Abstract

Recently Online Social Networks (OSNs) are enjoying a continuous boom, while suffering from omnifarious malicious attacks. Cloning attack is one of the attack patterns towards online social networks, where typically the attacker disguises fake accounts as real users by thieving and copying their profiles, and sends friend requests to the friends of the cloned victim. It is difficult for ordinary users to detect these fake identities because of the identical names and similar profile information. In this paper, we raise two possible improvements, namely snowball sampling and iteration attack, to the regular attack pattern upgrading its efficiency and power, so that the attackers can more easily engage into the community. An experiment has been conducted on Renren, the largest OSN in China, to fully compare and substantiate the effectiveness of the enhanced strategy with traditional attacks and different levels of cloning attacks. Then we discuss approaches to detect cloning attacks and put forward a detector named CloneSpotter, which can be deployed into OSN servers. The detector takes advantage of the detailed login IP records and provides solid evidence of locations, in order to judge whether the suspicious accounts are manipulated by real users or attackers. Besides, we discuss a content-based approach to protect users from cloning attacks, which can be easily implemented into distributed clients.