GroupFound: An effective approach to detect suspicious accounts in online social networks

Online social networks are an important part of people’s life and also become the platform where spammers use suspicious accounts to spread malicious URLs. In order to detect suspicious accounts in online social networks, researchers make a lot of efforts. Most existing works mainly utilize machine learning based on features. However, once the spammers disguise the key features, the detection method will soon fail. Besides, such methods are unable to cope with the variable and unknown features. The works based on graph mainly use the location and social relationship of spammers, and they need to build a huge social graph, which leads to much computing cost. Thus, it is necessary to propose a lightweight algorithm which is hard to be evaded. In this article, we propose a lightweight algorithm GroupFound, which focuses on the structure of the local graph. As the bi-followers come from different social communities, we divide all accounts into different groups and compute the average number of accounts for these groups. We evaluate GroupFound on Sina Weibo dataset and find an appropriate threshold to identify suspicious accounts. Experimental results have demonstrated that our algorithm can accomplish a high detection rate of [Formula: see text] at a low false positive rate of [Formula: see text].

Download Full-text

IoT Dataset Validation Using Machine Learning Techniques for Traffic Anomaly Detection

Electronics ◽

10.3390/electronics10222857 ◽

2021 ◽

Vol 10 (22) ◽

pp. 2857

Author(s):

Laura Vigoya ◽

Diego Fernandez ◽

Victor Carneiro ◽

Francisco Nóvoa

Keyword(s):

Machine Learning ◽

Anomaly Detection ◽

False Positive Rate ◽

Machine Learning Techniques ◽

Support Vector ◽

High Detection Rate ◽

Security Vulnerabilities ◽

Smart Systems ◽

Learning Techniques ◽

Positive Rate

With advancements in engineering and science, the application of smart systems is increasing, generating a faster growth of the IoT network traffic. The limitations due to IoT restricted power and computing devices also raise concerns about security vulnerabilities. Machine learning-based techniques have recently gained credibility in a successful application for the detection of network anomalies, including IoT networks. However, machine learning techniques cannot work without representative data. Given the scarcity of IoT datasets, the DAD emerged as an instrument for knowing the behavior of dedicated IoT-MQTT networks. This paper aims to validate the DAD dataset by applying Logistic Regression, Naive Bayes, Random Forest, AdaBoost, and Support Vector Machine to detect traffic anomalies in IoT. To obtain the best results, techniques for handling unbalanced data, feature selection, and grid search for hyperparameter optimization have been used. The experimental results show that the proposed dataset can achieve a high detection rate in all the experiments, providing the best mean accuracy of 0.99 for the tree-based models, with a low false-positive rate, ensuring effective anomaly detection.

Download Full-text

A Secure Routing Scheme Against Malicious Nodes in Ad Hoc Networks

Security and Privacy in Smart Sensor Networks - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5736-4.ch013 ◽

2018 ◽

pp. 284-307

Author(s):

Abdelaziz Amara Korba ◽

Mohamed Amine Ferrag

Keyword(s):

Ad Hoc Networks ◽

Ad Hoc ◽

False Positive Rate ◽

Secure Routing ◽

Malicious Nodes ◽

High Detection Rate ◽

Routing Scheme ◽

Wide Range ◽

Positive Rate ◽

Hoc Networks

This chapter proposes a new cluster-based secure routing scheme to detect and prevent intrusions in ad hoc networks. The proposed scheme combines both specification and anomaly detection techniques to provide an accurate detection of wide range of routing attacks. The proposed secure scheme provides an adaptive response mechanism to isolate malicious nodes from the network. A key advantage of the proposed secure scheme is its capacity to prevent wormhole and rushing attacks and its real-time detection of both known and unknown attacks which violate specification. The simulation results show that the proposed scheme shows high detection rate and low false positive rate compared to other security mechanisms.

