Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit

Published byRandolph Dean Modified over 7 years ago

Similar presentations

Presentation on theme: "Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit"— Presentation transcript:

1 Gross Niv, Ben-Gurion University CS20225921, Advanced Topics in On-Line Social Networks Analysis

2 Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit
ChaoYang Robert Harkreader Jialong Zhang Seungwon Shin Guofei Gu Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit A Case Study of Cyber Criminal Ecosystem on Twitter Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

3 Few Pictures of The Authors:
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

4 A Few General Questions. How many Monthly active users ?
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

5 A Few General Questions. How many Monthly active users ?
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

6 A Few General Questions. How many Monthly active users ?
How Many percent are Active Users on mobile ? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

7 A Few General Questions. How many Monthly active users ?
How Many percent are Active Users on mobile ? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

8 A-Few General Questions. How many Monthly active users ?
How Many percent are Active Users on mobile ? How many Employees around the world? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

9 A Few General Questions. How many Monthly active users ?
How Many percent are Active Users on mobile ? How many Employees around the world? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

10 Chapters: INTRODUCTION RESEARCH GOAL AND DATASET
INNER SOCIAL RELATIONSHIPS OUTER SOCIAL RELATIONSHIPS INFERRING CRIMINAL ACCOUNTS RELATED WORK LIMITATIONS AND FUTURE WORK CONCLUSION Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

11 Spam Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

12 Malware: Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

13 Question: Anyone knows what's Twitter’s “Follow Limit Policy”?
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

14 Question: Anyone knows what's Twitter’s “Follow Limit Policy”?
According to this policy, once an account has followed 2,000 users, the number of additional accounts it can follow is limited to its follower number Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

15 Updated Twitter Rules This Days:
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

16 Updated Twitter Rules This Days:
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

17 Command And Control Server which control botnets in order to transfer instruction The server can send commands threw twitter accounts (Base-64 encoded text) Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

18 Criminal accounts Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

19 Ways cyber criminal uses twitter:
sending spam phishing scams spreading malware hosting botnet C&C channels launching other underground illicit activities. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

20 How Twitter Community Help Cyber Criminal
Help them spread their illicit content with increasing the visibility of their malicious content. Harder to Detect the criminal account when been followed by legitimate accounts. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

21 Victims Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

22 Twitter Rules(spammer)
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

23 How would you label URL as a malicious?
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

24 Google Safe Browsing The URLs are labeled as malicious by using the widely-used URL blacklist Google Safe Browsing (GSB) and a high-interaction client honeypot, implemented using Capture-HPC. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

25 Research target The research target ,on criminal accounts as defined by Twitter Rules, who mainly post malicious URLs linking to malicious content with an intention to compromise users computers or privacy. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

26 Dataset Twitter Accounts 485,721 Tweets 14,401,157 URLs 5,805,351
malicious affected accounts 10,004 identified as spammer accounts 2,060 Date of tapping into twitter’s streaming April July 2010 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

27 Twitter Accounts As Graph
following someone1 someone2 someone3 In dataset, the criminal relationship graph consists of 2,060 nodes and 9,868 directed edges Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

28 Criminal Relationship graph:
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

29 Compare with three metrics
graph density Reciprocity Average Shortest Path Length Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

30 Different Between legitimate twitter account and criminal accounts
The graph density is defined for directed simple graph: Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

31 The graph density following |E| = ? someone1 someone2 someone3
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

32 The graph density following |E| = 6 |V| = ? someone1 someone2 someone3
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

33 The graph density following |E| = 6 |V| = 3 = 6 3⋅ 3−1 =1 someone1
= 6 3⋅ 3−1 =1 |V| = 3 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

34 The graph density following |E| = 3 |V| = 3 = 3 3⋅ 3−1 = 1 2 someone1
= 3 3⋅ 3−1 = 1 2 |V| = 3 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

35 The graph density |E| = 0 |V| = 3 = 0 3⋅ 3−1 =0 someone1 someone2
= 0 3⋅ 3−1 =0 |V| = 3 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

