A novel machine learning approach to the detection of identity theft in social networks based on emulated attack instances and support vector machines

Villar-Rodríguez, Esther; Ser, Javier Del; Torre-Bastida, Ana I.; Bilbao, Miren Nekane; Salcedo‐Sanz, Sancho

doi:10.1002/cpe.3633

Cited by 12 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results show a good performance in real time, however, without using any reaction and threats prevention. Villar‐Rodriguez et al propose the use of Support Vector Machine (SVM) to detect identity theft in social networks . The authors monitor user profiles based on connection time information.…”

Section: Related Workmentioning

confidence: 99%

Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data

Lopez

Mattos

Duarte

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a sCAlable TRAffic Classifier and Analyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real-time threat-detection service. The system presents a friendly graphical interface that provides real-time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy. KEYWORDSbig data, network traffic classification, stream processing, threat detection, virtual network function INTRODUCTIONThe Internet is facing constant changes, from the diversity of the user, the complexity of its application, until the heterogeneity of the information producers. 1 As a consequence, traffic monitoring, a critical task in maintaining the stability, reliability, and security of computer networks, is facing new challenges. 2 Current network monitoring tools are inadequate for current speed and management needs of large network domains.To ensure network security, new systems must be designed since current security systems such as Security Information and Event Management (SIEM) are inadequate. While 82% of security threats occur in minutes, an intrusion can take up to 8 months to be detected. 3 It is essential that the detection time is the least possible so that intrusion prevention can be effective. 4Security incidents have increased their complexity, and simple analysis and filtering of packets are no longer sufficient. Attackers try to hide malicious traffic from the security tools by forging the source IP and dynamically changing TCP port. In this context, a promising alternative for classifying network traffic and detect threats is to apply Machine Learning (ML) techniques. These techniques are suitable for big data, with more samples to train the classifier, as methods have higher effectiveness. 5 With a large number of features, however, ML techniques perform results with high latency due to computational resource consumption. This high latency is a disadvantage for applications that use machine learning for real-time classification. For example, network monitoring applications must analyze data and detect threats as quickly as possible. In this context, real-time stream processing allows the immediate analysis of different types of data and consequently benefits traffic monitoring for security threat detection. Open source distributed processing platforms such as Apache Storm, 6 Apache Flink, 7 and Apache Spark 8 process big data w...

show abstract

Section: Related Workmentioning

confidence: 99%

Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data

Lopez

Mattos

Duarte

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…In addition to that, some works have focused on finding automated ways to detect compromised and hijacked accounts, such as Egele, Stringhini, Kruegel, and Vigna (, ) and Zangerle and Specht (). More recently, some works have explored deep learning techniques to detect identity theft attacks, such as Reyns and Henson (), Wang, Yang, and Luo (), and Villar‐Rodíguez, Del Ser, Torre‐Bastida, Bilbao, and Salcedo‐Sanz (). To keep focus in this article, we mostly discuss works that tackle mass attacks.…”

Section: Knowledge‐based Defense Mechanismsmentioning

confidence: 99%

Knowledge‐based approaches for identity management in online social networks

Bahri¹,

Carminati²,

Ferrari³

2018

WIREs Data Min & Knowl

View full text Add to dashboard Cite

When we meet a new person, we start by introducing ourselves. We share our names, and other information about our jobs, cities, family status, and so on. This is how socializing and social interactions can start: we first need to identify each other. Identification is a cornerstone in establishing social contacts. We identify ourselves and others by a set of civil (e.g., name, nationality, ID number, gender) and social (e.g., music taste, hobbies, religion) characteristics. This seamlessly carried out identification process in face‐to‐face interactions is challenged in the virtual realms of socializing, such as in online social network (OSN) platforms. New identities (i.e., online profiles) could be created without being subject to any level of verification, making it easy to create fake information and forge fake identities. This has led to a massive proliferation of accounts that represent fake identities (i.e., not mapping to physically existing entities), and that poison the online socializing environment with fake information and malicious behavior (e.g., child abuse, information stealing). Within this milieu, users in OSNs are left unarmed against the challenging task of identifying the real person behind the screen. OSN providers and research bodies have dedicated considerable effort to the study of the behavior and features of fake OSN identities, trying to find ways to detect them. Some other research initiatives have explored possible techniques to enable identity validation in OSNs. Both kinds of approach rely on extracting knowledge from the OSN, and exploiting it to achieve identification management in their realms. We provide a review of the most prominent works in the literature. We define the problem, provide a taxonomy of related attacks, and discuss the available solutions and approaches for knowledge‐based identity management in OSNs. This article is categorized under: Fundamental Concepts of Data and Knowledge > Human Centricity and User Interaction Application Areas> Internet and Web‐Based Applications Application Areas> Society and Culture

show abstract

“…SMO is a WEKA implementation of the sequential minimal optimization algorithm. It is a fast version of support vector machine, which form an important class . SMO can be invoked in WEKA with four kernels.…”

Section: Empirical Studymentioning

confidence: 99%

“…Figure 3 presents the results obtained in filtering phishing emails by these kernels of BN for Dataset A of Table I as training set and Datasets B and C of Table I as validate sets. SMO is a WEKA implementation of the sequential minimal optimization algorithm. It is a fast version of support vector machine, which form an important class [52,53]. SMO can be invoked in WEKA with four kernels.…”

Section: Empirical Studymentioning

confidence: 99%

Multilayer hybrid strategy for phishing email zero‐day filtering

Chowdhury

Abawajy

Kelarev

et al. 2016

Concurrency and Computation

View full text Add to dashboard Cite

Summary The cyber security threats from phishing emails have been growing buoyed by the capacity of their distributors to fine‐tune their trickery and defeat previously known filtering techniques. The detection of novel phishing emails that had not appeared previously, also known as zero‐day phishing emails, remains a particular challenge. This paper proposes a multilayer hybrid strategy (MHS) for zero‐day filtering of phishing emails that appear during a separate time span by using training data collected previously during another time span. This strategy creates a large ensemble of classifiers and then applies a novel method for pruning the ensemble. The majority of known pruning algorithms belong to the following three categories: ranking based, clustering based, and optimization‐based pruning. This paper introduces and investigates a multilayer hybrid pruning. Its application in MHS combines all three approaches in one scheme: ranking, clustering, and optimization. Furthermore, we carry out thorough empirical study of the performance of the MHS for the filtering of phishing emails. Our empirical study compares the performance of MHS strategy with other machine learning classifiers. The results of our empirical study demonstrate that MHS achieved the best outcomes and multilayer hybrid pruning performed better than other pruning techniques. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

A novel machine learning approach to the detection of identity theft in social networks based on emulated attack instances and support vector machines

Cited by 12 publications

References 11 publications

Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data

Toward a monitoring and threat detection system based on stream processing as a virtual network function for big data

Knowledge‐based approaches for identity management in online social networks

Multilayer hybrid strategy for phishing email zero‐day filtering

Contact Info

Product

Resources

About