Microsoft researchers are studying how to differentiate spammer email accounts from legitimate users' accounts. The researchers found that attacker accounts do not have friends, do not use instant messaging, and do not receive emails.
"Essentially, all the legitimate users are going to be connected in some way into communities," says Microsoft's Yinglian Xie. "Attackers are more isolated users on the connectivity graph."
The researchers anonymized the data and developed a social graph for online service security. "The well-connected dots represent communities of normal users, while the outlying, minimally connected dots could indicate malicious users," Xie says. Although the technique might label legitimate users as malicious because they do not have many connections, the researchers say it is unlikely that a private person would be found in the same regions of the graph as attackers. Xie notes that the increasing use of cloud computing will make available much more data for analysis, particularly that of normal users.
"The normal users don't evolve rapidly, don't change rapidly, but attackers' could," says Microsoft's Fang Yu. "Focusing on normal users helps us to better distinguish normal users, rather than chasing the others."
From Network World
View Full Article
No entries found