소셜 네트워크와 이커머스 플랫폼에서의 잠재 네트워크 마이닝

학위논문(박사) -- 서울대학교대학원 : 공과대학 컴퓨터공학부, 2023. 2. 권태경.웹 기반 서비스의 폭발적인 발달로 사용자들은 온라인 상에서 폭넓게 연결되고 있다. 온라인 플랫폼 상에서, 사용자들은 서로에게 영향을 주고받으며 의사 결정에 그들의 경험과 의견을 반영하는 경향을 보인다. 본 학위 논문에서는 대표적인 온라인 플랫폼인 소셜 네트워크 서비스와 이커머스 플랫폼에서의 사용자 행동에 대해 연구하였다. 온라인 플랫폼에서의 사용자 행동은 사용자와 플랫폼 구성 요소 간의 관계로 표현할 수 있다. 사용자의 구매는 사용자와 상품 간의 관계로, 사용자의 체크인은 사용자와 장소 간의 관계로 나타내진다. 여기에 행동의 시간과 레이팅, 태그 등의 정보가 포함될 수 있다. 본 연구에서는 두 플랫폼에서 정의된 사용자의 행동 그래프에 영향을 미치는 잠재 네트워크를 파악하는 연구를 제시한다. 위치 기반의 소셜 네트워크 서비스의 경우 특정 장소에 방문하는 체크인 형식으로 많은 포스트가 만들어지는데, 사용자의 장소 방문은 사용자 간에 사전에 존재하는 친구 관계에 의해 영향을 크게 받는다. 사용자 활동 네트워크의 저변에 잠재된 사용자 간의 관계를 파악하는 것은 활동 예측에 도움이 될 수 있으며, 이를 위해 본 논문에서는 비지도학습 기반으로 활동 네트워크로부터 사용자 간 사회적 관계를 추출하는 연구를 제안하였다. 기존에 연구되었던 방법들은 두 사용자가 동시에 방문하는 행위인 co-visitation을 중점적으로 고려하여 사용자 간의 관계를 예측하거나, 네트워크 임베딩 또는 그래프 신경망(GNN)을 사용하여 표현 학습을 수행하였다. 그러나 이러한 접근 방식은 주기적인 방문이나 장거리 이동 등으로 대표되는 사용자의 행동 패턴을 잘 포착하지 못한다. 행동 패턴을 더 잘 학습하기 위해, ANES는 사용자 컨텍스트 내에서 사용자와 관심 지점(POI) 간의 측면(Aspect) 지향 관계를 학습한다. ANES는 User-POI 이분 그래프의 구조에서 사용자의 행동을 여러 개의 측면으로 나누고, 각각의 관계를 고려하여 행동 패턴을 추출하는 최초의 비지도학습 기반 접근 방식이다. 실제 LBSN 데이터에서 수행된 광범위한 실험에서, ANES는 기존에 제안되었던 기법들보다 높은 성능을 보여준다. 위치 기반 소셜 네트워크와는 다르게, 이커머스의 리뷰 시스템에서는 사용자들이 능동적인 팔로우/팔로잉 등의 행위를 수행하지 않고도 플랫폼에 의해 서로의 정보를 주고받고 영향력을 행사하게 된다. 이와 같은 사용자들의 행동 특성은 리뷰 스팸에 의해 쉽게 악용될 수 있다. 리뷰 스팸은 실제 사용자의 의견을 숨기고 평점을 조작하여 잘못된 정보를 전달하는 방식으로 이루어진다. 나는 이를 해결하기 위해 사용자 리뷰 데이터에서 사용자 간 사전 공모성(Collusiveness)의 가능성을 찾고, 이를 스팸 탐지에 활용한 방법인 SC-Com을 제안한다. SC-Com은 행동의 공모성으로부터 사용자 간 공모 점수를 계산하고 해당 점수를 바탕으로 전체 사용자를 유사한 사용자들의 커뮤니티로 분류한다. 그 후 스팸 유저와 일반 유저를 구별하는 데에 중요한 그래프 기반의 특징을 추출하여 감독 학습 기반의 분류기의 입력 데이터로 활용하는 방법을 제시한다. SC-Com은 공모성을 갖는 스팸 유저의 집합을 효과적으로 탐지한다. 실제 데이터셋을 이용한 실험에서, SC-Com은 기존 논문들 대비 스팸 탐지에 뛰어난 성능을 보여주었다. 위 논문에서 다양한 데이터에 대해 연구된 암시적 연결망 탐지 모델은 레이블이 없는 데이터에 대해서도 사전에 연결되었을 가능성이 높은 사용자들을 예측하므로, 실시간 위치 데이터나, 앱 사용 데이터 등의 다양한 데이터에서 활용할 수 있는 유용한 정보를 제공하여 광고 추천 시스템이나, 악성 유저 탐지 등의 분야에서 기여할 수 있을 것으로 기대한다.Following the exploding usage on online services, people are connected with each other more broadly and widely. In online platforms, people influence each other, and have tendency to reflect their opinions in decision-making. Social Network Services (SNSs) and E-commerce are typical example of online platforms. User behaviors in online platforms can be defined as relation between user and platform components. A user's purchase is a relationship between a user and a product, and a user's check-in is a relationship between a user and a place. Here, information such as action time, rating, tag, etc. may be included. In many studies, platform user behavior is represented in graph form. At this time, the elements constituting the nodes of the graph are composed of objects such as users and products and places within the platform, and the interaction between the platform elements and the user can be expressed as two nodes being connected. In this study, I present studies to identify potential networks that affect the user's behavior graph defined on the two platforms. In ANES, I focus on representation learning for social link inference based on user trajectory data. While traditional methods predict relations between users by considering hand-crafted features, recent studies first perform representation learning using network/node embedding or graph neural networks (GNNs) for downstream tasks such as node classification and link prediction. However, those