Wei,Fengyuan Xu,Chiu C. Tan,Qun Li

DOI: https://doi.org/10.1109/tpds.2013.9

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Distributed systems without trusted identities are particularly vulnerable to sybil attacks, where an adversary creates multiple bogus identities to compromise the running of the system. This paper presents SybilDefender, a sybil defense mechanism that leverages the network topologies to defend against sybil attacks in social networks. Based on performing a limited number of random walks within the social graphs, SybilDefender is efficient and scalable to large social networks. Our experiments on two 3,000,000 node real-world social topologies show that SybilDefender outperforms the state of the art by more than 10 times in both accuracy and running time. SybilDefender can effectively identify the sybil nodes and detect the sybil community around a sybil node, even when the number of sybil nodes introduced by each attack edge is close to the theoretically detectable lower bound. Besides, we propose two approaches to limiting the number of attack edges in online social networks. The survey results of our Facebook application show that the assumption made by previous work that all the relationships in social networks are trusted does not apply to online social networks, and it is feasible to limit the number of attack edges in online social networks by relationship rating.

Wei,Fengyuan Xu,Chiu C. Tan,Qun Li

DOI: https://doi.org/10.1109/infcom.2012.6195572

2012-01-01

Abstract:Distributed systems without trusted identities are particularly vulnerable to sybil attacks, where an adversary creates multiple bogus identities to compromise the running of the system. This paper presents SybilDefender, a sybil defense mechanism that leverages the network topologies to defend against sybil attacks in social networks. Based on performing a limited number of random walks within the social graphs, SybilDefender is efficient and scalable to large social networks. Our experiments on two 3,000,000 node real-world social topologies show that SybilDefender outperforms the state of the art by one to two orders of magnitude in both accuracy and running time. SybilDefender can effectively identify the sybil nodes and detect the sybil community around a sybil node, even when the number of sybil nodes introduced by each attack edge is close to the theoretically detectable lower bound. Besides, we propose two approaches to limiting the number of attack edges in online social networks. The survey results of our Facebook application show that the assumption made by previous work that all the relationships in social networks are trusted does not apply to online social networks, and it is feasible to limit the number of attack edges in online social networks by relationship rating.

Zhe Zhao,Guangke Chen,Jingyi Wang,Yiwei Yang,Fu Song,Jun Sun

DOI: https://doi.org/10.1145/3460319.3464822

2021-01-01

Abstract:As a new programming paradigm, deep learning has expanded its application to many real-world problems. At the same time, deep learning based software are found to be vulnerable to adversarial attacks. Though various defense mechanisms have been proposed to improve robustness of deep learning software, many of them are ineffective against adaptive attacks. In this work, we propose a novel characterization to distinguish adversarial examples from benign ones based on the observation that adversarial examples are significantly less robust than benign ones. As existing robustness measurement does not scale to large networks, we propose a novel defense framework, named attack as defense (A2D), to detect adversarial examples by effectively evaluating an example’s robustness. A2D uses the cost of attacking an input for robustness evaluation and identifies those less robust examples as adversarial since less robust examples are easier to attack. Extensive experiment results on MNIST, CIFAR10 and ImageNet show that A2D is more effective than recent promising approaches. We also evaluate our defense against potential adaptive attacks and show that A2D is effective in defending carefully designed adaptive attacks, e.g., the attack success rate drops to 0% on CIFAR10.

Hooman Asadian,Hamid Haj Seyed Javadi

DOI: https://doi.org/10.1002/spy2.19

2018-03-01

Security and Privacy

Abstract:The popularity of modern social networks has rendered social media platforms vulnerable to malicious activities. One such activity is a Sybil attack, in which a single entity emulates the behaviors of multiple users and attempts to create problems for other users and a network itself. This problem has prompted researchers to develop several techniques for preventing Sybil attacks, but in most cases, the efficiency assumptions that underlie proposed methods are not oriented toward reality. The current study puts forward an efficient framework for identifying Sybil attacks. The highly precise framework is underlain by rational assumptions and detects attacks on the basis of the structural characteristics of social networks and the social interactions among users. We evaluate our proposed framework using both synthetic and real world social network topologies. We show that SybilUncover is able to accurately identify high precision rate. Moreover, SybilUncover performs orders of magnitudes better than existing Sybil detection mechanisms.

