网络与信息安全学报2024,Vol.10Issue(4) :143-158.DOI:10.11959/j.issn.2096-109x.2024060

基于时空行为与静态属性分析的陌陌应用恶意用户检测方法

Malicious user detection in Momo application based on spatio-temporal behavior and static attribute analysis

杨海峰 杜少勇 魏果 时文旗 罗向阳
网络与信息安全学报2024,Vol.10Issue(4) :143-158.DOI:10.11959/j.issn.2096-109x.2024060
  • 维普
  • 万方数据

基于时空行为与静态属性分析的陌陌应用恶意用户检测方法

Malicious user detection in Momo application based on spatio-temporal behavior and static attribute analysis

杨海峰 1杜少勇 2魏果 2时文旗 2罗向阳2
扫码查看

作者信息

  • 1. 郑州大学网络空间安全学院,河南 郑州 450002;河南省网络空间态势感知重点实验室,河南 郑州 450001
  • 2. 河南省网络空间态势感知重点实验室,河南 郑州 450001
  • 折叠

摘要

陌陌是一款流行的移动社交应用,其中存在实施诈骗、网赌网贷等网络违法犯罪活动的恶意用户,发现陌陌中的恶意用户具有重要意义.然而,陌陌应用具有用户间社交关系松散、发布文本内容有限等特点,导致现有恶意用户检测方法难以准确刻画用户特征,检测准确率低.为此,提出一种基于用户时空行为与静态属性分析的恶意用户检测方法.基于陌陌提供的位置服务,搜集用户在线时间、位置、异常标签等数据,构建用户时空信息数据集;对比数据集中正常用户与具有异常标签的恶意用户的在线时间和位置分布差异,分析恶意用户的时空行为特征;基于用户在不同时间段的在线概率刻画用户的时间行为特征,基于用户历史位置分布的聚集程度刻画用户的空间行为特征;最后,融合已获得的时空行为特征与性别属性训练用户分类模型,检测恶意用户.基于收集的67 280个陌陌用户的1 894 917条数据,开展了恶意用户检测实验,结果表明,提出的方法能够有效检测出恶意用户,特别是针对历史发布内容较少的恶意用户时,所提方法正确分类恶意用户的能力显著优于代表性方法SybilSCAR和DatingSec,AUC-ROC和AUC-PR分别提升4.6%以上和19.88%以上.

Abstract

Momo,a popular mobile social application,has attracted a significant number of malicious users en-gaged in illegal online activities such as fraud,online gambling,and illegal lending.The detection of these mali-cious users is of great importance.However,the loose social relationships between users and the limited textual content on Momo have made it challenging for existing methods to accurately characterize user features,resulting in low detection accuracy.To address this issue,a malicious user detection method based on the analysis of user spatio-temporal behavior and static attributes was proposed.Firstly,a user spatio-temporal information dataset was constructed by collecting user online time,location,and abnormal labels data provided by Momo's location ser-vice.Then,the differences in online time and location distribution between normal users and malicious users with abnormal labels in the dataset were compared to analyze the spatio-temporal behavior characteristics of malicious users.Subsequently,the temporal behavior characteristics of users were characterized by the online probability of users in different time periods,and the spatial behavior characteristics of users were characterized by the degree of clustering of users'historical location distribution.Finally,the obtained spatio-temporal behavior features and gen-der attributes were combined to train a user classification model for malicious user detection.A malicious user de-tection experiment was conducted based on 1,894,917 data points collected from 67,280 Momo users.The results demonstrate that the proposed method could effectively detect malicious users,especially for those with fewer his-torical content publications.The proposed method exhibits significantly better performance in correctly classifying malicious users compared to representative methods such as SybilSCAR and DatingSec,with an improvement of over 4.6%in AUC-ROC and over 19.88%in AUC-PR.

关键词

陌陌/恶意用户检测/时空行为/机器学习

Key words

Momo/malicious user detection/spatio-temporal behavior/machine learning

引用本文复制引用

基金项目

国家重点研发计划(2022YFB3102900)

国家自然科学基金(U23A20305)

国家自然科学基金(62172435)

国家自然科学基金(62372465)

国家自然科学基金(62002386)

河南省重点研发项目(221111321200)

河南省自然科学青年基金(232300421098)

出版年

2024
网络与信息安全学报
人民邮电出版社

网络与信息安全学报

CSTPCD
ISSN:2096-109X
段落导航相关论文