TY - GEN
T1 - Toward worm detection in online social networks
AU - Xu, Wei
AU - Zhang, Fangfang
AU - Zhu, Sencun
PY - 2010
Y1 - 2010
N2 - Worms propagating in online social networking (OSN) websites have become a major security threat to both the websites and their users in recent years. Since these worms exhibit unique propagation vectors, existing Internet worm detection mechanisms cannot be applied to them. In this work, we propose an early warning OSN worms detection system, which leverages both the propagation characteristics of these worms and the topological properties of online social networks. Our system can effectively monitor the entire social graph by keeping only a small number of user accounts under surveillance. Moreover, the system applies a two-level correlation scheme to reduce the noise from normal user communications such that infected user accounts can be identified with a higher accuracy. Our evaluation on the real social graph data obtained from Flickr indicates that by monitoring five hundreds users out of 1.8 million users, the proposed detection system can detect the burst of an OSN worm when less than 0.13% of total user accounts are infected. Besides, by adopting simple countermeasures, the detection system is also shown to be very helpful for worm containment.
AB - Worms propagating in online social networking (OSN) websites have become a major security threat to both the websites and their users in recent years. Since these worms exhibit unique propagation vectors, existing Internet worm detection mechanisms cannot be applied to them. In this work, we propose an early warning OSN worms detection system, which leverages both the propagation characteristics of these worms and the topological properties of online social networks. Our system can effectively monitor the entire social graph by keeping only a small number of user accounts under surveillance. Moreover, the system applies a two-level correlation scheme to reduce the noise from normal user communications such that infected user accounts can be identified with a higher accuracy. Our evaluation on the real social graph data obtained from Flickr indicates that by monitoring five hundreds users out of 1.8 million users, the proposed detection system can detect the burst of an OSN worm when less than 0.13% of total user accounts are infected. Besides, by adopting simple countermeasures, the detection system is also shown to be very helpful for worm containment.
UR - http://www.scopus.com/inward/record.url?scp=78751524014&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78751524014&partnerID=8YFLogxK
U2 - 10.1145/1920261.1920264
DO - 10.1145/1920261.1920264
M3 - Conference contribution
AN - SCOPUS:78751524014
SN - 9781450301336
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 11
EP - 20
BT - Proceedings - 26th Annual Computer Security Applications Conference, ACSAC 2010
PB - IEEE Computer Society
ER -