5

ABSTRACT

Hacking virtual entertainment accounts has turned into a helpful method

for completing crimes. Programmers can take well known media or
business records to get out awful word or gotten out bogus word to
numerous clients. The outcome of the calamity cost the monetary
business sectors many billions of dollars. In our past work, we told the
best way to get the confusions of informal community clients. In these
works, we have told the best way to decide the consistency of a specific
record utilizing comparable innovation. Famous records have one
trademark that makes this idea solid - they show a steady person over
the long haul. That's what we show assuming our framework is
executed, it is feasible to identify and forestall three genuine assaults on
trustworthy organizations and media. Also, not at all like other famous
news sources, our framework doesn't fall into the class of
misconceptions brought about by the American chain of eateries.

Keywords: Behavioral analysis, cyber security, Text mining, social

network analysis
 6

TABLE OF CONTENTS

CHAPTER No. TITLE PAGE No

ABSTRACT 5

1 INTRODUCTION 7
LITERATURE SURVEY
2. 8
3. AIM AND SCOPE OF PRESENT 8

3.1 AIM 8

3.2 SCOPE 8

3.3 WORK FLOW DIAGRAM 9

SOFTWARE ENVIRONMENT
4. 14

4.1 APACHE 14
4.2 PHP 15
4.3 MySQL 16
4.4 AJAX

5 MODULES 22

5.1 BEHAVIOURAL PROFILES 22

5.2 MODELLING CHARACTERISTICS 23

5.3 TRAINING EVALUTION OF THE 23

MODELS

5.4 BEHAVIOURAL PROFILE 23

STABILITY
6
SCREENSCHOTS & DIAGRAMS 24
7
SOURCE CODE AND REFERENCE 38
 7

INTRODUCTION
Online social networks, such as Facebook and Twitter, have become one of the main
media to stay in touch with the rest of the world. Celebrities use them to communicate
with their fan base, corporations take advantage of them to promote their brands and
have a direct connection to their customers, while news agencies leverage social
networks to distribute breaking news. Regular users make pervasive use of social
networks too, to stay in touch with their friends or colleagues and share content that
they find interesting. Over time, social network users build trust relationships with the
accounts they follow. This trust can develop for a variety of reasons. For example, the
user might know the owner of the trusted account in person or the account might be
operated by an entity commonly considered as trustworthy, such as a popular news
agency. Unfortunately, should the control over an account fall into the hands of a cyber-
criminal, he can easily exploit this trust to further his own malicious agenda. Previous
research showed that using compromised accounts to spread malicious content is
advantageous to cyber criminals, because social network users are more likely to react
to messages coming from accounts they trust. These favorable probabilities of success
exceedingly attract the attention of cyber criminals. Once an attacker compromises a
social network account he can use it for nefarious purposes such as sending spam
messages or link to malware and phishing web sites. Such traditional attacks are best
carried out through a large population of compromised accounts belonging to regular
social network account users. Recent incidents, however, demonstrate that attackers
can cause havoc and interference even by compromising individual, but highprofile
accounts. These accounts (e.g., newspaper or popular brand name accounts) have
large social circles (i.e., followers) and their popularity suggests trustworthiness to many
social network users. Recent attacks show that compromising these high profile
accounts can be leveraged to disseminate fake news alerts, or messages that tarnish a
company’s reputation.

CHAPTER 2
 8

LITERATURE SURVEY
Literature survey is the most important step in software development process.Before
developing the tool it is necessary to determine the time factor, economy and company
strength. Once these things are satisfied, then the next step is to determine which
operating system and language can be used for developing the tool. Once the
programmers start building the tool the programmers need lot of external support. This
support can be obtained from senior programmers, from book or from websites. Before
building the system the above consideration are taken into account for developing the
proposed system. The major part of the project development sector considers and fully
survey all the required needs for developing the project. For every project Literature
survey is the most important sector in software development process. Before
developing the tools and the associated designing it is necessary to determine and
survey the time factor, resource requirement, man power, economy, and company
strength. Once these things are satisfied and fully surveyed, then the next step is to
determine about the software specifications in the respective system such as what type
of operating system the project would require, and what are all the necessary software
are needed to proceed with the next step such as developing the tools, and the
associated operations.

CHAPTER 3
AIM AND SCOPE OF PRESENT INVESTIGATION
3.1 AIM:
To detect the compromised accounts on social networks
3.2 SCOPE:
* End to End compromised account detection
*Semantic text analysis
3.3 WORK FLOW DIAGRAM
9
 10

End-to-End Compromised account detection

Social media, e.g. Twitter, has become a widely used medium for the exchange of
information, but it has also become a valuable tool for hackers to spread misinformation
through compromised accounts. Hence, detecting compromised accounts is a
necessary step toward a safe and secure social media environment. Nevertheless,
detecting compromised accounts faces several challenges. First, social media activities
of users are temporally correlated which plays an important role in compromised
account detection. Second, data associated with social media accounts is inherently
sparse. Finally, social contagions where multiple accounts become compromised, take
advantage of the user connectivity to propagate their attack. Thus how to represent
each user’s network features for compromised account detection is an additional
challenge. To address these challenges, we propose an End-to-End Compromised
Account Detection framework (E2ECAD). E2ECAD effectively captures temporal
correlations via an LSTM (Long Short-Term Memory) network. Further, it addresses the
sparsity problem by defining and employing a user context representation. Meanwhile,
informative network-related features are modeled efficiently. To verify the working of the
framework, we construct a real-world dataset of compromised accounts on Twitter and
conduct extensive experiments. The results of experiments show that E2ECAD
outperforms the state of the art compromised account detection algorithms.