Jing Jiang,Zi-Fei Shan,Xiao Wang,Li Zhang,Ya-Fei Dai

DOI: https://doi.org/10.1007/s11390-015-1602-6

2015-01-01

Abstract:Sybil attacks are one kind of well-known and powerful attacks against online social networks (OSNs). In a sybil attack, a malicious attacker generates a sybil group consisting of multiple sybil users, and controls them to attack the system. However, data confidentiality policies of major social network providers have severely limited researchers' access to large-scale datasets of sybil groups. A deep understanding of sybil groups can provide important insights into the characteristics of malicious behavior, as well as numerous practical implications on the design of security mechanisms. In this paper, we present an initial study to measure sybil groups in a large-scale OSN, Renren. We analyze sybil groups at different levels, including individual information, social relationships, and malicious activities. Our main observations are: 1) user information in sybil groups is usually incomplete and in poor quality; 2) sybil groups have special evolution patterns in connectivity structure, including bursty actions to add nodes, and a monotonous merging pattern that lacks non-singleton mergings; 3) several sybil groups have strong relationships with each other and compose sybil communities, and these communities cover a large number of users and pose great potential threats; 4) some sybil users are not banned until a long time after registration in some sybil groups. The characteristics of sybil groups can be leveraged to improve the security mechanisms in OSNs to defend against sybil attacks. Specifically, we suggest that OSNs should 1) check information completeness and quality, 2) learn from dynamics of community connectivity structure to detect sybil groups, 3) monitor sybil communities and inspect them carefully to prevent collusion, and 4) inspect sybil groups that behave normally even for a long time to prevent potential malicious behaviors.

Zhi Yang,Christo Wilson,Xiao Wang,Tingting Gao,Ben Y. Zhao,Yafei Dai

DOI: https://doi.org/10.48550/arXiv.1106.5321

2011-06-27

Abstract:Sybil accounts are fake identities created to unfairly increase the power or resources of a single malicious user. Researchers have long known about the existence of Sybil accounts in online communities such as file-sharing systems, but have not been able to perform large scale measurements to detect them or measure their activities. In this paper, we describe our efforts to detect, characterize and understand Sybil account activity in the Renren online social network (OSN). We use ground truth provided by Renren Inc. to build measurement based Sybil account detectors, and deploy them on Renren to detect over 100,000 Sybil accounts. We study these Sybil accounts, as well as an additional 560,000 Sybil accounts caught by Renren, and analyze their link creation behavior. Most interestingly, we find that contrary to prior conjecture, Sybil accounts in OSNs do not form tight-knit communities. Instead, they integrate into the social graph just like normal users. Using link creation timestamps, we verify that the large majority of links between Sybil accounts are created accidentally, unbeknownst to the attacker. Overall, only a very small portion of Sybil accounts are connected to other Sybils with social links. Our study shows that existing Sybil defenses are unlikely to succeed in today's OSNs, and we must design new techniques to effectively detect and defend against Sybil attacks.

Social and Information Networks,Physics and Society

Qiang Cao,Xiaowei Yang

DOI: https://doi.org/10.48550/arXiv.1304.3819

2013-04-14

Abstract:Detecting and suspending fake accounts (Sybils) in online social networking (OSN) services protects both OSN operators and OSN users from illegal exploitation. Existing social-graph-based defense schemes effectively bound the accepted Sybils to the total number of social connections between Sybils and non-Sybil users. However, Sybils may still evade the defenses by soliciting many social connections to real users. We propose SybilFence, a system that improves over social-graph-based Sybil defenses to further thwart Sybils. SybilFence is based on the observation that even well-maintained fake accounts inevitably receive a significant number of user negative feedback, such as the rejections to their friend requests. Our key idea is to discount the social edges on users that have received negative feedback, thereby limiting the impact of Sybils' social edges. The preliminary simulation results show that our proposal is more resilient to attacks where fake accounts continuously solicit social connections over time.

