Innocent by Association: Early Recognition of Legitimate Users
Date: October 2012
Publication: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12
Page(s): 353 - 364
Source 1: http://users.soe.ucsc.edu/~abadi/Papers/souche.pdf
Source 2: http://research.microsoft.com/pubs/168778/ccs12-xie.pdf
Source 3: http://dx.doi.org/10.1145/2382196.2382235 - Subscription or payment required
This paper presents the design and implementation of Souche, a system that recognizes legitimate users early in online services. This early recognition contributes to both usability and security. Souche leverages social connections established over time. Legitimate users help identify other legitimate users through an implicit vouching process, strategically controlled within vouching trees. Souche is lightweight and fully transparent to users. In our evaluation on a real dataset of several hundred million users, Souche can efficiently identify 85% of legitimate users early, while reducing the percentage of falsely admitted malicious users from 44% to 2.4%. Our evaluation further indicates that Souche is robust in the presence of compromised accounts. It is generally applicable to enhance usability and security for a wide class of online services.
PasswordResearch.com Note: Additional authors listed for this paper: Jason Walter, Junxian Huang, Zhuoqing Morley Mao
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.