The success of online social networks has attracted a constant interest in attacking and exploiting them. Attackers usually control malicious accounts, including both fake and compromised real user accounts, to launch attack campaigns such as social spam, malware distribution, and online rating distortion. To defend against these attacks, we design and implement a malicious account detection system called SynchroTrap. We observe that malicious accounts typically perform loosely synchronized actions in a variety of social network contexts. Our system clusters user accounts according to the similarity of their actions and uncovers large groups of malicious accounts that act similarly at around the same time for a sustained period of time. We implement SynchroTrap as an incremental processing system on Hadoop and Giraph so that it can process the massive user activity data in a large online social network efficiently. We have deployed our system in five use cases at Facebook and Instagram. SynchroTrap was able to unveil more than two million malicious accounts and 1165 large attack campaigns within one month.

Ioannis Papagiannis is a software engineer on Facebook’s Site Integrity team in London. His is working on Facebook's clustering systems that are responsible for surfacing sets of users posting spam on the site. Before joining Facebook, he obtained his PhD on runtime taint tracking systems at Imperial College London under the supervision of Dr. Peter Pietzuch.