Detecting Spammers on Social Networks

Authors

Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna

Venue

Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), December 2010

Abstract

Social networking has become a popular way for users to meet and interact online. Users spend a significant amount of time on popular social network platforms (such as Facebook, MySpace, or Twitter), storing and sharing a wealth of personal information. This information, as well as the possibility of contacting thousands of users, also attracts the interest of cybercriminals. For example, cybercriminals might exploit the implicit trust relationships between users in order to lure victims to malicious websites. As another example, cybercriminals might find personal information valuable for identity theft or to drive targeted spam campaigns. In this paper, we analyze to which extent spam has entered social networks. More precisely, we analyze how spammers who target social networking sites operate. To collect the data about spamming activity, we created a large and diverse set of "honey-profiles" on three large social networking sites, and logged the kind of contacts and messages that they received. We then analyzed the collected data and identified anomalous behavior of users who contacted our profiles. Based on the analysis of this behavior, we developed techniques to detect spammers in social networks, and we aggregated their messages in large spam campaigns. Our results show that it is possible to automatically identify the accounts used by spammers, and our analysis was used for take-down efforts in a real-world social network. More precisely, during this study, we collaborated with Twitter and correctly detected and deleted 15,857 spam profiles.

BibTeX

@inproceedings{Stringhini2010Detecting_Spammers,
  title     = {{Detecting Spammers on Social Networks}},
  author    = {Stringhini, Gianluca and Kruegel, Christopher and Vigna, Giovanni},
  booktitle = {Proceedings of the 26th Annual Computer Security Applications Conference},
  series    = {ACSAC},
  year      = {2010},
  address   = {New York, NY, USA},
  doi       = {10.1145/1920261.1920263},
  isbn      = {978-1-4503-0133-6},
  pages     = {1--9},
  publisher = {ACM},
  url       = {http://dx.doi.org/10.1145/1920261.1920263}
}