TY - GEN
T1 - You are how you click
T2 - 22nd USENIX Security Symposium
AU - Wang, Gang
AU - Konolige, Tristan
AU - Wilson, Christo
AU - Wang, Xiao
AU - Zheng, Haitao
AU - Zhao, Ben Y.
N1 - Funding Information:
We would like to thank the anonymous reviewers for their feedback, and Yanjie Liang (Renren) and David Freeman (LinkedIn) for their assistant in experiments. This work is supported in part by NSF grants CNS-1224100and IIS-0916307and DARPA GRAPHS (BAA-12-01). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies.
Funding Information:
We would like to thank the anonymous reviewers for their feedback, and Yanjie Liang (Renren) and David Freeman (LinkedIn) for their assistant in experiments. This work is supported in part by NSF grants CNS-1224100 and IIS-0916307 and DARPA GRAPHS (BAA-12-01). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies.
Publisher Copyright:
copyright © 2013 USENIX Security Symposium.All right reserved.
PY - 2013
Y1 - 2013
N2 - Fake identities and Sybil accounts are pervasive in today's online communities. They are responsible for a growing number of threats, including fake product reviews, malware and spam on social networks, and as-troturf political campaigns. Unfortunately, studies show that existing tools such as CAPTCHAs and graph-based Sybil detectors have not proven to be effective defenses. In this paper, we describe our work on building a practical system for detecting fake identities using server-side clickstream models. We develop a detection approach that groups "similar" user clickstreams into behavioral clusters, by partitioning a similarity graph that captures distances between clickstream sequences. We validate our clickstream models using ground-truth traces of 16, 000 real and Sybil users from Renren, a large Chinese social network with 220M users. We propose a practical detection system based on these models, and show that it provides very high detection accuracy on our clickstream traces. Finally, we worked with collaborators at Renren and LinkedIn to test our prototype on their server-side data. Following positive results, both companies have expressed strong interest in further experimentation and possible internal deployment.
AB - Fake identities and Sybil accounts are pervasive in today's online communities. They are responsible for a growing number of threats, including fake product reviews, malware and spam on social networks, and as-troturf political campaigns. Unfortunately, studies show that existing tools such as CAPTCHAs and graph-based Sybil detectors have not proven to be effective defenses. In this paper, we describe our work on building a practical system for detecting fake identities using server-side clickstream models. We develop a detection approach that groups "similar" user clickstreams into behavioral clusters, by partitioning a similarity graph that captures distances between clickstream sequences. We validate our clickstream models using ground-truth traces of 16, 000 real and Sybil users from Renren, a large Chinese social network with 220M users. We propose a practical detection system based on these models, and show that it provides very high detection accuracy on our clickstream traces. Finally, we worked with collaborators at Renren and LinkedIn to test our prototype on their server-side data. Following positive results, both companies have expressed strong interest in further experimentation and possible internal deployment.
UR - http://www.scopus.com/inward/record.url?scp=85076287406&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076287406&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85076287406
SP - 241
EP - 255
BT - Proceedings of the 22nd USENIX Security Symposium
PB - USENIX Association
Y2 - 14 August 2013 through 16 August 2013
ER -