%0 Journal Article %@ 1545-5971 %A Egele, M %A Stringhini, G %A Kruegel, C %A Vigna, G %D 2017 %F discovery:1470859 %J IEEE Transactions on Dependable and Secure Computing (TDSC) %K Twitter, feature extraction, facebook, training, reliability, uniform resource locators %N 4 %P 447-460 %T Towards Detecting Compromised Accounts on Social Networks %U https://discovery.ucl.ac.uk/id/eprint/1470859/ %V 14 %X Compromising social network accounts has become a profitable course of action for cybercriminals. By hijacking control of a popular media or business account, attackers can distribute their malicious messages or disseminate fake information to a large user base. The impacts of these incidents range from a tarnished reputation to multi-billion dollar monetary losses on financial markets. In our previous work, we demonstrated how we can detect large-scale compromises (i.e., so-called campaigns) of regular online social network users. In this work, we show how we can use similar techniques to identify compromises of individual high-profile accounts. High-profile accounts frequently have one characteristic that makes this detection reliable -- they show consistent behavior over time. We show that our system, were it deployed, would have been able to detect and prevent three real-world attacks against popular companies and news agencies. Furthermore, our system, in contrast to popular media, would not have fallen for a staged compromise instigated by a US restaurant chain for publicity reasons. %Z This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. © 2015 IEEE.