Download Full-text

Adaptive and Lightweight Abnormal Node Detection via Biological Immune Game in Mobile Multimedia Networks

Algorithms ◽

10.3390/a14120368 ◽

2021 ◽

Vol 14 (12) ◽

pp. 368

Author(s):

Yajing Zhang ◽

Kai Wang ◽

Jinghui Zhang

Keyword(s):

False Positive Rate ◽

Detection Algorithm ◽

Abnormal Behavior ◽

Multimedia Networks ◽

Mobile Multimedia ◽

High Detection Rate ◽

Multimedia Networking ◽

High Detection ◽

Positive Rate ◽

Abnormal Node

Considering the contradiction between limited node resources and high detection costs in mobile multimedia networks, an adaptive and lightweight abnormal node detection algorithm based on artificial immunity and game theory is proposed in order to balance the trade-off between network security and detection overhead. The algorithm can adapt to the highly dynamic mobile multimedia networking environment with a large number of heterogeneous nodes and multi-source big data. Specifically, the heterogeneous problem of nodes is solved based on the non-specificity of an immune algorithm. A niche strategy is used to identify dangerous areas, and antibody division generates an antibody library that can be updated online, so as to realize the dynamic detection of the abnormal behavior of nodes. Moreover, the priority of node recovery for abnormal nodes is decided through a game between nodes without causing excessive resource consumption for security detection. The results of comparative experiments show that the proposed algorithm has a relatively high detection rate and a low false-positive rate, can effectively reduce consumption time, and has good level of adaptability under the condition of dynamic nodes.

Download Full-text

A Novel Method Based on Clustering Algorithm and SVM for Anomaly Intrusion Detection of Wireless Sensor Networks

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.121-126.3745 ◽

2011 ◽

Vol 121-126 ◽

pp. 3745-3749

Author(s):

Zheng Hong Xiao ◽

Zhi Gang Chen ◽

Xiao Heng Deng

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Intrusion Detection ◽

Clustering Algorithm ◽

False Positive Rate ◽

Wireless Sensor ◽

Support Vector ◽

High Detection Rate ◽

Positive Rate ◽

Anomaly Intrusion Detection

Based on the principle that the same class is adjacent, an anomaly intrusion detection method based on K-means and Support Vector Machine (SVM) is presented. In order to overcome the disadvantage that k-means algorithm requires initializing parameters, this paper proposes an improved K-means algorithm with a strategy of adjustable parameters. According to the location of wireless sensor networks (WSN), we can obtain clustering results by applying improved K-means algorithm to WSN, and then SVM algorithm is applied to different clusters for anomaly intrusion detection. Simulation results show that the proposed method can detect abnormal behaviors efficiently and has high detection rate and low false positive rate than the current typical intrusion detection schemes of WSN.

Download Full-text

Research on China’s city network based on users’ friend relationships in online social networks: a case study of Sina Weibo

GeoJournal ◽

10.1007/s10708-016-9743-x ◽

2016 ◽

Vol 81 (6) ◽

pp. 937-946 ◽

Cited By ~ 11

Author(s):

Zhen Feng ◽

Wang Bo ◽

Chen Yingxue

Keyword(s):

Social Networks ◽

Online Social Networks ◽

Sina Weibo ◽

City Network

Download Full-text

Identification of Influential Online Social Network Users Based on Multi-Features

International Journal of Pattern Recognition and Artificial Intelligence ◽

10.1142/s0218001416590151 ◽

2016 ◽

Vol 30 (06) ◽

pp. 1659015 ◽

Cited By ~ 9

Author(s):

Qindong Sun ◽

Nan Wang ◽

Yadong Zhou ◽

Zuomin Luo

Keyword(s):

Social Networks ◽

Online Social Networks ◽

Online Social Network ◽

Real Data ◽

User Profiles ◽

Sina Weibo ◽

Pagerank Algorithm ◽

Model Based ◽

User Influence ◽

Influential Users

The problem of discovering influential users is important to understand and analyze online social networks. The user profiles and interactions between users are significant features to evaluate the user influence. As these features are heterogeneous, it is challengeable to take all of them into a proper model for influence evaluation. In this paper, we propose a model based on personal user features and the adjacent factor to discover influential users in online social networks. Through taking the advantages of Bayesian network and chain principle of PageRank algorithm, the features of the user profiles and interactions are integratedly considered in our model. Based on real data from Sina Weibo data and multiple evaluation metrics of retweet count, tweet count, follower count, etc., the experimental results show that influential users identified by our model are more powerful than the ones identified by single indicator methods and PageRank-based methods.

