Detecting Social Malware and its Ecosystem in Online Social Networks
- Author(s): Rahman, md sazzadur
- Advisor(s): Faloutsos, Michalis
- et al.
Online social networks (OSNs) have become the new vector for cybercrime, and hackers are finding new ways to propagate spam and malware on these platforms, which we refer to as social malware. As we show here, social malware cannot be identified with existing security mechanisms (e.g., URL blacklists), because it exploits different weaknesses and often has different intentions.
In this dissertation, we show that social malware is prevalent in Facebook, the largest OSN to date with more then a billion users and develop an efficient and scalable social malware detection system that takes advantage of the social context of posts. We deploy this detection system as a Facebook app called MyPageKeeper to protect Facebook users from social malware. We find that our detection method is both accurate and efficient. Furthermore, we show that, social malware significantly differs from traditional email spam or web-based malware.
One of the major factors for enabling social malware is malicious third-party apps. We show that such malicious apps are also widespread in Facebook. Therefore, to identify malicious apps, we ask the question: given a Facebook application, can we determine if it is malicious? Our key contribution in this part is in developing FRAppE--Facebook's Rigorous Application Evaluator--arguably the first tool focused on detecting malicious apps on Facebook. We identify a set of features that help us distinguish malicious apps from benign ones. For example, we find that malicious apps often share names with other apps, and they typically request fewer permissions than benign apps. Then, leveraging these distinguishing features, we show that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a low false negative rate (4.1%). Finally, we explore the ecosystem of malicious Facebook apps. We identify mechanisms these apps use to propagate and find that many apps collude and support each other.