#### DMCA

## Spotting suspicious link behavior with fbox: An adversarial perspective (2014)

Citations: | 3 - 3 self |

### Citations

3043 | On the evolution of random graphs.
- Erdös, Rényi
- 1960
(Show Context)
Citation Context ...s each node a fixed probability p = s/f of performing a fraudulent operation associated with one of the c customers. The random graph injection is similar to the ErdösRényi model defined by G(n, p) =-=[4]-=-, except we consider a directed graph scenario with cf possible edges. Theorem 2. The leading singular value of an s, c, f directed random bipartite graph is σ1 ∼ s √ c/f . Proof: (Sketch): by computi... |

1702 | Y.: On spectral clustering: Analysis and an algorithm
- Ng, Jordan, et al.
- 2001
(Show Context)
Citation Context ...ecomposition for network intrusion detection. [2] proposes a robust collaborative filtering model that clusters latent parameters to limit the impact of fraudulent ratings from potential adversaries. =-=[17]-=- and [8] propose using eigenvectors of graph decompositions for graph partitioning and community detection. Although spectral methods have shown promise in finding large communities and blatantly susp... |

988 | What is Twitter, a social network or a news media
- KWAK, LEE, et al.
- 2010
(Show Context)
Citation Context ...lowee links, spammy Tweets and otherwise strange behavior. Reproducibility: Our code is available at http://www.cs. cmu.edu/∼neilshah/code/. The Twitter dataset is also publicly available as cited in =-=[8]-=-. II. BACKGROUND AND RELATED WORK The related work forms three groups: spectral methods, graph traversal methods, and feature-based methods. A. Spectral methods We classify techniques that cluster the... |

143 | spam: the underground on 140 characters or less
- GRIER, THOMAS, et al.
- 2010
(Show Context)
Citation Context ...e negatives. C. Feature-based methods Spam and fraud detection has classically been framed as a feature-based classification problem, e.g. based on the words in spam email or URLs in tweets. However, =-=[6]-=- focuses on malicious Tweets and finds that blacklisting approaches are too slow to stem the spread of Twitter spam. OddBall [1] proposes features based on egonets to find anomalous users on weighted ... |

112 | 2010b). Signed networks in social media
- Leskovec, Huttenlocher, et al.
(Show Context)
Citation Context ...r value of σ1 = √ cs. Thus, it is apparent TABLE II: Graphs used for empirical analysis Graph Nodes Edges Twitter [8] 41.7 million 1.5 billion Netflix [12] 480k users & 17k videos 99 million Epinions =-=[9]-=- 131,828 841,372 Slashdot [9] 82,144 549,202 Wikipedia [9] 8274 114,040 that naı̈ve injection is the least suitable for an adversarial use, since it will necessarily produce a larger singular value th... |

79 |
Adversarial learning,” in
- Lowd, Meek
- 2005
(Show Context)
Citation Context ...us Tweets and finds that blacklisting approaches are too slow to stem the spread of Twitter spam. OddBall [1] proposes features based on egonets to find anomalous users on weighted graphs. In [3] and =-=[10]-=- the authors take a game theoretic approach to learning simple classifiers over generic features to detect spam. While related in the adversarial perspective, these approaches focus on general feature... |

75 | Oddball: Spotting anomalies in weighted graphs
- Akoglu, McGlohon, et al.
(Show Context)
Citation Context ...blem, e.g. based on the words in spam email or URLs in tweets. However, [6] focuses on malicious Tweets and finds that blacklisting approaches are too slow to stem the spread of Twitter spam. OddBall =-=[1]-=- proposes features based on egonets to find anomalous users on weighted graphs. In [3] and [10] the authors take a game theoretic approach to learning simple classifiers over generic features to detec... |

72 | Netprobe: a fast and scalable system for fraud detection in online auction networks”,
- Pandit, Chau, et al.
- 2007
(Show Context)
Citation Context ...[6] proposes a PageRank-like approach for penalizing promiscuous users on Twitter, but is unfortunately only shown to be effective in detecting already caught spammers rather than detecting new ones. =-=[18]-=- uses belief propagation to find near-bipartite cores of attackers on eBay. However, most similar in application is Beutel et al’s COPYCATCH algorithm to find suspicious lockstep behavior in Facebook ... |

46 | Understanding and combating link farming in the twitter social network
- Ghosh, Viswanath, et al.
- 2012
(Show Context)
Citation Context ...on. (c) shows their suspicious profiles with matching glyphs (see text for details). B. Graph-traversal based methods Shrivastava et al [15] use random walks to detect randomlink attacks. Ghosh et al =-=[5]-=- proposes a PageRank-like approach to penalizing promiscuous users on Twitter, Beutel et al propose the CopyCatch algorithm [2] which uses graph traversal to find lock-step behavior and thus dense bip... |

37 | Hidden factors and hidden topics: understanding rating dimensions with review text.
- McAuley, Leskovec
- 2013
(Show Context)
Citation Context ...azon graph. The Twitter graph was scraped by Kwak et al. in 2010 and contains 41.7 million users with 1.5 billion edges [8]. The Amazon ratings graph was scraped in March 2013 by McAuley and Leskovec =-=[11]-=- and contains 29 million reviews from 6 million users about 2 million products. Our analysis is conducted both directly and via synthetic attacks. B. FBOX on real Twitter accounts To show our effectiv... |

