000000328 001__ 328
000000328 005__ 20191121161157.0
000000328 037__ $$aLERSSE-RefConfPaper-2018-003
000000328 100__ $$aHassan Halawa
000000328 245__ $$aForecasting Suspicious Account Activity at Large-Scale Online Service Providers
000000328 260__ $$c2018-11-29
000000328 300__ $$amult. p
000000328 520__ $$aIn the face of large-scale automated social engineering attacks to large online services, fast detection and remediation of compromised accounts are crucial to limit the spread of the attack and to mitigate the overall damage to users, companies, and the public at large. We advocate a fully automated approach based on machine learning: we develop an early warning system that harnesses account activity traces to predict which accounts are likely to be compromised in the future. We demonstrate the feasibility and applicability of the system through an experiment at a large-scale online service provider using four months of real-world production data encompassing hundreds of millions of users. We show that—even limiting ourselves to login data only in order to derive features with low computational cost, and a basic model selection approach—our classifier can be tuned to achieve good classification precision when used for forecasting. Our system correctly identifies up to one month in advance the accounts later flagged as suspicious with precision, recall, and false positive rates that indicate the mechanism is likely to prove valuable in operational settings to support additional layers of defense.
000000328 6531_ $$aForecasting
000000328 6531_ $$aMachine Learning for Security
000000328 6531_ $$aBig Data Analytics for Security
000000328 6531_ $$aLarge-Scale Cyberattacks
000000328 6531_ $$aCloud Security
000000328 700__ $$aKonstantin Beznosov
000000328 700__ $$aBaris Coskun
000000328 700__ $$aMeizhu Liu
000000328 700__ $$aMatei Ripeanu
000000328 8560_ $$flersse-it@ece.ubc.ca
000000328 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/328/files/FC19-1-CameraReady-a.pdf
000000328 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/328/files/FC19-1-CameraReady-a.pdf?subformat=pdfa$$xpdfa
000000328 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/328/files/Final-verson.pdf
000000328 909C4 $$pIn the proceedings of Twenty-Third International Conference on Financial Cryptography and Data Security (FC'19), St. Kitts, 2019
000000328 980__ $$aRefConfPaper