Detecting Malicious Accounts in Online Developer Communities Using Deep Learning

Qingyuan Gong; Jiayun Zhang; Yang Chen; Qi Li; Yu Xiao; Xin Wang; Pan  Hui

doi:10.1145/3357384.3357971

Detecting Malicious Accounts in Online Developer Communities Using Deep Learning

Qingyuan Gong, Jiayun Zhang, Yang Chen, Qi Li, Yu Xiao, Xin Wang, Pan Hui

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

1 Citation (Scopus)

91 Downloads (Pure)

Abstract

Online developer communities like GitHub provide services such as distributed version control and task management, which allow a massive number of developers to collaborate online. However, the openness of the communities makes themselves vulnerable to different types of malicious attacks, since the attackers can easily join and interact with legitimate users. In this work, we formulate the malicious account detection problem in online developer communities, and propose GitSec, a deep learning-based solution to detect malicious accounts. GitSec distinguishes malicious accounts from legitimate ones based on the account profiles as well as dynamic activity characteristics. On one hand, GitSec makes use of users' descriptive features from the profiles. On the other hand, GitSec processes users' dynamic behavioral data by constructing two user activity sequences and applying a parallel neural network design to deal with each of them, respectively. An attention mechanism is used to integrate the information generated by the parallel neural networks. The final judgement is made by a decision maker implemented by a supervised machine learning-based classifier. Based on the real-world data of GitHub users, our extensive evaluations show that GitSec is an accurate detection system, with an F1-score of 0.922 and an AUC value of 0.940.

Original language	English
Title of host publication	CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management
Publisher	ACM
Pages	1251-1260
ISBN (Electronic)	978-1-4503-6976-3
DOIs	https://doi.org/10.1145/3357384.3357971
Publication status	Published - Nov 2019
MoE publication type	A4 Article in a conference publication
Event	ACM International Conference on Information & Knowledge Management - Beijing, Beijing, China Duration: 3 Nov 2019 → 7 Nov 2019 Conference number: 28 http://www.cikm2019.net/

Publication series

Name	ACM International Conference on Information & Knowledge Management
ISSN (Print)	2155-0751

Conference

Conference	ACM International Conference on Information & Knowledge Management
Abbreviated title	CIKM
Country	China
City	Beijing
Period	03/11/2019 → 07/11/2019
Internet address	http://www.cikm2019.net/

Keywords

security and privacy protection
online social network
Deep Learning

Access to Document

10.1145/3357384.3357971

ELEC_Gong_Detecting_malicious_CIKM2019Accepted author manuscript, 1.54 MB

Fingerprint Dive into the research topics of 'Detecting Malicious Accounts in Online Developer Communities Using Deep Learning'. Together they form a unique fingerprint.

1 Hosting a visitor

Yang Chen
Yu Xiao (Host)
27 Aug 2018 → 7 Sep 2018
Activity: Hosting a visitor types › Hosting a visitor

Cite this

Gong, Q., Zhang, J., Chen, Y., Li, Q., Xiao, Y., Wang, X., & Hui, P. (2019). Detecting Malicious Accounts in Online Developer Communities Using Deep Learning. In CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management (pp. 1251-1260). (ACM International Conference on Information & Knowledge Management). ACM. https://doi.org/10.1145/3357384.3357971

Gong, Qingyuan ; Zhang, Jiayun ; Chen, Yang ; Li, Qi ; Xiao, Yu ; Wang, Xin ; Hui, Pan . / Detecting Malicious Accounts in Online Developer Communities Using Deep Learning. CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management. ACM, 2019. pp. 1251-1260 (ACM International Conference on Information & Knowledge Management).

@inproceedings{ebaf6bd6e810428d914551dca3d808f0,

title = "Detecting Malicious Accounts in Online Developer Communities Using Deep Learning",

abstract = "Online developer communities like GitHub provide services such as distributed version control and task management, which allow a massive number of developers to collaborate online. However, the openness of the communities makes themselves vulnerable to different types of malicious attacks, since the attackers can easily join and interact with legitimate users. In this work, we formulate the malicious account detection problem in online developer communities, and propose GitSec, a deep learning-based solution to detect malicious accounts. GitSec distinguishes malicious accounts from legitimate ones based on the account profiles as well as dynamic activity characteristics. On one hand, GitSec makes use of users' descriptive features from the profiles. On the other hand, GitSec processes users' dynamic behavioral data by constructing two user activity sequences and applying a parallel neural network design to deal with each of them, respectively. An attention mechanism is used to integrate the information generated by the parallel neural networks. The final judgement is made by a decision maker implemented by a supervised machine learning-based classifier. Based on the real-world data of GitHub users, our extensive evaluations show that GitSec is an accurate detection system, with an F1-score of 0.922 and an AUC value of 0.940.",

