Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks

Haizhong Zheng, Minhui Xue, Hao Lu, Shuang Hao, Haojin Zhu, Xiaohui Liang, Keith Ross

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Popular User-Review Social Networks (URSNs)—such as Dianping, Yelp, and Amazon—are often the targets of reputation attacks in which fake reviews are posted in order to boost or diminish the ratings of listed products and services. These attacks often emanate from a collection of accounts, called Sybils, which are collectively managed by a group of real users. A new advanced scheme, which we term elite Sybil attacks, recruits organically highly-rated accounts to generate seemingly-trustworthy and realistic-looking reviews. These elite Sybil accounts taken together form a large-scale sparsely-knit Sybil network for which existing Sybil fake-review defense systems are unlikely to succeed. In this paper, we conduct the first study to define, characterize, and detect elite Sybil attacks. We show that contemporary elite Sybil attacks have a hybrid architecture, with the first tier recruiting elite Sybil workers and distributing tasks by Sybil organizers, and with the second tier posting fake reviews for profit by elite Sybil workers. We design ELSIEDET, a three-stage Sybil detection scheme, which first separates out suspicious groups of users, then identifies the campaign windows, and finally identifies elite Sybil users participating in the campaigns. We perform a large-scale empirical study on ten million reviews from Dianping, by far the most popular URSN service in China. Our results show that reviews from elite Sybil users are more spread out temporally, craft more convincing reviews, and have higher filter bypass rates. We also measure the impact of Sybil campaigns on various industries (such as cinemas, hotels, restaurants) as well as chain stores, and demonstrate that monitoring elite Sybil users over time can provide valuable early alerts against Sybil campaigns.

    Original languageEnglish (US)
    Title of host publication25th Annual Network and Distributed System Security Symposium, NDSS 2018
    PublisherThe Internet Society
    ISBN (Electronic)1891562495, 9781891562495
    DOIs
    StatePublished - 2018
    Event25th Annual Network and Distributed System Security Symposium, NDSS 2018 - San Diego, United States
    Duration: Feb 18 2018Feb 21 2018

    Publication series

    Name25th Annual Network and Distributed System Security Symposium, NDSS 2018

    Conference

    Conference25th Annual Network and Distributed System Security Symposium, NDSS 2018
    Country/TerritoryUnited States
    CitySan Diego
    Period2/18/182/21/18

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Control and Systems Engineering
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'Smoke Screener or Straight Shooter: Detecting Elite Sybil Attacks in User-Review Social Networks'. Together they form a unique fingerprint.

    Cite this