Slashdot Mirror

← Back to Stories (view on slashdot.org)

Graphing Internet Interaction To Spot Spammers

Posted by samzenpus on from the friends-don't-spam dept.

Gunkerty Jeb writes "Spammers, it turns out, aren't like everyone else: they have fewer friends. 'Social Graphs for Online Service Security,' a study done by researchers Yinglian Xie and Fang Yu, uses studies of legitimate and malicious social network usage to spot bogus email accounts that are used to push spam, malware, and otherwise malicious links. The researchers are analyzing natural social connections between users on the Web that are difficult for attackers or botnets to replicate. Spotting a spammer isn't hard, they say, when you look at his or her patterns of communication."

27 of 53 comments (clear)

  1. Re:Spam emails always have something misspelled by Anonymous Coward · · Score: 1

    And if it was a written rule, it would be misspelled.

  2. That's because it's not required yet. by JLennox · · Score: 5, Interesting

    I used to run a 200~400+ user IRC channel on DALnet over a decade ago and we would get spammers in there.

    So I made a bot that would rejoin the channel at a set interval and ban anyone who messaged it.

    Then they made them detect that it was an op's ip, even though the bot wasn't op. So I started using a different host name.

    Then they made it so that the bot used 2 connections, one to send the message and wasn't in the channel, and one to sit in the channel to tell the other connection who to spam. So I made my bot detect the identical hosts.

    Then they started using different hosts. So I made it log who has and hasn't talked in the channel and notify me. I'd whois those people and join the other channels they were in waiting to find a common channel getting spammed. I'm assuming if they realized the weak link in the chain was me detecting who has and hasn't talked, they'd of made it say hurf durf randomly.

    Once you require the spam bots to have friends, they'll have friends. Your solution is a temporary one.

    1. Re:That's because it's not required yet. by rm999 · · Score: 4, Insightful

      I work in preventing fraud, and I completely agree with your point. In any kind of maliciousness detection, there will be patterns you can find that will immediately stop a large % of the bad guys. But the bad guys won't retire, they will run to another corner, and you will have to chase them.

      That isn't to say it's not worth trying to stop them. Quite the opposite: the more you chase them around, the more robust your system becomes, and the harder it will be for casual bad guys to attack your system.

    2. Re:That's because it's not required yet. by Nerdos · · Score: 1

      This reminds me of a short story by Cory Doctorow (what ever you might think of him) called "I, rowboat". It's mentioned in the story that AI emerged from the arms race between more and more sophisticated spamming and anti-spam software duking it out.

    3. Re:That's because it's not required yet. by GameboyRMH · · Score: 1

      I've had various Slashdot spammers (posting binspam articles to the firehose) friend me, maybe they're more ahead of the curve than we know...

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  3. Slippery slope by Tsar · · Score: 4, Insightful

    I'm starting to think that a social graph is going to be the 21st century version of the fingerprint, except it will describe WHAT you are rather than WHO you are. Botnet, AI, Muslim, Baptist, college-educated straight Irish-American middle-child female... Who'd like to guess what the total annual budget is already for this kind of research? How much money and manpower would the Department Homeland Security be willing to invest to keep Facebook et al popular with their target audience, so the cheap social graph data keeps flowing?

    1. Re:Slippery slope by Jstlook · · Score: 1

      It's called marketing, in one guise. The annual marketing budget in 2008 was roughly 412 billion dollars, as per one site. I highly doubt that takes into consideration the money spent on government uses, such as the Census (14.7 billion dollars), the alphabet soup - FBI, DOD(incl. NSA), CIA, DHS, et cetera (annual budget of 7.9 billion, 664 billion, 44 billion in 2005, 85.2 billion, respectively). I'd feel confident saying that this barely touches the amount of money that is actually thrown at demographics in general. It's interesting to note how large the DHS budget actually is though.

      --
      ---jstlook ---For that is the way of Elves, for they say both yes AND no, and mean every word of it. --- J.R.R.T.
  4. I am not a spammer! by Anonymous Coward · · Score: 2, Funny

    I'm just socially awkward is all...

    1. Re:I am not a spammer! by That+Guy+From+Mrktng · · Score: 2

      Or You can have a personality dissorder that makes you avoid any social interaction, maybe you joined Facebook with the hope of finding some friends and old classmates, but you quickly lose all interest in FB, Your social network fingerprint now depicts you as a Spammer?.

      I'm just waiting for the study (duh-science FTF) showing that top criminals are not in Facebook, hence, anybody not in Facebook is a potential criminal.

