Sybil attacks are increasingly prevalent in online social networks. A malicious user can generate a huge number of fake accounts to produce spam, impersonate other users, commit fraud, and reach many legitimate users. For security reasons, such fake accounts have to be detected and deactivated immediately. Various defense schemes have been proposed to deal with fake accounts. However, most identify fake accounts using only the structure of social graphs, leading to poor performance. In this paper, we propose a new and scalable defense scheme, SybilTrap. SybilTrap uses a semi-supervised technique that automatically integrates the underlying features of user activities with the social structure into one system. Unlike other machine learning-based approaches, the proposed defense scheme works on unlabeled data, and it is effective in detecting targeted attacks, because it manipulates different levels of features of user profiles. We evaluate SybilTrap on a dataset collected from Twitter. We show that our proposed scheme is able to accurately detect Sybil nodes as well as huge conspiracies among them. KEYWORDS social network, Sybil attack, Sybil defense, targeted attack 1 | INTRODUCTION Online social networking services such as Facebook, Twitter, and YouTube have attracted millions of users in recent years, with individuals and companies scrambling to be part of the paradigm shift changing the world of communication. 1 The ability to address millions of users worldwideis desirable for many businesses; it is undeniable that social networks have had a massive impact in the realm of business. These platforms are so widely used that some users are now using them for malicious purposes. One of the most popular techniques is the Sybil attack. 2 During a Sybil attack, a malevolent user creates multiple fake accounts that can be used to increase the user 0 s influence within the target community. 2,3 In sufficient numbers, such fake accounts can affect public opinion on an individual or the popularity of an organization. 4 They can also change the characteristics of an audience or even create a legitimacy problem for individuals or organizations. At present, it is difficult to detect fake accounts because they do not make up a substantial proportion of users of social networks.Previous studies have proposed several defense schemes and techniques against Sybil attacks. 5-15 These approaches can be divided into graph-based detection and machine learning techniques. 2,16 Graph-based techniques assume that it is difficult for the fake accounts to quickly build relations with legitimate users, so the number of attack edges is limited for networks with a high level of trust. 17 In addition, they assume that the mixing time of benign users to be connected to each other is fast and thus detection schemes are built based on this assumption. Some researchers have questioned the effectiveness of graph-based systems in various social networks. 2,16-20 Other graph-based techniques use credit networks as a basis for Sybil tolerance. 21 Ho...