Full Program »
On Detecting Growing-Up Behaviors of Malicious Accounts in Privacy-Centric Mobile Social Networks
Privacy-centric mobile social networks (PC-MSNs), allowing users to build intimate and private social circles, are an increasingly popular type of online social networks (OSNs). Because of strict usage policy enforced by PC-MSNs (such as restricted account and content access), malicious accounts (or users) have to pretend like normal accounts to accumulate credentials and at the same time to commit malicious activities. Therefore, analysis merely relying on static account profile information or social graphs is ineffective to detect such growing-up accounts. Besides, existing behavior based malicious account detection methods fail to effectively detect growing-up accounts who pretend to be benign and have similar behaviors to benign users during the growing-up stage. In this paper, we present the first comprehensive study of the growing-up behavior of malicious accounts in WeChat, one of the major PC-MSNs with billions of daily active users across the globe. Our analysis reveals that, statistically, the behavior patterns of growing-up accounts are very similar to that of benign users, and yet quite different from typical malicious accounts. Based on this observation, we design and implement Muses, a system to automatically identify subtle yet defining behaviors (features) to distinguish growing-up accounts and detect them in the growing-up stage before they engage in obvious malicious campaigns. Muses is unsupervised so that it can adapt to new malicious campaigns even if the behavior patterns of malicious accounts are unknown a prior. In particular, Muses addresses the limitations of the previous supervised techniques, i.e., they require a manually labeled training set, which is time-consuming and costly. We evaluate Muses on a large-scale anonymized dataset from WeChat with roughly 440k accounts. The experimental results show that Muses achieves 2x recall, with similar precision, compared with the previous methods. Specifically, Muses detects over 82% growing-up accounts with a precision of 90% and achieves an AUC of 0.95. Notably, Muses can also effectively detect growing-up accounts even if malicious users applied various evasion strategies.