You are How You Click: Clickstream Analysis for Sybil Detection
Gang Wang
Tristan Konolige
Christo Wilson
Xiao Wang
Haitao Zheng
Ben Y. Zhao
Proc. of the 22nd USENIX Security Symposium (USENIX Security 2013)
[Full Text in PDF Format, 498KB]
Paper Abstract
Fake identities and Sybil accounts are pervasive in today's online communities. They are responsible for a growing number of threats, including fake product reviews, malware and spam on social networks, and astroturf political campaigns. Unfortunately, studies show that existing tools such as CAPTCHAs and graph-based Sybil detectors have not proven to be effective defenses.
In this paper, we describe our work on building a practical system for
detecting fake identities using server-side clickstream models. We develop
a detection approach that groups "similar" user clickstreams into
behavioral clusters, by partitioning a similarity graph that captures
distances
between clickstream sequences. We validate our clickstream models using
ground-truth traces of 16,000 real and Sybil users from Renren,
a large Chinese social network with 220M users. We propose a practical
detection system based on these models, and show that it provides very
high detection accuracy on our clickstream traces. Finally, we worked with
collaborators at Renren and LinkedIn to test our prototype on their
server-side data. Following positive results, both companies have
expressed strong interest in further experimentation and possible internal
deployment.