36 Density Different Between legitimate twitter account and criminal accounts
Legitimate Twitter accounts 41.7 million users ,1.47billion edges 𝟖.𝟒𝟓⋅ 𝟏𝟎 −𝟕 Criminal relationship 𝟐.𝟑𝟑⋅ 𝟏𝟎 −𝟑 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

37 Different Between legitimate twitter account and criminal accounts
Reciprocity- is represented by the number of bi-directional links to the number of out links (follow each other) someone1 someone2 Following each other Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

38 Different reciprocity graph
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

39 Average Shortest Path Length
Average Shortest Path Length is defined as the average number of steps along the shortest paths for all possible pairs of graph nodes data set with 3,000 accounts Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

40 following quality “following quality”-which is the average follower number of an account’s all following accounts. In this way, a higher following quality of an account implies that this account tends to follow those accounts with more followers. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

41 Following quality example
someone2 4 someone1 someone3 6 FQ= (4+6)/2 =5 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

42 Following quality In this way, a higher following quality of an account implies that this account tends to follow those accounts with more followers. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

43 Following quality Diffrence
Select a paper and notify me by Tuesday, November 8, 2016 Recommended reading: This observation validates that criminal accounts’ actions of indiscriminately following others lead them to connect with low quality accounts, and hence connect with other criminal accounts. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

44 CONCLUSION Criminal accounts tend to be socially connected, forming a small-world network Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

45 Victims Criminal leaves Criminal hubs
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

46 Victims Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

47 Victims Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

48 Compared to the Bee Community
Criminal leaves, like bee workers, mainly focus on collecting pollen. Criminal hubs, like bee queens, mainly focus on supporting bee workers and acquiring pollen from them. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

49 Which kind of supports you inspect there are ?
Criminal Supporters They are accounts outside the criminal community, who have close “follow relationships” with criminal accounts Which kind of supports you inspect there are ? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

50 How many supports there are in the dataset ?
Criminal Supporters How many supports there are in the dataset ? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

51 Dataset Twitter Accounts 485,721 Tweets 14,401,157 URLs 5,805,351
malicious affected accounts 10,004 identified as spammer accounts 2,060 Date of tapping into twitter’s streaming April July 2010 Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

52 Criminal Supporters They got output 5,924 criminal of supporters
What kind of supports there are? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

53 Characterizing Criminal Supporters After extracting criminal supporters we observe three representative categories of supporters. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

54 Social Butterflies accounts that have extraordinarily large numbers of followers and followings. These accounts build a lot of social relationships with other accounts without discriminating those accounts’ qualities. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

55 5,924 criminal of supporters
Social Butterflies How many Butterflies supporters you think there is in this dataset? 5,924 criminal of supporters Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

56 Social Butterflies They found 3,818 social butterflies (5,924 total)
The hypothesis that the reason why social butterflies tend to have close friendships with criminals is mainly because most of them usually follow back the users who follow them without careful examinations. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

57 Social Butterflies how would you validate this hypothesis ?
Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

58 Social Butterflies 10 accounts to follow 500 accounts (from the butterfly account). 10 accounts to randomly normal accounts, and 10 accounts following criminal accounts Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

59 47.8% of those butterflies follow back
Social Butterflies After 48 hours: 47.8% of those butterflies follow back 1.8% of those normal accounts follow back 0.6% of those criminal accounts follow back. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

60 Social Promoters those Twitter accounts that have large following-follower ratios larger following numbers and relatively high URL ratios. The owners of these accounts usually use Twitter to promote themselves or their business. How many social promoters there are ? 5,924 criminal of supporters 3,818 social butterflies Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

61 Social Promoters 508 social promoters
Promoters may become criminal supporters by unintentionally following criminal accounts. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

62 those Twitter accounts who post few tweets but have many followers.
Dummies those Twitter accounts who post few tweets but have many followers. The hypothesis that the reason why dummies intend to have close friendship with criminals is mainly because most of them are controlled or utilized by cyber criminals Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

