This specification relates to detecting malicious activities.
The flourish of online services has attracted numerous attackers to conduct a wide range of nefarious activities, ranging from spam posts, phishing emails, fake invitations, cheated games, artificially promoted ads, to fraudulent financial transactions. Recent observations have identified an increased number of attacks of different forms, affecting online services of all sizes, for example, ranging from millions of compromised accounts to hundreds of millions fake accounts being crated on various social networking sites and numerous small online forums.
Although each attack may look different in scale and method, a common thread typically found among them is the requirement of a large number of malicious user accounts. These accounts can either be newly created or can be obtained by compromising real user accounts. Guarding the legitimate accounts and detecting malicious accounts is thus ultimately critical to ensure the success of all online services.
Modern professional attackers do not work individually. Instead, they play different roles and do business with each other. The entity that creates malicious accounts is usually different from the one that actually leverages the fake accounts for misdeeds. By collaborating with each other, these attackers can best use resources of others and obtain money more efficiently.