Abstract
The amount of personal information involuntarily exposed by users on online social networks is staggering, as shown in recent research. Moreover, recent reports indicate that these networks are inundated with tens of millions of fake user profiles, which may jeopardize the user’s security and privacy. To identify fake users in such networks and to improve users’ security and privacy, we developed the Social Privacy Protector (SPP) software for Facebook. This software contains three protection layers that improve user privacy by implementing different methods to identify fake profiles. The first layer identifies a user’s friends who might pose a threat and then restricts the access these “friends” have to the user’s personal information. The second layer is an expansion of Facebook’s basic privacy settings based on different types of social network usage profiles. The third layer alerts users about the number of installed applications on their Facebook profile that has access to their private information. An initial version of the SPP software received positive media coverage, and more than 3,000 users from more than 20 countries have installed the software, out of which 527 have used the software to restrict more than 9,000 friends. In addition, we estimate that more than 100 users have accepted the software’s recommendations and removed nearly 1,800 Facebook applications from their profiles. By analyzing the unique dataset obtained by the software in combination with machine learning techniques, we developed classifiers that are able to predict Facebook profiles with a high probability of being fake and consequently threaten the user’s security and privacy. Moreover, in this study, we present statistics generated by the SPP software on both user privacy settings and the number of applications installed on Facebook profiles. These statistics alarmingly demonstrate how vulnerable Facebook users’ information is to both fake profile attacks and third-party Facebook applications.
Similar content being viewed by others
Notes
Due to the unexpected number of downloads and high usage of the application, our servers did not succeed in supporting the massive number of users all at once. Moreover, in our initial version, the SPP Facebook application did not support all the existing web browsers. Therefore, many users who installed the SPP software were not able to use it on demand.
An initial version of the SPP software was described, as a work in progress, in our previous paper (Fire et al. 2012b).
In case more than \(k\) friends received the lowest Connection-Strength values, we randomly removed friends with the highest Connection-Strength values, until we were left with exactly \(k\) friends.
If a restricted user’s friend was presented in the recommendation interface and was restricted using the alphabetical interface, the link between the user and the restricted friend was assigned to the recommended restricted links set.
There can be cases in which SPP users choose to restrict Facebook friends who are legitimate Facebook users but received low Connection-Strength scores. Nevertheless, according to the Fake profiles dataset definition, and due to the SPP software’s original purpose, we assume that in most cases, the SPP users indeed chose to restrict fake profiles.
In some cases, we were not able to extract the user’s (\(v\)) friends number probably due to the \(v\)’s privacy settings.
In order to measure the classifiers’ training time, we used WEKA’s UserCPU_Time_training measure.
In case of the Friends-restriction datasets, we calculated the average users precision for 355 SPP application users only, ensuring they were familiar with the alphabetical interface and had used it to restrict their friends.
The SPP Add-on was available for download from several locations, such as the Firefox Add-ons website and the PrivacyProtector.net website. Due to the fact that not all locations store the number of downloads, we can only estimate the number of downloads according to our HTTP server logs.
Due to the fact that not all SPP users opened their Facebook privacy settings during this time period, and probably due to problems in parsing the different Facebook privacy settings page layouts, we succeeded in collecting the SPP users’ privacy settings for only a limited number of users.
The classifier’s true-positive rate is the proportion of links that were classified as restricted to all links which were actually were restricted. Therefore, throughout this study, the classifier’s true-positive rate is equivalent to the classifier’s recall rate.
References
Altshuler Y, Fire M, Aharony N, Elovici Y, Pentland A (2012) How many makes a crowd? On the evolution of learning as a factor of community coverage. In: Social computing, behavioral-cultural modeling and prediction. Springer, Berlin Heidelberg, pp 43–52
Anwar M, Fong PW (2012) A visualization tool for evaluating access control policies in facebook-style social network systems. In: Proceedings of the 27th annual ACM symposium on applied computing, ACM, pp 1443–1450
Benevenuto F, Magno G, Rodrigues T, Almeida V (2010) Detecting spammers on twitter. In: Collaboration, electronic messaging, anti-abuse and spam conference (CEAS), vol 6, p 12
Bigos A (2012) New facebook app helps protect kids against online criminals. http://www.foxcharlotte.com/news/top-stories/New-Facebook-App-Helps-Protects-Kids-Against-Online-Criminals-162540726.html. Accessed 21 Sept 2012
Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2011) The socialbot network: when bots socialize for fame and money. In: Proceedings of the 27th annual computer security applications conference, ACM, pp 93–102
Chawla N, Bowyer K, Hall L, Kegelmeyer W (2011) Smote: synthetic minority over-sampling technique. arXiv, preprint arXiv:11061813
Cukierski WJ, Hamner B, Yang B (2011) Graph-based features for supervised link prediction. In: IEEE International Joint Conference on Neural Networks (IJCNN), pp 1237–1244
DeBarr D, Wechsler H (2010) Using social network analysis for spam detection. In: Chai S, Salerno JJ, Mabry PL (eds) Proceedings of the third international conference on social computing, behavioral modeling, and prediction (SBP’10). Springer-Verlag, Berlin, Heidelberg, pp 62–69
Egele M, Moser A, Kruegel C, Kirda E (2011) Pox: Protecting users from malicious facebook applications. In: IEEE international conference on pervasive computing and communications workshops (PERCOM workshops), 2011, pp 288–294
Facebook I (2012) Quarterly report pursuant to section 13 or 15(d) of the securities exchange act of 1934. http://www.sec.gov/Archives/edgar/data/1326801/000119312512325997/d371464d10q.htm#tx371464\_14
Fire M, Tenenboim L, Lesser O, Puzis R, Rokach L, Elovici Y (2011) Link prediction in social networks using computationally efficient topological features. In: Privacy, Security, Risk and Trust (PASSAT), 2011 IEEE third international conferenee on social computing (SocialCom), IEEE, pp 73–80
Fire M, Kagan D, Elisahr A, Elovici Y (2012a) Social privacy protector official website. http://socialprotector.net/,. Accessed 21, Sept 2012
Fire M, Kagan D, Elishar A, Elovici Y (2012b) Social privacy protector-protecting users’ privacy in social networks. In: SOTICS 2012, the second international conference on social eco-informatics, pp 46–50
Fire M, Katz G, Elovici Y (2012c) Strangers intrusion detection-detecting spammers and fake profiles in social networks based on topology anomalies. ASE Hum J 1(1):26–39
Fire M, Tenenboim-Chekina L, Puzis R, Lesser O, Rokach L, Elovici Y (2013) Computationally efficient link prediction in a variety of social networks. ACM Trans Intell Syst Technol (TIST) 5(1):10
Guha R, Kumar R, Raghavan P, Tomkins A (2004) Propagation of trust and distrust. In: Proceedings of the 13th international conference on World Wide Web, ACM, pp 403–412
Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten I (2009) The weka data mining software: an update. ACM SIGKDD Explor Newslett 11(1):10–18
Hasan MA, Chaoji V, Salem S, Zaki M (2006) Link prediction using supervised learning. SDM workshop of link analysis, counterterrorism and security
Kahanda I, Neville J (2009) Using transactional information to predict link strength in online social networks. In: Proceedings of the third international conference on weblogs and social media (ICWSM).
