The document discusses various techniques for detecting Sybil accounts in online social networks including structure-based defenses using random walks, trust propagation, and machine learning algorithms. It notes the ideal properties of a Sybil detection system and challenges including adaptive attackers and the difficulty of evaluating defenses. It suggests making Sybil accounts less profitable, building more effective and cheaper defenses, and moving toward Sybil-tolerance. The document also recommends distinguishing between types and stages of Sybil accounts to improve detection.

1. Sybil Detection in OSN
Mayank Dhiman

2. Sybil Attack

3. Social Networks

4. Ideal Sybil Defense
● Practically Deployable
● Low False Positives and Low False Negatives
● Detect All types of sybil attacks
● Flexible against different attack campaigns
● Adaptive to different attackers strategies
● Shouldn’t be easy to circumvent
● Cheap and Easy to implement

5. Structure Based Sybil Defenses
● Random Walk
● Mixing Time
● Random Route
Source: Detecting Clusters of Fake Accounts in Online Social Networks

6. Limitations

7. Community Detection
Mislove’s Algorithm, ACL

8. Trust Propagation

9. Classification (ML)

10. Machine Learning
● LDA (Linear Discriminant Analysis)
● PCA (Principal Component Analysis)
● SVM Classifier
● FIS (Facebook Immune System)

11. Limitations

12. Sybil Detection At Scale
Exploit Attacker Constraint

13. Sybil Detection At Scale
● EVILCOHORT
● SynchoTrap
● COMPA

14. Activity-Based Detection
Clickstream Mining

15. Human-in-the-loop
Crowdsourcing

16. Discussion

17. Ideal Sybil Defense
● Practically Deployable
● Low False Positives and Low False Negatives
● Detect All types of sybil attacks
● Flexible against different attack campaigns
● Adaptive to different attackers strategies
● Shouldn’t be easy to circumvent
● Cheap and Easy to implement

18. Major Challenges
● Sybil Accounts are Profitable
● Adaptive Attacker
● Hard to capture and summarize sybil behavior

19. Hard to Evaluate Defenses
● No way to measure false positives and false negatives
● No way to look at effectiveness
● Look at prices in underground market

20. Can’t Eliminate Sybil Accounts
● Game Theory -- Attacker Defender Game reaches Equilibrium
● Cost of building defenses should be less than loses due to these accounts

21. What can we do?
● Make it harder to monetize
● Build effective defenses
● Build cheaper defenses
● Move towards sybil-tolerance

22. Distinguish Between Types of Sybils
● New vs Compromised
● Human-controlled vs Bot

23. Distinguish Between Stages of a Sybil Account
● Account Creation
● Friend Acquisition
● Dormant Stage
● Account Activity Stage
● Campaign Stage

24. Potential Improvements
● Specialized Sybil Defenses
● Look at meaning of the content (images/text)
● Adversarial ML

25. Thanks!