Charles Perez

SPOT 1.0: Scoring Suspicious Profiles on Twitter

Everyday more than fifty million messages are generated by about two hundred million profiles on Twitter. Some users attempt to exploit the success of this micro logging platform and its relative freedom to perform malicious actions that can lead to identity or data theft. This work aims to propose a framework to assess suspicious behavior on Twitter. We present a tool developed for Scoring Suspicious Profiles On Twitter (SPOT1.0) through a three-dimensional indicator that involves the degree of aggressiveness, the visibility and the level of danger.

Multi-layer Crisis Mapping: A Social Media-Based Approach

During the sudden catastrophic events that have occurred in this last decade, social media have proven their importance in the creation and management of ad-hoc crisis communities. These platforms are increasingly used as complementary support tools for conventional crisis management teams. Recent disasters (e.g. Haiti, Australia, Japan, Mexico, etc.) have demonstrated their real potential in providing support to emergency operations for crisis management. However, several questions remain unanswered regarding the efficiency of their usage and especially their integration into the conventional information collection systems (technological sensors, cameras, SMS, etc.) usually used for crisis mapping. This paper aims to present multi-layer crisis mapping using a social media-based approach. We propose a generic step-by-step methodology as an integrated approach that connects a set of needs to a set of appropriate responses. The concept presented in this paper is the need/solution matrix, which plays a key role in the design of a multi-layer crisis map. The paper ends with an experiment with the well-known Twitter microblogging platform.

Indirect Information Linkage for OSINT through Authorship Analysis of Aliases

In this paper we examine the problem of automatically linking online accounts for open source intelligence gathering. We specifically aim to determine if two social media accounts are shared by the same author, without the use of direct linking evidence. We profile the accounts using authorship analysis and find the best matching guess. We apply this to a series of Twitter accounts identified as malicious by a methodology named SPOT and find several pairs of accounts that belong to the same author, despite no direct evidence linking the two. Overall, our results show that linking aliases is possible with an accuracy of 84%, and using our automated threshold method improves our accuracy to over 90% by removing incorrectly discovered matches.

The Multi-layer Imbrication for Data Leakage Prevention from Mobile Devices

The convergence of mobile and online social network technologies has led to the emergence of mobile social applications available through stores for mobile devices. Nowadays, one can observe the proliferation of mobile social networks and the diversity of digital profiles for a unique person. In this work, we propose to model the multiple facets of one digital life from the data available on his smartphone. More specifically, we investigate the interactions and connections that may exist between the multiple digital faces of an individual. We provide a set of indicators that measure the level of imbrication of a contact that belongs to the egocentric social network of a smartphone user. We prove the efficiency of these features for the detection of illegitimate contacts by link prediction on a case study of Facebook. This application shows that local information stored on mobile devices can participate to the prevention of data leakage on online social networks.

A dynamic approach to detecting suspicious profiles on social platforms

The combined success of social networking sites and smartphones has changed the way people communicate. It is now possible to publish and track contents in real time at any time and from anywhere. The large number of users on social platforms constitutes an unprecedented opportunity for attack for malicious users. Social engineering techniques, spammers, phishing and malicious attacks are examples of threats that can lead to data loss, data theft, identity theft, etc. The detection of suspicious messages or profiles is mainly covered in the literature as a binary and static classification problem. In this paper, we propose a dynamic behavioral framework for identifying suspicious profiles on social networking sites. This approach is based on three indicators: balance, energy and anomaly, synthesized from daily activities of users. We demonstrate that sensing users regularly, even on few indicators, enables suspicious behaviour to be predicted with a high level of accuracy. The low calculation costs of the approach makes it embeddable into smartphones of social networking users for inferring trust scores to their contacts.

A smartphone-based online social network trust evaluation system

Abstract The number of smartphone users has increased significantly over the last decade. The number of people using social networking sites is also increasing, and these platforms offer many features through which individuals can communicate with their contacts. The digital sphere is an opportunity for communication, but it is also an unprecedented arena for malicious attacks. The high quantity of personal and/or sensitive data, coupled with the large number of users, is one of the main motivations of malicious actors. We introduce in this paper a novel trust indicator for evaluating the contacts of an online social network user. This analysis is particularly important since the security policy of online social networks rests on the principle that a user’s contact is a person of trust. This assumption, not always verified as true, gives any number of people access to personal information. To address this problem, we propose applying a multi-layer model and extend it by proposing overlapping features that highlight the level of overlap of a contact belonging to the set of social networking friends of a smartphone user. We prove the efficiency of these features in evaluating trust using a case study with Facebook and Twitter.

REPLOT: REtrieving profile links on Twitter for suspicious networks detection

In the last few decades social networking sites have encountered their first large-scale security issues. The high number of users associated with the presence of sensitive data (personal or professional) is certainly an unprecedented opportunity for malicious activities. As a result, one observes that malicious users are progressively turning their attention from traditional e-mail to online social networks to carry out their attacks. Moreover, it is now observed that attacks are not only performed by individual profiles, but that on a larger scale, a set of profiles can act in coordination in making such attacks. The latter are referred to as malicious social campaigns. In this paper, we present a novel approach that combines authorship attribution techniques with a behavioural analysis for detecting and characterizing social campaigns. The proposed approach is performed in three steps: first, suspicious profiles are identified from a behavioural analysis; second, connections between suspicious profiles are retrieved using a combination of authorship attribution and temporal similarity; third, a clustering algorithm is performed to identify and characterise the suspicious campaigns obtained. We provide a real-life application of the methodology on a sample of 1,000 suspicious Twitter profiles tracked over a period of forty days. Our results show that a large set of suspicious profiles behaves in coordination (70%) and propagates mainly, but not only, trustworthy URLs on the online social network. Among the three largest detected campaigns, we have highlighted that one represents an important security issue for the platform by promoting a significant set of malicious URLs.

Familiar strangers detection in online social networks

Online social networks and microblogging platforms have collected a huge number of users this last decade. On such platforms, traces of activities are automatically recorded and stored on remote servers. Open data deriving from these traces of interactions represent a major opportunity for social network analysis and mining. This leads to important challenges when trying to understand and analyse these large-scale networks better. Recently, many sociological concepts such as friendship, community, trust and reputation have been transposed and integrated into online social networks. The recent success of mobile social networks and the increasing number of nomadic users of online social networks can contribute to extending the scope of these concepts. In this paper, we transpose the notion of the Familiar Stranger, which is a sociological concept introduced by Stanley Milgram. We propose a framework particularly adapted to online platforms that allows this concept to be defined. Various application fields may be considered: entertainment, services, homeland security, etc. To perform the detection task, we address the concept of familiarity based on spatio-temporal and attribute similarities. The paper ends with a case study of the well-known microblogging platform Twitter.