Phone number recycling(PNR)refers to the event wherein a mobile operator collects a disconnected number and reassigns it to a new owner.It has posed a threat to the reliability of the existing authentication solution ...Phone number recycling(PNR)refers to the event wherein a mobile operator collects a disconnected number and reassigns it to a new owner.It has posed a threat to the reliability of the existing authentication solution for e-commerce platforms.Specifically,a new owner of a reassigned number can access the application account with which the number is associated,and may perform fraudulent activities.Existing solutions that employ a reassigned number database from mobile operators are costly for e-commerce platforms with large-scale users.Thus,alternative solutions that depend on only the information of the applications are imperative.In this work,we study the problem of detecting accounts that have been compromised owing to the reassignment of phone numbers.Our analysis on Meituan's real-world dataset shows that compromised accounts have unique statistical features and temporal patterns.Based on the observations,we propose a novel model called temporal pattern and statistical feature fusion model(TSF)to tackle the problem,which integrates a temporal pattern encoder and a statistical feature encoder to capture behavioral evolutionary interaction and significant operation features.Extensive experiments on the Meituan and IEEE-CIS datasets show that TSF significantly outperforms the baselines,demonstrating its effectiveness in detecting compromised accounts due to reassigned numbers.展开更多
The illegal use of compromised email accounts by adversaries can have severe consequences for enterprises and society.Detecting compromised email accounts is more challenging than in the social network field,where ema...The illegal use of compromised email accounts by adversaries can have severe consequences for enterprises and society.Detecting compromised email accounts is more challenging than in the social network field,where email accounts have only a few interaction events(sending and receiving).To address the issue of insufficient features,we propose a novel approach to detecting compromised accounts by combining time zone differences and alternate logins to identify abnormal behavior.Based on this approach,we propose a compromised email account detection framework that relies on widely available and less sensitive login logs and does not require labels.Our framework characterizes login behaviors to identify logins that do not belong to the account owner and outputs a list of account-subnet pairs ranked by their likelihood of having abnormal login relationships.This approach reduces the number of account-subnet pairs that need to be investigated and provides a reference for investigation priority.Our evaluation demonstrates that our method can detect most email accounts that have been accessed by disclosed malicious IP addresses and outperforms similar research.Additionally,our framework has the capability to uncover undisclosed malicious IP addresses.展开更多
基金supported by the National Natural Science Foundation of China(Nos.62072115,62202402,61971145,and 61602122)the Shanghai Science and Technology Innovation Action Plan Project(No.22510713600)+2 种基金the Guangdong Basic and Applied Basic Research Foundation,China(Nos.2022A1515011583 and 2023A1515011562)the One-off Tier 2 Start-up Grant(2020/2021)of Hong Kong Baptist University(Ref.RCOFSGT2/20-21/COMM/002)Startup Grant(Tier 1)for New Academics AY2020/21 of Hong Kong Baptist University and Germany/Hong Kong Joint Research Scheme sponsored by the Research Grants Council of Hong Kong,China,the German Academic Exchange Service of Germany(No.G-HKBU203/22),and Meituan。
文摘Phone number recycling(PNR)refers to the event wherein a mobile operator collects a disconnected number and reassigns it to a new owner.It has posed a threat to the reliability of the existing authentication solution for e-commerce platforms.Specifically,a new owner of a reassigned number can access the application account with which the number is associated,and may perform fraudulent activities.Existing solutions that employ a reassigned number database from mobile operators are costly for e-commerce platforms with large-scale users.Thus,alternative solutions that depend on only the information of the applications are imperative.In this work,we study the problem of detecting accounts that have been compromised owing to the reassignment of phone numbers.Our analysis on Meituan's real-world dataset shows that compromised accounts have unique statistical features and temporal patterns.Based on the observations,we propose a novel model called temporal pattern and statistical feature fusion model(TSF)to tackle the problem,which integrates a temporal pattern encoder and a statistical feature encoder to capture behavioral evolutionary interaction and significant operation features.Extensive experiments on the Meituan and IEEE-CIS datasets show that TSF significantly outperforms the baselines,demonstrating its effectiveness in detecting compromised accounts due to reassigned numbers.
基金supported by the Youth Innovation Promotion Association CAS(No.2019163)the Strategic Priority Research Program of Chinese Academy of Sciences(No.XDC02040100)the Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences and Beijing Key Laboratory of Network security and Protection Technology.
文摘The illegal use of compromised email accounts by adversaries can have severe consequences for enterprises and society.Detecting compromised email accounts is more challenging than in the social network field,where email accounts have only a few interaction events(sending and receiving).To address the issue of insufficient features,we propose a novel approach to detecting compromised accounts by combining time zone differences and alternate logins to identify abnormal behavior.Based on this approach,we propose a compromised email account detection framework that relies on widely available and less sensitive login logs and does not require labels.Our framework characterizes login behaviors to identify logins that do not belong to the account owner and outputs a list of account-subnet pairs ranked by their likelihood of having abnormal login relationships.This approach reduces the number of account-subnet pairs that need to be investigated and provides a reference for investigation priority.Our evaluation demonstrates that our method can detect most email accounts that have been accessed by disclosed malicious IP addresses and outperforms similar research.Additionally,our framework has the capability to uncover undisclosed malicious IP addresses.
