Is Somebody Watching Your Facebook Newsfeed?

With the popularity of Social Networking Services (SNS), more and more sensitive information are stored online and associated with SNS accounts. The obvious value of SNS accounts motivates the usage stealing problem -- unauthorized, stealthy use of SNS accounts on the devices owned/used by account owners without any technology hacks. For example, anxious parents may use their kids' SNS accounts to inspect the kids' social status; husbands/wives may use their spouses' SNS accounts to spot possible affairs. Usage stealing could happen anywhere in any form, and seriously invades the privacy of account owners. However, there is no any currently known defense against such usage stealing. To an SNS operator (e.g., Facebook Inc.), usage stealing is hard to detect using traditional methods because such attackers come from the same IP addresses/devices, use the same credentials, and share the same accounts as the owners do. In this paper, we propose a novel continuous authentication approach that analyzes user browsing behavior to detect SNS usage stealing incidents. We use Facebook as a case study and show that it is possible to detect such incidents by analyzing SNS browsing behavior. Our experiment results show that our proposal can achieve higher than 80% detection accuracy within 2 minutes, and higher than 90% detection accuracy after 7 minutes of observation time.