DOI QR코드

DOI QR Code

온라인 소셜 네트워크에서 역 사회공학 탐지를 위한 비지도학습 기법

Unsupervised Scheme for Reverse Social Engineering Detection in Online Social Networks

  • 오하영 (숭실대학교 정보통신전자공학부)
  • 투고 : 2014.10.29
  • 심사 : 2014.12.20
  • 발행 : 2015.03.31

초록

역 사회공학 기반 스팸공격은 공격자가 직접적인 공격을 수행하는 것이 아니라 피해자가 문제 있는 사이트 주소, 문자, 이메일 수신 및 친구 수락 등을 통해 유도하기 때문에 온라인 소셜 네트워크에서 활성화되기 쉽다. 스팸 탐지 관련 기존 연구들은 소셜 네트워크 특성을 반영하지 않은 채, 관리자의 수동적인 판단 및 라벨링을 바탕으로 스팸을 정상 데이터와 구분하는 단계에 머물러있다. 본 논문에서는 소셜 네트워크 데이터 중 하나인 Twitter spam데이터 셋을 실제로 분석하고 소셜 네트워크에서 다양한 속성들을 반영하여 정상 (ham)과 비정상 (spam)을 구분할 수 있는 탐지 메트릭을 제안한다. 또한, 관리자의 관여 없이도 실시간 및 점진적으로 스팸의 특성을 학습하여 새로운 스팸에 대해서도 탐지할 수 있는 비지도 학습 기법(unsupervised scheme)을 제안한다. 실험 결과, 제안하는 기법은 90% 이상의 정확도로 정상과 스팸을 구별했고 실시간 및 점진적 학습 결과도 정확함을 보였다.

Since automatic social engineering based spam attacks induce for users to click or receive the short message service (SMS), e-mail, site address and make a relationship with an unknown friend, it is very easy for them to active in online social networks. The previous spam detection schemes only apply manual filtering of the system managers or labeling classifications regardless of the features of social networks. In this paper, we propose the spam detection metric after reflecting on a couple of features of social networks followed by analysis of real social network data set, Twitter spam. In addition, we provide the online social networks based unsupervised scheme for automated social engineering spam with self organizing map (SOM). Through the performance evaluation, we show the detection accuracy up to 90% and the possibility of real time training for the spam detection without the manager.

키워드

참고문헌

  1. Sophos Facebook ID Probe. http://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html, 2008.
  2. D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda, and C. Pu, "Reverse social engineering attacks in online social networks," in Detection of Intrusions and Malware, and Vulnerability Assessment, ed: Springer, pp.55-74, 2011.
  3. Jagatic, T. N., Johnson, N. A., Jakobsson, M., and Menczer, F. Social phishing. Commun. ACM, Vol.50, No.10, pp.94-100, 2007. https://doi.org/10.1145/1290958.1290968
  4. J. M. Gomez Hidalgo, G. C. Bringas, E. P. Sanz, and F. C. Garcia, "Content based SMS spam filtering," in Proceedings of the 2006 ACM symposium on Document engineering, pp.107-114, 2006.
  5. G. V. Cormack, J. M. Gomez Hidalgo, and E. P. Sanz, "Spam filtering for short messages," in Proceedings of the sixteenth ACM conference on Conference on information and knowledge management, pp.313-320, 2007.
  6. Liu JY, Zhao YH, and Zhang ZX et al. "Spam short messages detection via mining social netwoks," JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY, Vol.27, No.3, pp.506-514, May, 2012. DOI 10.1007/s11390-012-1239-7
  7. Richard Bassett et al., "DATA MINING AND SOCIAL NETWORKING SITES: PROTECTING BUSINESS INFRASTRUCTURE AND BEYOND," Issues in Information Systems, Vol.XI, No.1, 2010.
  8. Mariam Adedoyin-Olowe, Mohamed Medhat Gaber, and Frederic Stahl, "A Survey of Data Mining Techniques for Social Network Analysis," Cornell University.
  9. Kurt Thomas, Chris Grier, Vern Paxson, and Dawn Song, "Suspended Accounts in Retrospect: An Analysis of Twitter Spam," Internet Measurement Conference(IMC), 2011.
  10. Meng Jiang, Peng Cui, Alex Beutel, Christos Faloutsos, and Shiqiang Yang, "CatchSync : Catching Synchronized Behavior in Large Directed Graphs," KDD '14
  11. David Easley, Jon Kleinberg, "Networks, Crowds, and Markets: Reasoning About a Highly Connected World," Cambridge University Press.
  12. Neil Zhenqiang Gong, Mario Frank, and Prateek Mittal, "SybilBelief: A Semi-supervised Learning Approach for Structure-based Sybil Detection," IEEE Transactions on Information Forensics and Security, Vol.9, No.6, 2014.
  13. Qiang Cao, Xiaowei Yang, Jieqi Yu, and Christopher Palow, "Uncovering Large Groups of Active Malicious Accounts in Online Social Networks," ACM CCS 2014
  14. Hayoung Oh, Jiyoung Lim, Kijoon Chae and Jungchan Nah, "Home Gateway with Automated Real-Time Intrusion Detection for Secure Home Networks," Computational Science and Its Application-ICCSA 2006 Lecture Notes in Computer Science, Vol.3983, pp.440-447, 2006.
  15. Kyoungae Hwang, Hayoung Oh, Jiyoung Lim, Kijoon Chae, and Jungchan Nah, "Traffic Attributes Correlation Mechanism based on Self-Organizing Maps for Real-Time Intrusion Detection," Information Processing Society Journal, Oct., 2005.

피인용 문헌

  1. Relationship Analysis between Malware and Sybil for Android Apps Recommender System vol.26, pp.5, 2016, https://doi.org/10.13089/JKIISC.2016.26.5.1235