Hiding in Plain Sight: The Anatomy of Malicious Pages on Facebook

Facebook is the world’s largest Online Social Network, having more than 1 billion users. Like most social networks, Facebook is home to various categories of hostile entities who abuse the platform by posting malicious content. In this chapter, we identify and characterize Facebook pages that engage in spreading URLs pointing to malicious domains. We revisit the scope and definition of what is deemed as “malicious” in the modern day Internet, and identify 627 pages publishing untrustworthy information, misleading content, adult and child unsafe content, scams, etc. We perform in-depth characterization of pages through spatial and temporal analysis. Upon analyzing these pages, our findings reveal dominant presence of politically polarized entities engaging in spreading content from untrustworthy web domains. Studying the temporal posting activity of pages reveal that malicious pages are 1.4 times more active daily than benign pages. We further identify collusive behavior within a set of malicious pages spreading adult and pornographic content. Finally, we attempt to automate the process of detecting malicious Facebook pages by extensively experimenting with multiple supervised learning algorithms and multiple feature sets. Artificial neural networks trained on a fixed sized bag-of-words perform the best and achieve a maximum ROC area under curve value of 0.931.