Download Full-text

Taiwanese new direction in prediction of early pregnancy preeclampsia: a prospective and non-interventional study

10.21203/rs.3.rs-54124/v1 ◽

2020 ◽

Author(s):

Yen-Tin Chen ◽

Tzu-Yi Lin ◽

Po-Jen Cheng ◽

Kok-Seong Chan ◽

Hui-Yu Huang ◽

...

Keyword(s):

False Positive Rate ◽

Model Performance ◽

First Trimester ◽

Patient Specific ◽

Interventional Study ◽

High Detection Rate ◽

Maternal Characteristics ◽

Positive Rate ◽

Trimester Screening ◽

Set Up

Abstract Background First trimester screening is essential to preeclampsia (PE) prevention. Fetal Medicine Foundation (FMF) model combined maternal characteristics with mean arterial pressure (MAP), uterine artery pulsatility index (UtAPI) and placental growth factor (PlGF) to estimate risk. High detection rate (DR) was observed in Asia. The study aims to evaluate performance of screening in Taiwan.Methods This was a prospective and non-interventional study between January, 2017 and June, 2018. Data was collected from 700 pregnant women at 11+ 0-13+ 6 gestational week. Maternal characteristics were recorded. MAP, UtAPI and PlGF were measured and converted into Multiple of the Median (MoM). Patient-specific risks were calculated with FMF model. Performance of screening was examined by ROC curve and DR.Results 25 women (3.57%) contracted PE, including 8 with preterm PE (1.14%). In preterm PE, mean MoM of MAP and UtAPI were higher (1.096 vs 1.000; 1.084 vs 1.035). Mean MoM of PlGF was lower (0.927 vs 1.031). DR in preterm PE achieved 12.5%, 50.0%, 50.0% and 62.5% at false-positive rate (FPR) of 5%, 10%, 15% and 20%.Conclusion FMF model showed high DR for PE in Taiwan. Integration of PE and Down screening could set up a one-step workflow.

Download Full-text

DECIPHER, a Search-Based Approach to Chimera Identification for 16S rRNA Sequences

Applied and Environmental Microbiology ◽

10.1128/aem.06516-11 ◽

2011 ◽

Vol 78 (3) ◽

pp. 717-725 ◽

Cited By ~ 426

Author(s):

Erik S. Wright ◽

L. Safak Yilmaz ◽

Daniel R. Noguera

Keyword(s):

16S Rrna ◽

False Positive ◽

Detection Rate ◽

False Positive Rate ◽

Query Sequence ◽

R Package ◽

Phylogenetic Group ◽

High Detection Rate ◽

Positive Rate ◽

R Programming

ABSTRACTDECIPHER is a new method for finding 16S rRNA chimeric sequences by the use of a search-based approach. The method is based upon detecting short fragments that are uncommon in the phylogenetic group where a query sequence is classified but frequently found in another phylogenetic group. The algorithm was calibrated for full sequences (fs_DECIPHER) and short sequences (ss_DECIPHER) and benchmarked against WigeoN (Pintail), ChimeraSlayer, and Uchime using artificially generated chimeras. Overall, ss_DECIPHER and Uchime provided the highest chimera detection for sequences 100 to 600 nucleotides long (79% and 81%, respectively), but Uchime's performance deteriorated for longer sequences, while ss_DECIPHER maintained a high detection rate (89%). Both methods had low false-positive rates (1.3% and 1.6%). The more conservative fs_DECIPHER, benchmarked only for sequences longer than 600 nucleotides, had an overall detection rate lower than that of ss_DECIPHER (75%) but higher than those of the other programs. In addition, fs_DECIPHER had the lowest false-positive rate among all the benchmarked programs (<0.20%). DECIPHER was outperformed only by ChimeraSlayer and Uchime when chimeras were formed from closely related parents (less than 10% divergence). Given the differences in the programs, it was possible to detect over 89% of all chimeras with just the combination of ss_DECIPHER and Uchime. Using fs_DECIPHER, we detected between 1% and 2% additional chimeras in the RDP, SILVA, and Greengenes databases from which chimeras had already been removed with Pintail or Bellerophon. DECIPHER was implemented in the R programming language and is directly accessible through a webpage or by downloading the program as an R package (http://DECIPHER.cee.wisc.edu).

