MAFIA: Malicious Facebook Page Identification
Abstract
Facebook has been a host to many different attack vectors, such as malicious apps that
use their permissions to spread malware and compromise user accounts to spam inboxes
and walls. We have discovered another method of launching attacks that is sneakier and less
intrusive - Facebook pages. Facebook pages largely draw users by promising interesting
features or downloads; they do not require their audience to provide anything in return,
and they use their large followings to distribute and promote malware. Facebook pages
are easy to create, are not verified for safety/authenticity, and need no permissions.
They vastly outnumber Facebook applications, and collude in a less obvious way.
This work attempts to establish the legitimate nature of this attack channel as a cause
for concern and determine a method to expose the vectors. We propose MAFIA - Malicious
Facebook Page Identification, which uses machine learning and careful system analysis
to determine which Facebook pages are likely to distribute malware. Due to the nature of
their deception, we find some mention worthy features and trends, and see that a significant
number of users are exposed to these threats on a daily basis.
We propose using the Page-friend graphs to gain further insight into the nature of
Page relationships shown by benign vs malicious pages. Since Facebook pages have a
different set of restrictions (unlike Twitter or LinkedIn) regarding friend-relationships,
we utilize the reciprocal-edge graph between pages and their posting information with
decision-tree based variants to accurately determine what features contribute the most to the identification of malicious pages in the Facebook ecosystem. Initial implementation
and results reflect on the efficacy of our system.
Citation
Thothathri, Visvanathan (2016). MAFIA: Malicious Facebook Page Identification. Master's thesis, Texas A & M University. Available electronically from https : / /hdl .handle .net /1969 .1 /158701.