Social and Information Networks,Physics and Society

Jilong Xue,Zhi Yang,Xiaoyong Yang,Xiao Wang,Lijiang Chen,Yafei Dai

DOI: https://doi.org/10.1109/tdsc.2015.2410792

2016-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Online social networks (OSNs) suffer from the creation of fake accounts that introduce fake product reviews, malware and spam. Existing defenses focus on using the social graph structure to isolate fakes. However, our work shows that Sybils could befriend a large number of real users, invalidating the assumption behind social-graph-based detection. In this paper, we present VoteTrust, a scalable defense system that further leverages user-level activities. VoteTrust models the friend invitation interactions among users as a directed, signed graph, and uses two key mechanisms to detect Sybils over the graph: a voting-based Sybil detection to find Sybils that users vote to reject, and a Sybil community detection to find other colluding Sybils around identified Sybils. Through evaluating on Renren social network, we show that VoteTrust is able to prevent Sybils from generating many unsolicited friend requests. We also deploy VoteTrust in Renen, and our real experience demonstrates that VoteTrust can detect large-scale collusion among Sybils.

Zhi Yang,Jilong Xue,Xiaoyong Yang,Xiao Wang,Yafei Dai

2015-01-01

Abstract:Online social networks (OSNs) suffer from the creation of fake accounts that introduce fake product reviews, malware and spam. Existing defenses focus on using the social graph structure to isolate fakes. However, our work shows that Sybils could befriend a large number of real users, invalidating the assumption behind social-graph-based detection. In this paper, we present VoteTrust, a scalable defense system that further leverages user-level activities. VoteTrust models the friend invitation interactions among users as a directed, signed graph, and uses two key mechanisms to detect Sybils over the graph: a voting-based Sybil detection to find Sybils that users vote to reject, and a Sybil community detection to find other colluding Sybils around identified Sybils. Through evaluating on Renren social network, we show that VoteTrust is able to prevent Sybils from generating many unsolicited friend requests. We also deploy VoteTrust in Renen, and our real experience demonstrates that VoteTrust can detect large-scale collusion among Sybils.

Xiaoyan Yin,Wanyu Lin,Kexin Sun,Chun Wei,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2022.3219342

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Social status, the social influence of a user, plays an important role in many real-world applications, e.g., trust relations and information propagation in a social network. In this paper, we reveal the possibility of falsifying social status through adversarial attacks in graph neural networks (GNNs). Different from neural networks in the visual or speech domain, GNNs take the attributes of nodes and edges in a graph as features. To cater to the characteristics of GNNs, $\vphantom {_{\int }}$ we design a new paradigm of adversarial example attack, named $A^{2} S^{2}$ - GNN ( $\mathbf {GNN}$ -based $\mathbf {A}$ dversarial $\mathbf {A}$ ttacks on $\mathbf {S}$ ocial $\mathbf {S}$ tatus), aiming at manipulating the social status of a target node in social networks. The key idea is to establish relationships or break relationships between a set of compromised nodes and the target node. More specifically, we consider a signed directed graph representing complicated positive/negative asymmetric relationships between nodes. We design an efficient adversarial attack algorithm to determine the minimum set of signed links that should be created or deleted to reach the attack objective. We conduct extensive experiments on baseline datasets. Compared with the benchmark algorithms, $A^{2} S^{2}$ - GNN can effectively promote or vilify the social status of the target node up to 89.36% and 192.38%, respectively, while keeping the modification to the social network to the minimum. Furthermore, the experimental results on six status evaluating algorithms verify the transferability of our proposed attack algorithm.

