Discovering hidden suspicious accounts in online social networks

Hidden suspicious accounts are sparsely connected in social graphs; however, certain suspicious messages are usually forwarded in bulk to extend their overall propagation scope. Existing anti-attack methods only detect single messages or accounts. Because most algorithms rely on the connection relations among the accounts in social graphs, they may repeatedly detect the same account. Furthermore, these hidden suspicious accounts cannot be identified and eliminated completely. Therefore, messages forwarded by hidden suspicious accounts should be merged, and the accounts should be eliminated simultaneously rather than individually. This paper introduces the forwarding message tree, which combines accounts based on the relations among their forwarded messages. Our approach clearly exposes the inner relations among hidden suspicious accounts and conveniently deletes those accounts. First, we present the forwarding message tree and identify six effective features: the forwarding layer relation, propagation depth, propagation breadth, repeated forwarding behavior, propagation speed, and average tree weight. Next, to illustrate the effectiveness of these features, we incorporate them into machine learning algorithms. The detection accuracy and false-positive rates for a real dataset collected from an online social network are 95.32% and 0.5%, respectively. Most of the proposed features rate at the top of a gain ranking. We conclude that the forwarding message tree can indeed detect and delete hidden suspicious accounts.