Issue No. 04 - July-Aug. (2017 vol. 14)
Manuel Egele , Department of Electrical & Computer Engineering, Boston University, Boston, MA
Gianluca Stringhini , University College London, London, U.K.
Christopher Kruegel , Department of Computer Science, UC Santa Barbara, Santa Barbara, CA
Giovanni Vigna , Department of Computer Science, UC Santa Barbara, Santa Barbara, CA
Compromising social network accounts has become a profitable course of action for cybercriminals. By hijacking control of a popular media or business account, attackers can distribute their malicious messages or disseminate fake information to a large user base. The impacts of these incidents range from a tarnished reputation to multi-billion dollar monetary losses on financial markets. In our previous work, we demonstrated how we can detect large-scale compromises (i.e., so-called campaigns) of regular online social network users. In this work, we show how we can use similar techniques to identify compromises of individual high-profile accounts. High-profile accounts frequently have one characteristic that makes this detection reliable—they show consistent behavior over time. We show that our system, were it deployed, would have been able to detect and prevent three real-world attacks against popular companies and news agencies. Furthermore, our system, in contrast to popular media, would not have fallen for a staged compromise instigated by a US restaurant chain for publicity reasons.
Twitter, Feature extraction, Facebook, Training, Reliability, Uniform resource locators
M. Egele, G. Stringhini, C. Kruegel and G. Vigna, "Towards Detecting Compromised Accounts on Social Networks," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 4, pp. 447-460, 2017.