology, that utilizes the power of crowdsourcing to annotate a large scale collection of tweets with a set of abuse-related labels. In fact, by applying our methodology including statistical analysis for label merging or elimination, we identify a reduced but robust set of labels. Finally, we offer a first overview and findings of our collected and annotated dataset of 100 thousand tweets, which we make publicly available for further scientific exploration.

Zhouhan Chen,Devika Subramanian

DOI: https://doi.org/10.48550/arXiv.1804.05232

2018-04-14

Abstract:In recent years, Twitter has seen a proliferation of automated accounts or bots that send spam, offer clickbait, compromise security using malware, and attempt to skew public opinion. Previous research estimates that around 9% to 17% of Twitter accounts are bots contributing to between 16% to 56% of tweets on the medium. This paper introduces an unsupervised approach to detect Twitter spam campaigns in real-time. The bot groups we detect tweet duplicate content with shortened embedded URLs over extended periods of time. Our experiments with the detection protocol reveal that bots consistently account for 10% to 50% of tweets generated from 7 popular URL shortening services on Twitter. More importantly, we discover that bots using shortened URLs are connected to large scale spam campaigns that control thousands of domains. There appear to be two distinct mechanisms used to control bot groups and we investigate both in this paper. Our detection system runs 24/7 and actively collects bots involved in spam campaigns and adds them to an evolving database of malicious bots. We make our database of detected bots available for query through a REST API so others can filter tweets from malicious bots to get high quality Twitter datasets for analysis.

Social and Information Networks

Yuli Liu,Yiqun Liu,Ke Zhou,Min Zhang,Shaoping Ma

DOI: https://doi.org/10.1145/3038912.3052594

2017-01-01

Abstract:Community Question Answering (CQA) portals provide rich sources of information on a variety of topics. However, the authenticity and quality of questions and answers (Q&As) has proven hard to control. In a troubling direction, the widespread growth of crowdsourcing websites has created a large-scale, potentially difficult-to-detect workforce to manipulate malicious contents in CQA. The crowd workers who join the same crowdsourcing task about promotion campaigns in CQA collusively manipulate deceptive Q&As for promoting a target (product or service). The collusive spamming group can fully control the sentiment of the target. How to utilize the structure and the attributes for detecting manipulated Q&As? How to detect the collusive group and leverage the group information for the detection task? To shed light on these research questions, we propose a unified framework to tackle the challenge of detecting collusive spamming activities of CQA. First, we interpret the questions and answers in CQA as two independent networks. Second, we detect collusive question groups and answer groups from these two networks respectively by measuring the similarity of the contents posted within a short duration. Third, using attributes (individual-level and group-level) and correlations (user-based and content-based), we proposed a combined factor graph model to detect deceptive Q&As simultaneously by combining two independent factor graphs. With a large-scale practical data set, we find that the proposed framework can detect deceptive contents at early stage, and outperforms a number of competitive baselines.

Zidong Jiang,Fabio Di Troia,Mark Stamp

DOI: https://doi.org/10.48550/arXiv.2103.09054

2021-03-07

Computers and Society

Abstract:The impact of social media on the modern world is difficult to overstate. Virtually all companies and public figures have social media accounts on popular platforms such as Twitter and Facebook. In China, the micro-blogging service provider, Sina Weibo, is the most popular such service. To influence public opinion, Weibo trolls -- the so called Water Army -- can be hired to post deceptive comments. In this paper, we focus on troll detection via sentiment analysis and other user activity data on the Sina Weibo platform. We implement techniques for Chinese sentence segmentation, word embedding, and sentiment score calculation. In recent years, troll detection and sentiment analysis have been studied, but we are not aware of previous research that considers troll detection based on sentiment analysis. We employ the resulting techniques to develop and test a sentiment analysis approach for troll detection, based on a variety of machine learning strategies. Experimental results are generated and analyzed. A Chrome extension is presented that implements our proposed technique, which enables real-time troll detection when a user browses Sina Weibo.

Bin Hao, Min Zhang, Weizhi Ma, Jiashen Sun, Yiqun Liu, Shaoping Ma, Xuan Zhu, Hengliang Luo

DOI: https://doi.org/10.1007/978-3-319-50496-4_50

2016-01-01

Abstract:Nowadays users like to share their opinions towards a product/service or policy in social media, which is important to the manufacturers and governments to collect feedbacks from the crowds. While in microblogs, information is highly unbalanced that lots of posts are published and spread by ghost-writers/spammers, sellers, official accounts, etc., but information provided by the true crowds is overwhelmed frequently. Previous studies mostly concern on how to find one specific type of users; but do not investigate how to filter multiple types of specific users so as to keep only the true crowds, which is the main topic of this work. In this paper, we first show the categorization on four different types of users, namely ghost-writers, sellers, official accounts and end-users (the former three are noted as a broad sense advertisers in the paper), and study their characteristics. Then we propose a Topic-Specific Divergence based model to filter out advertisers so that end-users can be kept. Meta-information, content are investigated in comparative analysis. Encouraging experimental results on real dataset clearly verify that the proposed approach outperforms the state-of-art methods significantly.