Zhi Yang,Yusi Zhang,Yafei Dai

DOI: https://doi.org/10.1109/cns.2018.8433127

2018-01-01

Abstract:Today's online social networks (OSNs) are plagued by Sybil attack in the form of the creation of fake accounts. A promising way to perform Sybil detection is to utilize the topological features of social network, but effectively mining such information is difficult as nodes are highly correlated. We propose a new Sybil detection method based on the interaction graph embedding. In particular, we model the friend requests of users as a signed interaction graph, and perform Sybil detection Uy decoupling the graph into independent vectors in a low-dimensional space. The intuition of our embedding is to enable every user to stay close to the people he/she accepts whereas keeping far away from those helshe rejects in the space. We prove that the objective of our embedding is equivalent to finding the graph cut which can reliably detect a region comprised of Sybils. To efficiently obtain the desired embedding, we propose an novel multi-level optimization to solve the aforementioned objective. We show that our embedding-based approach can discern Sybils under a broad range of scenarios and outperform the state-of-the-art algorithm that directly detects Sybil region over the graph.

Rupesh Gunturu

DOI: https://doi.org/10.48550/arXiv.1504.05522

2015-04-22

Abstract:This paper reviews the Sybil attack in social networks, which has the potential to compromise the whole distributed network. In the Sybil attack, the malicious user claims multiple identities to compromise the network. Sybil attacks can be used to change the overall ranking in voting applications, bad-mouth an opinion, access resources or to break the trust mechanism behind a P2P network. In this paper, different defense mechanisms used to mitigate Sybil attacks are also reviewed.

Cryptography and Security

Pengfei Liu,Xiaohan Wang,Xiangqian Che,Zhaoqun Chen,Yuantao Gu

DOI: https://doi.org/10.1109/icdsp.2014.6900836

2014-01-01

Abstract:In this paper, we attempt to solve the problem of defense against sybil attacks in directed social networks. We propose a set of measures for the quality of network partitions, with modularity as a special case. We present an algorithm based on the set of measures and iterative optimization to detect the sybil region. The algorithm is evaluated using a subset of real-world social topology and is confirmed to be efficient for solving the problem. Moreover, a comparison between the proposed algorithm and SybilDefender is provided, which shows that the proposed algorithm is superior for the sybil region detection problem in directed social networks.

Chun-Ming Lai,Xiaoyun Wang,Yunfeng Hong,Yu-Cheng Lin,S. Felix Wu,Patrick McDaniel,Hasan Cam

DOI: https://doi.org/10.23919/CNSM.2017.8256040

2018-02-13

Abstract:Online social network (OSN) discussion groups are exerting significant effects on political dialogue. In the absence of access control mechanisms, any user can contribute to any OSN thread. Individuals can exploit this characteristic to execute targeted attacks, which increases the potential for subsequent malicious behaviors such as phishing and malware distribution. These kinds of actions will also disrupt bridges among the media, politicians, and their constituencies. For the concern of Security Management, blending malicious cyberattacks with online social interactions has introduced a brand new challenge. In this paper we describe our proposal for a novel approach to studying and understanding the strategies that attackers use to spread malicious URLs across Facebook discussion groups. We define and analyze problems tied to predicting the potential for attacks focused on threads created by news media organizations. We use a mix of macro static features and the micro dynamic evolution of posts and threads to identify likely targets with greater than 90% accuracy. One of our secondary goals is to make such predictions within a short (10 minute) time frame. It is our hope that the data and analyses presented in this paper will support a better understanding of attacker strategies and footprints, thereby developing new system management methodologies in handing cyber attacks on social networks.