Kuzma J (2011) Account creation security of social network sites. Inter J Appl Sci Technol 1(3):8–13
Lee K, Caverlee J, Webb S (2010) Uncovering social spammers: social honeypots+ machine learning. In: Proceeding of the 33rd international ACM SIGIR conference on research and development in information retrieval, ACM, pp 435–442
Leskovec J, Huttenlocher D, Kleinberg J (2010) Predicting positive and negative links in online social networks. In: Proceedings of the 19th international conference on World wide web, ACM, pp 641–650
Liben-Nowell D, Kleinberg J (2007) The link-prediction problem for social networks. J Am Soc Inform Sci Technol 58(7):1019–1031
Liu Y, Gummadi K, Krishnamurthy B, Mislove A (2011) Analyzing facebook privacy settings: User expectations vs. reality. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, ACM, pp 61–70
Madden M, Zickuhr K (2011) 65% of online adults use social networking sites. http://pewinternet.org/Reports/2011/Social-Networking-Sites.aspx
Mahmood S, Desmedt Y (2011) Poster: preliminary analysis of google+’s privacy. In: Proceedings of the 18th ACM conference on computer and communications security, ACM, pp 809–812
Nazir A, Raza S, Chuah CN, Schipper B, Davis C (2010) Ghostbusting facebook: detecting and characterizing phantom profiles in online social gaming applications. Proceedings of SIGCOMM WOSN
Nelson S, Simek J, Foltin J (2009) The legal implications of social networking. Regent UL Rev 22:1–481
Nielsen (2011) The social media report. http://blog.nielsen.com/nielsenwire/social/,. Accessed April 7, 2014
Paul G, Maitra S (2011) RC4 stream cipher and its variants. CRC Press, New York
Popkin H (2012) Facebook app helps ferret out pedophiles. http://www.nbcnews.com/technology/technolog/facebook-app-helps-ferret-out-pedophiles-871761,. Accessed 21 Sept 2012
Rahman M, Huang T, Madhyastha H, Faloutsos M (2012a) Efficient and scalable socware detection in online social networks. In: Proceedings of the 21st USENIX conference on security symposium, USENIX association, pp 32–32
Rahman MS, Huang TK, Madhyastha HV, Faloutsos M (2012b) Frappe: detecting malicious facebook applications. In: Proceedings of the 8th international conference on emerging networking experiments and technologies, ACM, pp 313–324
Sakaki T, Okazaki M, Matsuo Y (2010) Earthquake shakes twitter users: real-time event detection by social sensors. In: Proceedings of the 19th international conference on World wide web, ACM, pp 851–860
Smith A (2014) 6 new facts about facebook. http://www.pewresearch.org/fact-tank/2014/02/03/6-new-facts-about-facebook/,. Accessed April 7, 2014
Stein T, Chen E, Mangla K (2011) Facebook immune system. In: Proceedings of the 4th workshop on social network systems, ACM, p 8
Stringhini G, Kruegel C, Vigna G (2010) Detecting spammers on social networks. In: Proceedings of the 26th annual computer security applications conference, ACM, pp 1–9
Wang A (2010) Don’t follow me: Spam detection in twitter. In: Security and cryptography (SECRYPT), proceedings of the 2010 international conference on, IEEE, pp 1–10
Wang G, Konolige T, Wilson C, Wang X, Zheng H, Zhao BY (2013) You are how you click: clickstream analysis for sybil detection. In: USENIX security symposium, Washington, DC
Xiang R, Neville J, Rogati M (2010) Modeling relationship strength in online social networks. In: Proceedings of the 19th international conference on World wide web, ACM, pp 981–990
Yang Z, Wilson C, Wang X, Gao T, Zhao BY, Dai Y (2011) Uncovering social network sybils in the wild. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, ACM, pp 259–268
Acknowledgments
We would like to thank Elizabeth Huesing and Sawsan Brik for proofreading this article. Especially, we want to thank Carol Teegarden for her editing expertise and endless helpful advice which guided this article to completion. We also want to thank the anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Fire, M., Kagan, D., Elyashar, A. et al. Friend or foe? Fake profile identification in online social networks. Soc. Netw. Anal. Min. 4, 194 (2014). https://doi.org/10.1007/s13278-014-0194-4
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13278-014-0194-4