Detecting Malicious Facebook Applications

Abstract

With 20 million installs a day third-party apps are a major reason for the popularity and addictiveness of Facebook. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. The problem is already significant, as we find that at least 13% of apps in our dataset are malicious. So far, the research community has focused on detecting malicious posts and campaigns. In this paper, we ask the question: Given a Facebook application, can we determine if it is malicious? Our key contribution is in developing FRAppE—Facebook’s Rigorous Application Evaluator—arguably the first tool focused on detecting malicious apps on Facebook. To develop FRAppE, we use information gathered by observing the posting behavior of 111K Facebook apps seen across 2.2 million users on Facebook. First, we identify a set of features that help us distinguish malicious apps from benign ones. For example, we find that malicious apps often share names with other apps, and they typically request less permission than benign apps. Second, leveraging these distinguishing features, it shows that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a high true positive rate (95.9%). Finally, we explore the ecosystem of malicious Facebook apps and Identify mechanisms that these apps use to propagate. Interestingly, it finds that many apps collude and support each other; in our dataset, we find 1584 apps enabling the viral propagation of 3723 other apps through their posts. Long term, we see FRAppE as a step toward creating an independent watchdog for app assessment and ranking, so as to warn Facebook users before installing apps.

Existing System

ONLINE social networks (OSNs) enable and encourage third-party applications (apps) to enhance the user experience on these platforms. Recently, hackers have started taking advantage of the popularity of this third-party apps platform and deploying malicious applications OSNs, with Facebook leading the way with 900M active users .There are many ways that hackers can benefit from a malicious app: 1) The app can reach large numbers of users and their friends to spread spam 2) The app can obtain users’ personal information such as e-mail address, home town, and gender; and 3) The app can “reproduce” by making other malicious apps popular There is motive and opportunity, and as a result, there are many malicious apps spreading and Facebook every day.

Proposed System

The proposed method develops FRAppE, a suite of efficient classification techniques for identifying whether an app is malicious or not. To build FRAppE, we use data from MyPage- Keeper, a security app in Facebook that monitors the Facebook profiles of 2.2 million users. We analyze 111K apps that made 91 million posts over 9 months. This is arguably the first comprehensive study focusing on malicious Facebook apps that focuses on quantifying, profiling, and understanding malicious apps and synthesizes this information into an effective detection approach.

Architecture

System Architecture