approaches fail to capture behavioral patterns of individuals ingrained in periodical visits or long-distance movements. To better learn behavioral patterns, this paper proposes a novel scheme called ANES (Aspect-oriented Network Embedding for Social link inference). ANES learns aspect-oriented relations between users and Point-of-Interests (POIs) within their contexts. ANES is the first approach that extracts the complex behavioral pattern of users from both trajectory data and the structure of User-POI bipartite graphs. Extensive experiments on several real-world datasets show that ANES outperforms state-of-the-art baselines. In contrast to active social networks, people are connected to other users regardless of their intentions in some platforms, such as online shopping websites and restaurant review sites. They do not have any information about each other in advance, and they only have a common point which is that they have visited or have planned to visit same place or purchase a product. Interestingly, users have tendency to be influenced by the review data on their purchase intentions. Unfortunately, this instinct is easily exploited by opinion spammers. In SC-Com, I focus on opinion spam detection in online shopping services. In many cases, my decision-making process is closely related to online reviews. However, there have been threats of opinion spams by hired reviewers increasingly, which aim to mislead potential customers by hiding genuine consumers opinions. Opinion spams should be filed up collectively to falsify true information. Fortunately, I propose the way to spot the possibility to detect them from their collusiveness. In this paper, I propose SC-Com, an optimized collusive community detection framework. It constructs the graph of reviewers from the collusiveness of behavior and divides a graph by communities based on their mutual suspiciousness. After that, I extract community-based and temporal abnormality features which are critical to discriminate spammers from other genuine users. I show that my method detects collusive opinion spam reviewers effectively and precisely from their collective behavioral patterns. In the real-world dataset, my approach showed prominent performance while only considering primary data such as time and ratings. These implicit network inference models studied on various data in this thesis predicts users who are likely to be pre-connected to unlabeled data, so it is expected to contribute to areas such as advertising recommendation systems and malicious user detection by providing useful information.Chapter 1 Introduction 1 Chapter 2 Social link Inference in Location-based check-in data 5 2.1 Background 5 2.2 Related Work 12 2.3 Location-based Social Network Service Data 15 2.4 Aspect-wise Graph Decomposition 18 2.5 Aspect-wise Graph learning 19 2.6 Inferring Social Relation from User Representation 21 2.7 Performance Analysis 23 2.8 Discussion and Implications 26 2.9 Summary 34 Chapter 3 Detecting collusiveness from reviews in Online platforms and its application 35 3.1 Background 35 3.2 Related Work 39 3.3 Online Review Data 43 3.4 Collusive Graph Projection 44 3.5 Reviewer Community Detection 47 3.6 Review Community feature extraction and spammer detection 51 3.7 Performance Analysis 53 3.8 Discussion and Implications 55 3.9 Summary 62 Chapter 4 Conclusion 63박

Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation

Many security and privacy problems can be modeled as a graph classification problem, where nodes in the graph are classified by collective classification simultaneously. State-of-the-art collective classification methods for such graph-based security and privacy analytics follow the following paradigm: assign weights to edges of the graph, iteratively propagate reputation scores of nodes among the weighted graph, and use the final reputation scores to classify nodes in the graph. The key challenge is to assign edge weights such that an edge has a large weight if the two corresponding nodes have the same label, and a small weight otherwise. Although collective classification has been studied and applied for security and privacy problems for more than a decade, how to address this challenge is still an open question. In this work, we propose a novel collective classification framework to address this long-standing challenge. We first formulate learning edge weights as an optimization problem, which quantifies the goals about the final reputation scores that we aim to achieve. However, it is computationally hard to solve the optimization problem because the final reputation scores depend on the edge weights in a very complex way. To address the computational challenge, we propose to jointly learn the edge weights and propagate the reputation scores, which is essentially an approximate solution to the optimization problem. We compare our framework with state-of-the-art methods for graph-based security and privacy analytics using four large-scale real-world datasets from various application scenarios such as Sybil detection in social networks, fake review detection in Yelp, and attribute inference attacks. Our results demonstrate that our framework achieves higher accuracies than state-of-the-art methods with an acceptable computational overhead.Comment: Network and Distributed System Security Symposium (NDSS), 2019. Dataset link: http://gonglab.pratt.duke.edu/code-dat

Graph based Anomaly Detection and Description: A Survey

Detecting anomalies in data is a vital task, with numerous high-impact applications in areas such as security, finance, health care, and law enforcement. While numerous techniques have been developed in past years for spotting outliers and anomalies in unstructured collections of multi-dimensional points, with graph data becoming ubiquitous, techniques for structured graph data have been of focus recently. As objects in graphs have long-range correlations, a suite of novel technology has been developed for anomaly detection in graph data. This survey aims to provide a general, comprehensive, and structured overview of the state-of-the-art methods for anomaly detection in data represented as graphs. As a key contribution, we give a general framework for the algorithms categorized under various settings: unsupervised vs. (semi-)supervised approaches, for static vs. dynamic graphs, for attributed vs. plain graphs. We highlight the effectiveness, scalability, generality, and robustness aspects of the methods. What is more, we stress the importance of anomaly attribution and highlight the major techniques that facilitate digging out the root cause, or the ‘why’, of the detected anomalies for further analysis and sense-making. Finally, we present several real-world applications of graph-based anomaly detection in diverse domains, including financial, auction, computer traffic, and social networks. We conclude our survey with a discussion on open theoretical and practical challenges in the field

Graph Mining for Cybersecurity: A Survey

The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Securing cyberspace has become an utmost concern for organizations and governments. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. In recent years, with the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance. It is imperative to summarize existing graph-based cybersecurity solutions to provide a guide for future studies. Therefore, as a key contribution of this paper, we provide a comprehensive review of graph mining for cybersecurity, including an overview of cybersecurity tasks, the typical graph mining techniques, and the general process of applying them to cybersecurity, as well as various solutions for different cybersecurity tasks. For each task, we probe into relevant methods and highlight the graph types, graph approaches, and task levels in their modeling. Furthermore, we collect open datasets and toolkits for graph-based cybersecurity. Finally, we outlook the potential directions of this field for future research