VoteTrust: Leveraging Friend Invitation Graph to Defend against Social Network Sybils

Zhi Yang, Jilong Xue, Xiaoyong Yang, Xiao Wang, Yafei Dai
2016 IEEE Transactions on Dependable and Secure Computing  
Online social networks (OSNs) suffer from the creation of fake accounts that introduce fake product reviews, malware and spam. Existing defenses focus on using the social graph structure to isolate fakes. However, our work shows that Sybils could befriend a large number of real users, invalidating the assumption behind social-graph-based detection. In this paper, we present VoteTrust, a scalable defense system that further leverages user-level activities. VoteTrust models the friend invitation
more » ... nteractions among users as a directed, signed graph, and uses two key mechanisms to detect Sybils over the graph: a voting-based Sybil detection to find Sybils that users vote to reject, and a Sybil community detection to find other colluding Sybils around identified Sybils. Through evaluating on Renren social network, we show that VoteTrust is able to prevent Sybils from generating many unsolicited friend requests. We also deploy VoteTrust in Renen, and our real experience demonstrates that VoteTrust can detect large-scale collusion among Sybils. System model. We consider a social network (like Renren and Facebook) that adopts a friend request/confirm mechanism. One has to send a request in order to befriend another user, and the recipient can accept or reject the request. We model the request/confirm interactions of users as a friend invitation graph: a directed and signed graph G(V, E), where V and E are the set of nodes and links, respectively. A link e = (u, v, s) from u to v, of sign s = 1, indicates that v trusts u and accepts its request. If s = −1, then v distrusts u and rejects its request. Let E + and E − are disjoint sets of positive and negative links (E + ∪ E − = E). In the graph, the node set V contains two disjoint sets H and S, representing real and Sybil users respectively. We denote the real region G H as the subgraph that includes all real users and the links among them, and the Sybil region G S as the subgraph that includes all Sybils and the links among them. Since real users are not likely to send/accept the friend request to/from strangers such as fake accounts, G S has few incoming links from G H , but more negative outgoing links than positive ones to G H . In this paper, we use the term In-link to represent the link that goes into the Sybil region G S from the real region G H . Attack model. To appear legitimate to the system, an attacker could create many positive links among Sybils. The objective of the attacker is to infiltrate the target OSN by creating as many links as possible to the real region. We use the term attack-link to represent the link that goes from the Sybil region G S to the real region G H .
doi:10.1109/tdsc.2015.2410792 fatcat:yc4efaob75hwpjwvdpqs46z7ae