Download Full-text

DeepReturn: A deep neural network can learn how to detect previously-unseen ROP payloads without using any heuristics

Journal of Computer Security ◽

10.3233/jcs-191368 ◽

2020 ◽

Vol 28 (5) ◽

pp. 499-523

Author(s):

Xusheng Li ◽

Zhisheng Hu ◽

Haizhou Wang ◽

Yiwei Fu ◽

Ping Chen ◽

...

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

False Positive Rate ◽

Detection Methods ◽

Detection Accuracy ◽

Address Space ◽

High Detection Rate ◽

Positive Rate ◽

In The Wild ◽

Space Layout

Return-oriented programming (ROP) is a code reuse attack that chains short snippets of existing code to perform arbitrary operations on target machines. Existing detection methods against ROP exhibit unsatisfactory detection accuracy and/or have high runtime overhead. In this paper, we present DeepReturn, which innovatively combines address space layout guided disassembly and deep neural networks to detect ROP payloads. The disassembler treats application input data as code pointers and aims to find any potential gadget chains, which are then classified by a deep neural network as benign or malicious. Our experiments show that DeepReturn has high detection rate (99.3%) and a very low false positive rate (0.01%). DeepReturn successfully detects all of the 100 real-world ROP exploits that are collected in-the-wild, created manually or created by ROP exploit generation tools. DeepReturn is non-intrusive and does not incur any runtime overhead to the protected program.

Download Full-text

Postmortem Analysis of Decayed Online Social Communities: Cascade Pattern Analysis and Prediction

Complexity ◽

10.1155/2018/3873601 ◽

2018 ◽

Vol 2018 ◽

pp. 1-17

Author(s):

Mohammed Abufouda

Keyword(s):

Machine Learning ◽

Social Networks ◽

Statistical Analysis ◽

Online Social Networks ◽

Pattern Analysis ◽

Decay Process ◽

Social Communities ◽

Network Measure ◽

Significant Difference ◽

Baseline Predictor

Recently, many online social networks, such as MySpace, Orkut, and Friendster, have faced inactivity decay of their members, which contributed to the collapse of these networks. The reasons, mechanics, and prevention mechanisms of such inactivity decay are not fully understood. In this work, we analyze decayed and alive subwebsites from the Stack Exchange platform. The analysis mainly focuses on the inactivity cascades that occur among the members of these communities. We provide measures to understand the decay process and statistical analysis to extract the patterns that accompany the inactivity decay. Additionally, we predict cascade size and cascade virality using machine learning. The results of this work include a statistically significant difference of the decay patterns between the decayed and the alive subwebsites. These patterns are mainly cascade size, cascade virality, cascade duration, and cascade similarity. Additionally, the contributed prediction framework showed satisfactorily prediction results compared to a baseline predictor. Supported by empirical evidence, the main findings of this work are (1) there are significantly different decay patterns in the alive and the decayed subwebsites of the Stack Exchange; (2) the cascade’s node degrees contribute more to the decay process than the cascade’s virality, which indicates that the expert members of the Stack Exchange subwebsites were mainly responsible for the activity or inactivity of the Stack Exchange subwebsites; (3) the Statistics subwebsite is going through decay dynamics that may lead to it becoming fully-decayed; (4) the decay process is not governed by only one network measure, it is better described using multiple measures; (5) decayed subwebsites were originally less resilient to inactivity decay, unlike the alive subwebsites; and (6) network’s structure in the early stages of its evolution dictates the activity/inactivity characteristics of the network.

Download Full-text