keywords = "security and privacy protection, online social network, Deep Learning",

author = "Qingyuan Gong and Jiayun Zhang and Yang Chen and Qi Li and Yu Xiao and Xin Wang and Pan Hui",

year = "2019",

month = nov,

doi = "10.1145/3357384.3357971",

language = "English",

series = "ACM International Conference on Information & Knowledge Management",

publisher = "ACM",

pages = "1251--1260",

booktitle = "CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management",

note = "ACM International Conference on Information & Knowledge Management, CIKM ; Conference date: 03-11-2019 Through 07-11-2019",

url = "http://www.cikm2019.net/",

}

Gong, Q, Zhang, J, Chen, Y, Li, Q, Xiao, Y, Wang, X & Hui, P 2019, Detecting Malicious Accounts in Online Developer Communities Using Deep Learning. in CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management. ACM International Conference on Information & Knowledge Management, ACM, pp. 1251-1260, ACM International Conference on Information & Knowledge Management, Beijing, China, 03/11/2019. https://doi.org/10.1145/3357384.3357971

Detecting Malicious Accounts in Online Developer Communities Using Deep Learning. / Gong, Qingyuan; Zhang, Jiayun; Chen, Yang; Li, Qi; Xiao, Yu; Wang, Xin; Hui, Pan .

CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management. ACM, 2019. p. 1251-1260 (ACM International Conference on Information & Knowledge Management).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Detecting Malicious Accounts in Online Developer Communities Using Deep Learning

AU - Gong, Qingyuan

AU - Zhang, Jiayun

AU - Chen, Yang

AU - Li, Qi

AU - Xiao, Yu

AU - Wang, Xin

AU - Hui, Pan

N1 - Conference code: 28

PY - 2019/11

Y1 - 2019/11

N2 - Online developer communities like GitHub provide services such as distributed version control and task management, which allow a massive number of developers to collaborate online. However, the openness of the communities makes themselves vulnerable to different types of malicious attacks, since the attackers can easily join and interact with legitimate users. In this work, we formulate the malicious account detection problem in online developer communities, and propose GitSec, a deep learning-based solution to detect malicious accounts. GitSec distinguishes malicious accounts from legitimate ones based on the account profiles as well as dynamic activity characteristics. On one hand, GitSec makes use of users' descriptive features from the profiles. On the other hand, GitSec processes users' dynamic behavioral data by constructing two user activity sequences and applying a parallel neural network design to deal with each of them, respectively. An attention mechanism is used to integrate the information generated by the parallel neural networks. The final judgement is made by a decision maker implemented by a supervised machine learning-based classifier. Based on the real-world data of GitHub users, our extensive evaluations show that GitSec is an accurate detection system, with an F1-score of 0.922 and an AUC value of 0.940.

AB - Online developer communities like GitHub provide services such as distributed version control and task management, which allow a massive number of developers to collaborate online. However, the openness of the communities makes themselves vulnerable to different types of malicious attacks, since the attackers can easily join and interact with legitimate users. In this work, we formulate the malicious account detection problem in online developer communities, and propose GitSec, a deep learning-based solution to detect malicious accounts. GitSec distinguishes malicious accounts from legitimate ones based on the account profiles as well as dynamic activity characteristics. On one hand, GitSec makes use of users' descriptive features from the profiles. On the other hand, GitSec processes users' dynamic behavioral data by constructing two user activity sequences and applying a parallel neural network design to deal with each of them, respectively. An attention mechanism is used to integrate the information generated by the parallel neural networks. The final judgement is made by a decision maker implemented by a supervised machine learning-based classifier. Based on the real-world data of GitHub users, our extensive evaluations show that GitSec is an accurate detection system, with an F1-score of 0.922 and an AUC value of 0.940.

KW - security and privacy protection

KW - online social network

KW - Deep Learning

U2 - 10.1145/3357384.3357971

DO - 10.1145/3357384.3357971

M3 - Conference contribution

T3 - ACM International Conference on Information & Knowledge Management

SP - 1251

EP - 1260

BT - CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management

PB - ACM

T2 - ACM International Conference on Information & Knowledge Management

Y2 - 3 November 2019 through 7 November 2019

ER -

Gong Q, Zhang J, Chen Y, Li Q, Xiao Y, Wang X et al. Detecting Malicious Accounts in Online Developer Communities Using Deep Learning. In CIKM '19:Proceedings of the 28th ACM International Conference on Information and Knowledge Management. ACM. 2019. p. 1251-1260. (ACM International Conference on Information & Knowledge Management). https://doi.org/10.1145/3357384.3357971