Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology.

Published byBathsheba Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology."— Presentation transcript:

1 Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology (LIST) Department of EECS Northwestern University

2 Background 2

3 3

4 4 Another Study in Spam Detection?? Unique characteristics of OSNs –Are existing features still effective? –Number of words –Average word length –Sender IP neighborhood density –Sender AS number –Status of sender’s service ports –…–… –Any new features? Not effective!

5 5 Goals and Existing Work An effort towards a system ready to deploy Existing studies in OSN spam: –[Gao IMC10, Grier CCS10] offline analysis –[Thomas Oakland11] landing page vs. message content –Numerous work in spammer-faked account detection  Online detection  High accuracy  Low latency  Detection of campaigns absent from training set  No need for frequent re-training

6 66 Detection System Design Evaluation Conclusions & Future Work Roadmap

7 77 We Do NOT: Inspect each message individually … Key Intuition msg_1msg_2msg_3msg_n Spam??

8 88 We Do: Inspect correlated message clusters Key Intuition msg_k msg_j msg_k msg_i Correlated messages?? Spam campaign??

9 9 System Overview Detect coordinated spam campaigns.

10 10 Incremental Clustering Requirement: –Given (k+1) th message and result of the first k messages –Efficiently compute the result of the (k+1) messages Adopt text shingling technique –Pros: High efficiency –Cons: Syntactic method

11 11 Feature Selection Feature selection criteria: –Cannot be easily maneuvered. –Grasp the commonality among campaigns. 6 identified features:  Sender social degree  Interaction history  Cluster size  Average time interval  Average URL #  Unique URL #

12 12 Detection System Design Evaluation Conclusions & Future Work Roadmap

13 13 All experiments obey the time order –First 25% as training set, last 75% as testing set. Evaluated metrics: Dataset and Method  Overall accuracy  Accuracy of feature subset  Accuracy over time  Accuracy under attack  Latency  Throughput SiteSizeSpam #Time Facebook187M217KJan. 2008 ~ Jun. 2009 Twitter17 M467KJun. 2011 ~ Jul. 2011

14 14 Best result –FB: 80.9% TP 0.19%FP –TW: 69.8%TP 0.70%FP Overall Accuracy

15 15 No significant drop of TP or increase of FP Accuracy over Time

16 16 Latency Latency (ms)FacebookTwitter Mean21.542.6 Median3.17.0

17 17 Detection System Design Evaluation Conclusions & Future Work Roadmap

18 18 Conclusions We design an online spam filtering system based on spam campaigns. –Syntactical incremental clustering to identify message clusters –Supervised machine learning to classify message clusters We evaluate the system on both Facebook and Twitter data –187M wall posts, 17M tweets –80.9% TPR, 0.19% FPR, 21.5ms mean latency Prototype release: http://list.cs.northwestern.edu/osnsecurity/

19 19 Cool, I by no means noticed anyone do that prior to. {URL} Wow, I in no way noticed anyone just before. {URL} Amazing, I by no means found people do that just before. {URL} Future Work Cool, Iby no meansnoticedanyonedo thatprior to. {URL} Wow, Iin no waynoticedanyonejust before. {URL} Amazing, Iby no meansfoundpeopledo thatjust before. {URL} {Cool | Wow | Amazing} +, I + {by no means | in no way} + {noticed | found} + {anyone | people} + {do that | ε} + {prior to | just before} +. {URL} Template generation? Call for semantic clustering approaches

20 20 Thank you!

21 21 Contributions Design an online spam filtering system to deploy as a component of the OSN platform. –High accuracy –Low latency –Tolerance for incomplete training data –No need for frequent re-training Release the system –http://list.cs.northwestern.edu/socialnetworksecurity

22 22 Incremental Clustering shingle_1 shingle_2 shingle_3 … msg_11msg_13 msg_21msg_22msg_23 msg_31msg_33msg_32 msg_12 … … … msg_new shingle_i shingle_k shingle_j … Compare and Insert

23 23 Sender Social Degree Compromised accounts: –The more edges, with a higher probability the node will be infected quickly by an epidemic. Spammer accounts: –Social degree limits communication channels. Hypothesis: –Senders of spam clusters have higher average social degree than those of legitimate message clusters.