      "You must post at least 3 updates/hour in you FB wall to deserve our Victory Gin, citizen"

    2. Re:I am not a spammer! by Ihmhi · · Score: 2

      1 @M @ F@1R 8IT 5OCI@LLY @WKW@RD MYS3LF, 5O 1 UND3RST@ND. @ND FOR SOM3 R3@SON MY FRI3NDS N3V3R G3T MY 3-MAILS.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
  5. Isn't this a lot like Google's PageRank? by Solandri · · Score: 2

    Except applied to email addresses instead of websites? It works great at first. Then the spammers start creating artificial networks between their bots and fake sites/emails, to make them look more like legit sites/email addresses. And soon you need a multi-billion dollar company constantly working to refine it to keep it one step ahead of the spammers.

  6. Friends don't let friend spam? by ackthpt · · Score: 2

    Perhaps another way of looking at it is it, some entrepeneurs are asocial - they don't mind enriching themselves at the expense of others - i.e. I'll sell "Hydrolizing Cream" to you to make money for myself, not minding that the stuff I bottle, label and sell is just a bulk cream containing lanolin and/or glycerin. If you're so stupid to buy it, I'm not going to lose sleep over it.

    --

    A feeling of having made the same mistake before: Deja Foobar
  7. Not exactly insightful by kelemvor4 · · Score: 1

    "Spammers, it turns out, aren't like everyone else: they have fewer friends.

    Spammers are assholes, assholes don't have as many friends as non assholes. It wasn't that hard to put together.

  8. According to Microsoft researchers by fatphil · · Score: 3, Funny

    Spam will be a thing of the past in two years' time.
            * BBC News (24 January 2004)

    --
    Also FatPhil on SoylentNews, id 863
    1. Re:According to Microsoft researchers by jellomizer · · Score: 1

      With Google g-mail and many other "Cloud" based email servers Spam isn't nearly as much of a problem as it was back in 2004. Sure they are still spammer but the stuff really gets filtered away into the Spam bucket very well now. The biggest Spam gettters are people who think they should host their own email server because they figure they can do it much better then Google.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:According to Microsoft researchers by Anonymous Coward · · Score: 1

      I know. They are a thing of thfoot massage centrale past, we shoulnd't be worrying about it anBuy Hangover 2 DVDymore, now that us humans are smabuy rift platinumrt enough to not fall for their traps.

      Unless i'm of coGet Your University of Phoenix Degree Onlineurse, wrong and that we're headed toward a idiocracy benefitting these con artiVIZAGRAsts.

  9. Chain emails? by psithurism · · Score: 5, Funny

    Don't you think this might incorrectly flag people who send out lots of chain emails to all their friends?

    I, for one, hope so.

    1. Re:Chain emails? by 140Mandak262Jamuna · · Score: 1

      Don't you think this might incorrectly flag people who send out lots of chain emails to all their friends?

      I, for one, hope so.

      My! you talk as though that is a bad thing!

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    2. Re:Chain emails? by _0xd0ad · · Score: 1

      Your ideas interest me and I would like to subscribe to your newsletter...

      (so I can forward it to all my friends)

  10. Re:Spam emails always have something misspelled by The+Archon+V2.0 · · Score: 2
    "Fascinating ass" just leaves the image of someone mooning a bar brawl and everyone stopping to stare, transfixed. Or, perhaps, a captivating donkey.

    (Sigh.) Oh, Spamusement, how I miss thee.

  11. Stop fucking buying from them by ronmon · · Score: 1

    Is it really that big of a mystery?

    1. Re:Stop fucking buying from them by GameboyRMH · · Score: 2

      I'd like to know who buys from spammers. I know old grannies fall for 419s but WHO BUYS FROM SPAMMERS!?

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  12. Plz mod me down. by 140Mandak262Jamuna · · Score: 2

    Responded without reading the posting in full. Running away shamefacedly.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  13. Spam is ironic... by Paul+Fernhout · · Score: 1

    ...because email is a tool of creating abundance (a better world), but spammers are still caught up with fighting over scarcity, and so they damage the system (email) that coudl bring material and social abundance to all (even the spammers).

    --
    A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
  14. no shit by deyknow · · Score: 1

    no shit

  15. Desperation to justify the Social Graph by water-and-sewer · · Score: 1

    For a long time now there's been speculation that "getting" someon'es social graph will be valuable. In practice it hasn't yet played out. The value of IPOs like Facebook is largely based on the suspicion that having all that information on how people network will be valuable. This looks like an attempt to prove the info can be valuable. But they haven't exactly done an overwhelming job of convincing us, if this is the best they can do.

    --
    If this were Usenet, I'd killfile the lot of you.
  16. Re:Thanks for the reply & I get your point but by Bengie · · Score: 1

    "Opera's great, Chrome too... but why haven't they done a 64-bit port for example?"

    All of the plug-ins must be ported to 64bit also as a 64bit app can't link to a 32bit DLL. Adobe is dragging it's feet on Flash-64bit. I'm sure there are others.