USING SOCIAL GRAPHS TO COMBAT MALICIOUS ATTACKS
First Claim
1. A method for classifying a user account, comprising:
- constructing a directed graph of user accounts within a provider system, wherein a node of the directed graph is associated with the user account and an edge of the directed graph is determined by a direction of communications sent or received by the user account associated with the node;
constructing an undirected graph of user accounts within a provider system, wherein a node of the undirected graph is associated with the user account and an edge of the undirected graph is determined by one of a social relationship and communication patterns of the user account associated with the node;
determining a biggest connected component of the undirected graph; and
classifying user accounts in the biggest connected component as a set of good users.
2 Assignments
0 Petitions
Accused Products
Abstract
Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users'"'"' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified.
-
Citations
20 Claims
-
1. A method for classifying a user account, comprising:
-
constructing a directed graph of user accounts within a provider system, wherein a node of the directed graph is associated with the user account and an edge of the directed graph is determined by a direction of communications sent or received by the user account associated with the node; constructing an undirected graph of user accounts within a provider system, wherein a node of the undirected graph is associated with the user account and an edge of the undirected graph is determined by one of a social relationship and communication patterns of the user account associated with the node; determining a biggest connected component of the undirected graph; and classifying user accounts in the biggest connected component as a set of good users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for classifying user accounts, comprising:
-
a cluster of computing devices, each computing device having a processor; a memory communicatively coupled to the processor; and an account management framework that executes in the processor from the memory and that, when executed by the processor, causes the system to register a user account in a registration component, to perform a vouching process that validates the user account in accordance with a social graph associated with the user account at a vouching component, and to classify the user account into either a trusted component or a quarantine component based on whether the user account is a legitimate user account or a malicious user account, respectively. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. An email system providing malicious user account detection, comprising:
-
an email server that processes email sent to and from uniquely identified user accounts, the email server maintaining information about processed email and the uniquely identified user accounts in a database; and a detection server that receives the information about the email from the email server and analyzes the information in accordance with a directed graph and an undirected graph constructed about the uniquely identified user accounts, wherein each node of the directed graph and the undirected graph is associated with each uniquely identified user account and each edge of the directed graph is determined by a direction of emails sent or received by the uniquely identified user account associated with each node, and wherein the undirected graph is analyzed to determine biggest connected components of the undirected graph, and a connectivity of each node to the biggest connected components to classify the node. - View Dependent Claims (20)
-
Specification