MAFIA: Malicious Facebook Page Identification
MetadataShow full item record
Facebook has been a host to many different attack vectors, such as malicious apps that use their permissions to spread malware and compromise user accounts to spam inboxes and walls. We have discovered another method of launching attacks that is sneakier and less intrusive - Facebook pages. Facebook pages largely draw users by promising interesting features or downloads; they do not require their audience to provide anything in return, and they use their large followings to distribute and promote malware. Facebook pages are easy to create, are not verified for safety/authenticity, and need no permissions. They vastly outnumber Facebook applications, and collude in a less obvious way. This work attempts to establish the legitimate nature of this attack channel as a cause for concern and determine a method to expose the vectors. We propose MAFIA - Malicious Facebook Page Identification, which uses machine learning and careful system analysis to determine which Facebook pages are likely to distribute malware. Due to the nature of their deception, we find some mention worthy features and trends, and see that a significant number of users are exposed to these threats on a daily basis. We propose using the Page-friend graphs to gain further insight into the nature of Page relationships shown by benign vs malicious pages. Since Facebook pages have a different set of restrictions (unlike Twitter or LinkedIn) regarding friend-relationships, we utilize the reciprocal-edge graph between pages and their posting information with decision-tree based variants to accurately determine what features contribute the most to the identification of malicious pages in the Facebook ecosystem. Initial implementation and results reflect on the efficacy of our system.
Thothathri, Visvanathan (2016). MAFIA: Malicious Facebook Page Identification. Master's thesis, Texas A & M University. Available electronically from