This specification relates to detecting suspicious user activities.
The flourish of online services has attracted numerous attackers to conduct a wide range of nefarious activities, ranging from spam posts, phishing emails, fake invitations, cheated games, artificially promoted ads, to fraudulent financial transactions. Recent observations have identified an increased number of attacks of different forms, affecting online services of all sizes, for example, ranging from millions of compromised accounts to hundreds of millions fake accounts being crated on various social networking sites and numerous small online forums.
Although each attack may look different in scale and method, a common thread typically found among them is the requirement of a large number of malicious user accounts. These accounts can either be newly created or can be obtained by compromising real user accounts. Detecting malicious accounts and compromised user accounts is thus ultimately critical to ensure the success of all online services.