24 24 Sender Social Degree Average social degree of spam and legitimate clusters, respectively.

25 25 Interaction History Legitimate accounts: –Normally only interact with a small subset of its friends. Spamming accounts: –Desire to push spam messages to as many recipients as possible. Hypothesis: –Spam messages are more likely to be interactions between friends that rarely interact with before.

26 26 Interaction History Interaction history score of spam and legitimate clusters, respectively.

27 27 Scalability –300M tweets/day –Map-reduce style and cloud computing? Other Thoughts

Download ppt "Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
LEARNING INFLUENCE PROBABILITIES IN SOCIAL NETWORKS Amit Goyal Francesco Bonchi Laks V. S. Lakshmanan University of British Columbia Yahoo! Research University.

LEARNING INFLUENCE PROBABILITIES IN SOCIAL NETWORKS Amit Goyal Francesco Bonchi Laks V. S. Lakshmanan University of British Columbia Yahoo! Research University.
Influence and Passivity in Social Media Daniel M. Romero, Wojciech Galuba, Sitaram Asur, and Bernardo A. Huberman Social Computing Lab, HP Labs.

Influence and Passivity in Social Media Daniel M. Romero, Wojciech Galuba, Sitaram Asur, and Bernardo A. Huberman Social Computing Lab, HP Labs.
Detecting and Characterizing Social Spam Campaigns Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen and Ben Y. Zhao Northwestern University, US.

Detecting and Characterizing Social Spam Campaigns Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen and Ben Y. Zhao Northwestern University, US.
Early Detection of Outgoing Spammers in Large-Scale Service Provider Networks Yehonatan Cohen Daniel Gordon Danny Hendler Ben-Gurion University Yehonatan.

Early Detection of Outgoing Spammers in Large-Scale Service Provider Networks Yehonatan Cohen Daniel Gordon Danny Hendler Ben-Gurion University Yehonatan.
Design and Evaluation of a Real-Time URL Spam Filtering Service

Design and Evaluation of a Real-Time URL Spam Filtering Service
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,

Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,
Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,

Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,
UNDERSTANDING VISIBLE AND LATENT INTERACTIONS IN ONLINE SOCIAL NETWORK Presented by: Nisha Ranga Under guidance of : Prof. Augustin Chaintreau.

UNDERSTANDING VISIBLE AND LATENT INTERACTIONS IN ONLINE SOCIAL NETWORK Presented by: Nisha Ranga Under guidance of : Prof. Augustin Chaintreau.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Statistical Analysis of the Social Network and Discussion Threads in Slashdot Vicenç Gómez, Andreas Kaltenbrunner, Vicente López Defended by: Alok Rakkhit.

Statistical Analysis of the Social Network and Discussion Threads in Slashdot Vicenç Gómez, Andreas Kaltenbrunner, Vicente López Defended by: Alok Rakkhit.
1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.

1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
PageRank Identifying key users in social networks Student : Ivan Todorović, 3231/2014 Mentor : Prof. Dr Veljko Milutinović.

PageRank Identifying key users in social networks Student : Ivan Todorović, 3231/2014 Mentor : Prof. Dr Veljko Milutinović.
On Distinguishing between Internet Power Law B Bu and Towsley Infocom 2002 Presented by.

On Distinguishing between Internet Power Law B Bu and Towsley Infocom 2002 Presented by.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,

BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,
Spam Detection Jingrui He 10/08/2007. Spam Types  Email Spam Unsolicited commercial email  Blog Spam Unwanted comments in blogs  Splogs Fake blogs.

Spam Detection Jingrui He 10/08/2007. Spam Types  Spam Unsolicited commercial  Blog Spam Unwanted comments in blogs  Splogs Fake blogs.

Similar presentations

Ads by Google