63 1 account has been suspended .
Dummies Analyzed 81 dummy accounts several months after the data collection. They find that: 1 account has been suspended . 6 accounts do not exist any more (closed), 36 accounts begin posting malware URLs labeled by GSB 8 accounts begin posting (verified) phishing URLs. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

64 Dummy post This dummy account steals victims’ addresses through claiming to help people earn money. However, the dummy account sends spam. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

65 My own experience with twitter
What type of account those are ? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

66 Similar tweet: Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

67 Later on twitter deleted those accounts
My own experience with twitter Later on twitter deleted those accounts Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

68 My own experience with twitter
What type of account this? Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

69 After few days I did not follow back this account unfollowed me
My own experience with twitter After few days I did not follow back this account unfollowed me Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

70 Limitations The dataset may contain some bias
The number of our analyzed criminal accounts is most likely only a lower bound of the actual number in the dataset. The exact values of some metrics used in the work may vary a little bit when using different sample datasets. Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

71 CONCLUSION This Article present an analysis of the cyber criminal ecosystem on Twitter. It provides in-depth investigation on inner and outer social relationships. The Article reveal the characteristics of three representative categories of criminal supporters Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

72 Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit
ChaoYang Robert Harkreader Jialong Zhang Seungwon Shin Guofei Gu Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit A Case Study of Cyber Criminal Ecosystem on Twitter Gross Niv, Ben-Gurion University CS , Advanced Topics in On-Line Social Networks Analysis

Download ppt "Gross Niv Analyzing Spammer’s Social Networks for Fun and Profit"

Similar presentations

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Promoting Your Business Through Twitter ©2009, All rights reserved Fox Coaching Associates. www.bizdevsuccess.com.

Promoting Your Business Through Twitter ©2009, All rights reserved Fox Coaching Associates.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Design and Evaluation of a Real-Time URL Spam Filtering Service

Design and Evaluation of a Real-Time URL Spam Filtering Service
ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.

ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.
DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.

DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.
Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,

Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,
Wilber R. Rivas Del Rio High School San Felipe Del Rio CISD Dr. Guofei Gu Director of SUCCESS laboratory Secure Communication and Computer Systems Computer.

Wilber R. Rivas Del Rio High School San Felipe Del Rio CISD Dr. Guofei Gu Director of SUCCESS laboratory Secure Communication and Computer Systems Computer.
UNDERSTANDING VISIBLE AND LATENT INTERACTIONS IN ONLINE SOCIAL NETWORK Presented by: Nisha Ranga Under guidance of : Prof. Augustin Chaintreau.

UNDERSTANDING VISIBLE AND LATENT INTERACTIONS IN ONLINE SOCIAL NETWORK Presented by: Nisha Ranga Under guidance of : Prof. Augustin Chaintreau.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,

BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Measurement and Evolution of Online Social Networks Review of paper by Ophir Gaathon Analysis of Social Information Networks COMS 6998-2, Spring 2011,

Measurement and Evolution of Online Social Networks Review of paper by Ophir Gaathon Analysis of Social Information Networks COMS , Spring 2011,
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
Social Media Attacks By Laura Jung. How the Attacks Start Popularity of these sites with millions of users makes them perfect places for cyber attacks.

Social Media Attacks By Laura Jung. How the Attacks Start Popularity of these sites with millions of users makes them perfect places for cyber attacks.
Authors: Gianluca Stringhini Christopher Kruegel Giovanni Vigna University of California, Santa Barbara Presenter: Justin Rhodes.

Authors: Gianluca Stringhini Christopher Kruegel Giovanni Vigna University of California, Santa Barbara Presenter: Justin Rhodes.
Network and Systems Security By, Vigya Sharma (2011MCS2564) FaisalAlam(2011MCS2608) DETECTING SPAMMERS ON SOCIAL NETWORKS.

Network and Systems Security By, Vigya Sharma (2011MCS2564) FaisalAlam(2011MCS2608) DETECTING SPAMMERS ON SOCIAL NETWORKS.
Microblogs: Information and Social Network Huang Yuxin.

Microblogs: Information and Social Network Huang Yuxin.
Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

Similar presentations

Ads by Google