Semantic Text Analysis for Detection of Compromised Accounts on Social

Networks
Compromised accounts on social networks are regular user accounts that have been
taken over by an entity with malicious intent. Since the adversary exploits the already
established trust of a compromised account, it is crucial to detect these accounts to limit
the damage they can cause. We propose a novel general framework for semantic
analysis of text messages coming out from an account to detect compromised
accounts. Our framework is built on the observation that normal users will use language
that is measurably different from the language that an adversary would use when the
account is compromised. We propose to use the difference of language models of users
and adversaries to define novel interpretable semantic features for measuring semantic
 11

incoherence in a message stream. We study the effectiveness of the proposed

semantic features using a Twitter data set. Evaluation results show that the proposed
framework is effective for discovering compromised accounts on social networks and a
KL-divergence-based language model feature works best.

EXISTING SYSTEM
Thomas et al. built Monarch to detect malicious messages on social networks based on
URLs that link to malicious sites. By relying only on URLs, Monarch misses other types
of malicious messages. For example, our previous work illustrates that COMPA detects
scams based on phone numbers and XSS worms spreading without linking to a
malicious URL.WARNINGBIRD is a system that detects spam links posted on Twitter by
analyzing the characteristics of HTTP redirection chains that lead to a final spam
page.Xu et al. present a system that, by monitoring a small number of nodes, detects
worms propagating on social networks. This paper does not directly address the
problem of compromised accounts, but could detect large-scale infections such as
koobface.Yang et al. studied new Twitter spammers that act in a stealthy way to avoid
detection. In their system, they use advanced features such as the topology of the
network that surrounds the spammer. They do not try to distinguish compromised from
spam accounts.

DISADVANTAGES OF EXISTING SYSTEM

 Previous systems will fail to recognize them as malicious
 This approach does not scale as it requires identifying and joining each new
phishing campaign. Also, this approach is limited to phishing campaigns
 Previous work showed that spam victims occasionally send messages to these
 12

spam accounts. This would cause their approach to detect legitimate accounts as
compromised.
 Is not as generic.

PROPOSED SYSTEM
In this paper we present COMPA, the first detection system designed to identify
compromised social network accounts. COMPA is based on a simple observation:
social network users develop habits over time, and these habits are fairly stable. A
typical social network user, for example, might consistently check her posts in the
morning from her phone, and during the lunch break from her desktop computer.
Furthermore, interaction will likely be limited to a moderate number of social network
contacts (i.e., friends). Conversely, if the account falls under the control of an adversary,
the messages that the attacker sends will likely show anomalies compared to the typical
behavior of the user.To detect account compromises, COMPA builds a behavioral
profile for social network accounts, based on the messages sent by the account in the
past. Every time a new message is generated, the message is compared against this
behavioral profile. If the message significantly deviates from the learned behavioral
profile, COMPA flags it as a possible compromise.In this paper we first show that high
profile accounts often have well-defined behavioral profiles that allow COMPA to detect
compromises with very low false positives. However, behavioral profiles of regular user
accounts are more variable than their well-defined counterparts of most high profile
accounts. This is because regular users are more likely to experiment with new features
or client software to engage with the social network. This variability could cause an
increase of false positive alerts. However, social network accounts of regular users are
less influential than high profile accounts. Thus, attackers aggregate multiple accounts
into a campaign to achieve effects that are similar to the compromise of a high profile
account.

ADVANTAGES OF PROPOSED SYSTEM

 13

 We present COMPA, the first system designed to detect compromised social

network accounts.
 We show that COMPA can reliably detect compromises that affect high profile
accounts. Since the behavior of these accounts is very consistent, false positives
are minimal.
 To detect large-scale compromises, we propose to group similar messages
together and apply COMPA to them, to assess how many of those messages
violate their accounts’ behavioral profile. This grouping accounts for the fact that
regular social network accounts show a more variable behavior compared to high
profile ones, and allows us to keep false positives low.

SYSTEM REQUIREMENTS
HARDWARE REQUIREMENTS
 System : Pentium Dual Core.
 Hard Disk : 120 GB.
 Monitor : 15’’ LED
 Input Devices : Keyboard, Mouse
 Ram : 1 GB
SOFTWARE REQUIREMENTS
 Operating system : Windows 7.
 Coding Language : PHP
 Database : MYSQL
 14

CHAPTER 4
SOFTWARE ENVIRONMENT
Language Description

Web Server Introduction

Web servers are computers on the Internet that host websites, serving pages to

viewers upon request. This service is referred to as web hosting. Every web server has

a unique address so that other computers connected to the internet know where to find

it on the vast network. The Internet Protocol (IP) address looks something like this:

65.65.120.35. This address maps to a more human friendly address, such as

http://www.xyz.com. Web servers stay connected to the Internet 24 hours a day, seven

days a week, 365 days a year. In truth, they experience occasional downtime due to

maintenance and technical problems. Web servers with consistent records of an uptime

of 99.5% or better are considered reliable.

4.1:Apache

The Apache HTTP Server commonly referred to as Apache, is web server

 18

Technology Specification

Client Server Architecture

The server (the web server) stores, interprets, and distributes data, and the client

(browser) accesses the server to get at the data. From now on whenever we use the

term client, we are just referring to the browser.

Client and server communication without PHP

Here's what's happening in the numbered steps of the diagram:

1. If we type www.example.com/catalog.html into the location bar of Internet

Explorer,

2. Internet Explorer sends a message over the Internet to the computer named

www.example.com asking for the /catalog.html page.