Social and Information Networks

Yukun He,Guangyan Zhang,Jie Wu,Qiang Li

DOI: https://doi.org/10.1002/sec.1475

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:The security implications of social bots are evident in consideration of the fact that data sharing and propagation functionality are well integrated with social media sites. Existing social bots primarily use Really Simple Syndication and OSN online social network application program interface to communicate with OSN servers. Researchers have profiled their behaviors well and have proposed various mechanisms to defend against them. We predict that a web test automation rootkit WTAR is a prospective approach for designing malicious social bots. In this paper, we first present the principles of designing WTAR-based social bots. Second, we implement three WTAR-based bot prototypes on Facebook, Twitter, and Weibo. Third, we validate this new threat by analyzing behaviors of the prototypes in a lab environment and on the Internet, and analyzing reports from widely-used antivirus software. Our analyses show that WTAR-based social bots have the following features: i they do not connect to OSN directly, and therefore produce few network flows; ii they can log in to OSNs easily and perform a variety of social activities; iii they can mimic the behaviors of a human user on an OSN. Finally, we propose several possible mechanisms in order to defend against WTAR-based social bots. Copyright © 2016 John Wiley & Sons, Ltd.

Ling Xu,Satayapiwat Chainan,Hiroyuki Takizawa,Hiroaki Kobayashi

DOI: https://doi.org/10.1109/saint.2010.32

2010-07-01

Abstract:Peer to peer (P2P) systems are extremely vulnerable to Sybil attacks, in which a malicious user controls a large number of Sybil peers to collude to break the system laws. This paper proposes a distributed algorithm, named Sybil Resisting Network Clustering (SRNC), to resist the Sybil attack by preventing honest peers from communicating with Sybil Peers. SRNC is based on a social network model. In this model, honest peers and Sybil peers can be largely classified into two clusters, connected by a small number of edges, called attack edges. SRNC tries to explicitly detect attack edges, and then prohibits the communication over the detected edges. The performance of SRNC is evaluated by theoretical analysis and simulations. In particular, SRNC ensures theoretically that honest peers totally accept $O(\vert AE\vert)$ Sybil peers. This is a $O(log(n))$ times improvement over SybilLimit, one of the conventional representative Sybil resisting algorithms, where $n$ is the number of peers and $\vert AE\vert$ is the number of attack edges in the system. The performance is then evaluated by simulations on data sets of real world social networks.

Yue Sun,Zhi Yang,Yafei Dai

DOI: https://doi.org/10.1109/asonam49781.2020.9381325

2020-01-01

Abstract:Detecting fake accounts (also called Sybils) is a fundamental security problem in online social networks (OSNs). Existing feature-based or social-graph-based approaches suffer from the key limitations: they can only leverage either node feature or graph structure properties such as fast-mixing and conductance, but not both. To overcome this shortcoming, we explore the introduction of recent advancements in deep neural networks for graph-structured data into Sybil detection field. These types of models enable integrating both user-level activities and graph-level structures for a new generation of feature-and-graph-based detection mechanisms. However, we find that although applying Graph Convolutional Networks (GCNs) are effective against naïve attacks, they are vulnerable to adversarial attacks in which fake accounts alter local edges and features with patterns to resemble real users. In this paper, we present TrustGCN, a Sybil-resilient defense algorithm that combines the idea of social-graph-based defense with GCN. TrustGCN first assigns trust scores to nodes based on the landing probability of short random walks that starts from known real accounts. As this short, supervised random walk is likely to stay within the subgraph consisting of real accounts, most real accounts receive higher trust scores than fakes. Then it introduces these trust scores as edge weights and adopts graph convolution operations to aggregate features of local graph neighborhoods over this weighted graph for classification. In this way, we prevent Sybil partners with low trust scores from contributing to the feature aggregation for a target node, thus is more robust against adverse manipulations of the attackers. Our experiment on real data demonstrates that TrustGCN significantly outperforms GCN in the robustness. To the best of our knowledge, this is the first attempt to combine social-graph-based defenses with graph neural networks into a unified model, paving the way for the robust feature-and-graph-based detection mechanisms.