33 | N (2008) Spectral clustering with perturbed data
- Huang, Yan, et al.
(Show Context)
Citation Context ...ion for network intrusion detection. [2] proposes a robust collaborative filtering model that clusters latent parameters to limit the impact of fraudulent ratings from potential adversaries. [17] and =-=[8]-=- propose using eigenvectors of graph decompositions for graph partitioning and community detection. Although spectral methods have shown promise in finding large communities and blatantly suspicious b... |

31 | Spectral analysis for billion-scale graphs: Discoveries and implementation
- Kang, Meeder, et al.
- 2011
(Show Context)
Citation Context ...n rank k used in a given implementation. All techniques operating on large graphs use such a parameter in practical implementations given that matrix decompositions are very computationally expensive =-=[10]-=-. Previous spectral methods have generally chosen small values of k < 100 for purposes of computability. As we will show in Section III, knowledge of k or the associated singular value threshold (infe... |

19 | CopyCatch: stopping group attacks by spotting lockstep behavior in social networks
- Beutel, Xu, et al.
- 2013
(Show Context)
Citation Context ...va et al [15] use random walks to detect randomlink attacks. Ghosh et al [5] proposes a PageRank-like approach to penalizing promiscuous users on Twitter, Beutel et al propose the CopyCatch algorithm =-=[2]-=- which uses graph traversal to find lock-step behavior and thus dense bipartite cores of Facebook Page-Likes. One major caveat with clustering methods is the nontrivial identification of appropriate m... |

16 |
Mining (Social) Network Graphs to Detect Random Link Attacks,”
- Shrivastava, Majumder, et al.
- 2008
(Show Context)
Citation Context ... degree and identifies several with improbably poor reconstruction. (c) shows their suspicious profiles with matching glyphs (see text for details). B. Graph-traversal based methods Shrivastava et al =-=[15]-=- use random walks to detect randomlink attacks. Ghosh et al [5] proposes a PageRank-like approach to penalizing promiscuous users on Twitter, Beutel et al propose the CopyCatch algorithm [2] which use... |

10 |
Eigenspokes: Surprising patterns and community structure in large graphs
- Prakash, Seshadri, et al.
- 2010
(Show Context)
Citation Context ...ectral (eigendecomposition or singular value decomposition) analysis of the adjacency matrix as spectral methods. They include Prakash et al’s work on the SpokEn algorithm for the EigenSpokes pattern =-=[13]-=- and Jiang et al’s work on spectral subspaces of social networks [7]. These works both use the Singular Value Decomposition (SVD) of the input graph’s adjacency matrix to group similar users and objec... |

5 | Spectrum Based Fraud Detection in Social Networks,”
- Ying, Wu, et al.
- 2011
(Show Context)
Citation Context ...ang et al’s work on spectral subspaces of social networks [9] are two such approaches that we will primarily focus on and which have been employed on real datasets to detect suspicious link behavior. =-=[21]-=- uses a similar analysis of spectral patterns, but focuses on random link attacks (RLAs), which have different properties than link fraud and therefore produce different patterns. These works utilize ... |

4 |
et al. Adversarial classification
- Dalvi, Domingos, et al.
- 2004
(Show Context)
Citation Context ... malicious Tweets and finds that blacklisting approaches are too slow to stem the spread of Twitter spam. OddBall [1] proposes features based on egonets to find anomalous users on weighted graphs. In =-=[3]-=- and [10] the authors take a game theoretic approach to learning simple classifiers over generic features to detect spam. While related in the adversarial perspective, these approaches focus on genera... |

4 | CoBaFi: Collaborative Bayesian Filtering.
- Beutel, Murray, et al.
- 2014
(Show Context)
Citation Context ... directly searching for suspicious behavior, spectral methods have been used for a variety of applications. [14] builds off the above work to use tensor decomposition for network intrusion detection. =-=[2]-=- proposes a robust collaborative filtering model that clusters latent parameters to limit the impact of fraudulent ratings from potential adversaries. [17] and [8] propose using eigenvectors of graph ... |

3 | Inferring strange behavior from connectivity pattern in social networks
- Jiang, Cui, et al.
- 2014
(Show Context)
Citation Context ...of the adjacency matrix as spectral methods. They include Prakash et al’s work on the SpokEn algorithm for the EigenSpokes pattern [13] and Jiang et al’s work on spectral subspaces of social networks =-=[7]-=-. These works both use the Singular Value Decomposition (SVD) of the input graph’s adjacency matrix to group similar users and objects based on their projections. Recall that the SVD of a u×o matrix A... |

1 |
Malspot: Multi2 malicious network behavior patterns analysis
- Mao, Wu, et al.
- 2014
(Show Context)
Citation Context ...uthors use these patterns to chip out communities of similar users from input graphs. Beyond directly searching for suspicious behavior, spectral methods have been used for a variety of applications. =-=[14]-=- builds off the above work to use tensor decomposition for network intrusion detection. [2] proposes a robust collaborative filtering model that clusters latent parameters to limit the impact of fraud... |