Research On Data-driven Detection Model Of Abnormal User Behavior In Mobile Internet And Its Application

In recent years,with the rapid development and popularity of the mobile Internet,the secu-rity concerns have become increasingly prominent.This paper investigates three key components which are users,mobile devices and social network service platforms in the mobile Internet and proposes several security issues caused by abnormal users:1)On the client side,malicious users can use the owner's mobile device without agreement.That means there are untrusted human-computer interactions;2)On the server side,malicious users can use templates to automatically generate a large number of illegal text.That means spammers may create and propagate spam.In view of the above two problems,we build the threat model by studying the essence of the problem.We also analyze the limitations of existing work and propose novel solutions.On the client side,we propose a motion sensor-based unobtrusive real-time user authentication system.On the server side,we propose a template-based real-time spam detection system.We list the details as follows:An unobtrusive real-time user authentication system on mobile devices:Recent hardware advances have led to the development and consumerization of mobile devices,which mainly in-clude smartphones and various wearable devices.More and more users save their privacy-related information on mobile devices.To protect the privacy of users,passwords and biometrics have been widely used.However,these mechanisms usually require costly sensors deployed on devices,invoke sensitive APIs,and rely on explicit user input and Internet connection for performing user authentication,which can hardly meet the requirement of security,privacy,and usability jointly in mobile authentication.This paper studies the principles of motion sensors and proposes a sensor-based user authentication system,which can authenticate the ownership of mobile devices unobtru-sively and in a real-time manner by adopting a learning-based approach.Unlike previous studies on user authentication,our system only relies on those widely available and privacy-insensitive motion sensors to capture the data related to the users' daily device usage.It requires no users' ex-plicit input and has no requirement on the users' motion state or the device placement.Moreover,we address the issue of the imbalanced dataset with our stratified sampling and address the issue of missing of ground truth with a semi-supervised learning algorithm.With the design of offline verification,our system can protect the user in various challenging scenarios and effectively de-fend against brute-force attacks and mimicry attacks.We conduct comprehensive experiments on smartphones and smartwatches,which show that our system can authenticate device users rapidly and with high accuracyA real-time spam detection system in online social networks:Spam campaign activities in online social networks(OSNs)are increasing.In this paper,we empirically analyze the textual pattern of a large collection of OSN spam.An inspiring finding is that the majority of the collected spam is generated with underlying templates.Due to the absence of invariant substring,the preva-lence of noise and the heterogeneity of template-based spam,there is hardly any existing method(i.e.,sender profile featurcs-based,embedded URL information-based,statistical learning-based and invariant signature-based)that can independently detect the majority or most of OSN spam Based on the analysis,we propose an OSN spam detection system that performs online inspection on the stream of user-generated messages.It extracts the templates from part of spam detected by existing methods and then matching messages against the templates toward the accurate and the fast spam detection.It automatically divides the OSN spam into segments and uses the segments to construct templates to detect future spam.We address the issue of non-invariant substrings tem-plate reconstruction with our majority merge and matrix transformation approach and address the issue of the prevalence of noise with a sequence labeling algorithm.Also,we propose an online incremental clustering algorithm using transitive closure to address the heterogeneity issue.Ex-perimental results on Twitter and Facebook data sets show that our system is highly accurate and can rapidly generate templates to throttle newly emerged campaigns.Furthermore,we analyze the behavior of detected OSN spammers.We find a series of spammer properties—such as spamming accounts are created in bursts and a single active organization orchestrates more spam than all other spammers combined—that promise more comprehensive spam countermeasuresThis paper provides a useful exploration for the security of mobile devices and the healthy development of social networks.It has made effective contributions to the mobile Internet security ecosystem.