Wangchenlu Huang,Shenao Wang,Yanjie Zhao,Guosheng Xu,Haoyu Wang

2024-05-17

Abstract:In the digital era, Online Social Networks (OSNs) play a crucial role in information dissemination, with sharing cards for link previews emerging as a key feature. These cards offer snapshots of shared content, including titles, descriptions, and images. In this study, we investigate the construction and dissemination mechanisms of these cards, focusing on two primary server-side generation methods based on Share-SDK and HTML meta tags. Our investigation reveals a novel type of attack, i.e., Sharing Card Forgery (SCF) attack that can be exploited to create forged benign sharing cards for malicious links. We demonstrate the feasibility of these attacks through practical implementations and evaluate their effectiveness across 13 various online social networks. Our findings indicate a significant risk, as the deceptive cards can evade detection and persist on social platforms, thus posing a substantial threat to user security. We also delve into countermeasures and discuss the challenges in effectively mitigating these types of attacks. This study not only sheds light on a novel phishing technique but also calls for heightened awareness and improved defensive strategies in the OSN ecosystem.

Cryptography and Security

Sjouke Mauw,Yunior Ramírez-Cruz,Rolando Trujillo-Rasua

DOI: https://doi.org/10.1007/s10618-019-00631-5

2018-11-27

Abstract:In order to prevent the disclosure of privacy-sensitive data, such as names and relations between users, social network graphs have to be anonymised before publication. Naive anonymisation of social network graphs often consists in deleting all identifying information of the users, while maintaining the original graph structure. Various types of attacks on naively anonymised graphs have been developed. Active attacks form a special type of such privacy attacks, in which the adversary enrols a number of fake users, often called sybils, to the social network, allowing the adversary to create unique structural patterns later used to re-identify the sybil nodes and other users after anonymisation. Several studies have shown that adding a small amount of noise to the published graph already suffices to mitigate such active attacks. Consequently, active attacks have been dubbed a negligible threat to privacy-preserving social graph publication. In this paper, we argue that these studies unveil shortcomings of specific attacks, rather than inherent problems of active attacks as a general strategy. In order to support this claim, we develop the notion of a robust active attack, which is an active attack that is resilient to small perturbations of the social network graph. We formulate the design of robust active attacks as an optimisation problem and we give definitions of robustness for different stages of the active attack strategy. Moreover, we introduce various heuristics to achieve these notions of robustness and experimentally show that the new robust attacks are considerably more resilient than the original ones, while remaining at the same level of feasibility.

Social and Information Networks

Haizhong Zheng,Minhui Xue,Hao Lu,Shuang Hao,Haojin Zhu,Xiaohui Liang,Keith Ross

DOI: https://doi.org/10.48550/arXiv.1709.06916

2017-12-04

Abstract:Popular User-Review Social Networks (URSNs)---such as Dianping, Yelp, and Amazon---are often the targets of reputation attacks in which fake reviews are posted in order to boost or diminish the ratings of listed products and services. These attacks often emanate from a collection of accounts, called Sybils, which are collectively managed by a group of real users. A new advanced scheme, which we term elite Sybil attacks, recruits organically highly-rated accounts to generate seemingly-trustworthy and realistic-looking reviews. These elite Sybil accounts taken together form a large-scale sparsely-knit Sybil network for which existing Sybil fake-review defense systems are unlikely to succeed. In this paper, we conduct the first study to define, characterize, and detect elite Sybil attacks. We show that contemporary elite Sybil attacks have a hybrid architecture, with the first tier recruiting elite Sybil workers and distributing tasks by Sybil organizers, and with the second tier posting fake reviews for profit by elite Sybil workers. We design ElsieDet, a three-stage Sybil detection scheme, which first separates out suspicious groups of users, then identifies the campaign windows, and finally identifies elite Sybil users participating in the campaigns. We perform a large-scale empirical study on ten million reviews from Dianping, by far the most popular URSN service in China. Our results show that reviews from elite Sybil users are more spread out temporally, craft more convincing reviews, and have higher filter bypass rates. We also measure the impact of Sybil campaigns on various industries (such as cinemas, hotels, restaurants) as well as chain stores, and demonstrate that monitoring elite Sybil users over time can provide valuable early alerts against Sybil campaigns.

Social and Information Networks