Defending Against Malicious Socialbots Position Paper Yazan - - PowerPoint PPT Presentation

defending against
SMART_READER_LITE
LIVE PREVIEW

Defending Against Malicious Socialbots Position Paper Yazan - - PowerPoint PPT Presentation

Jul 25, 2023 31 likes •392 views

Key Challenges in Defending Against Malicious Socialbots Position Paper Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems

slide-1
SLIDE 1

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer Engineering

Key Challenges in Defending Against Malicious Socialbots

Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu

Position Paper

slide-2
SLIDE 2

Outline

2

Problem Motivation Socialbots OSN Security Challenges

slide-3
SLIDE 3

3

Problem Motivation

slide-4
SLIDE 4

Reaching Out to Millions

4

(Source: Jose Vargas, Voices on The Washington Post, November, 2008)

Obama Raised Half a Billion Online in 2008

slide-5
SLIDE 5

Mobilizing the Masses

5

Photo credit: Peter Macdiarmid, Getty Images Photo credit: Steve Crisp, Reuters

The Arab Spring, January 2011 - Now

Salem et al. Civil movements: The impact of Facebook and Twitter. The Arab Social Media Report, 2011

slide-6
SLIDE 6

Predicting the Future: Elections

0% 5% 10% 15% 20% 25% 30% 35% 40%

YouGov Tweetminster Actual

Conservative Lib Dem Labour

Twitter elections predictions (Tweetminster) outperform market research (YouGov)

(Source: Jemima Koss, The Guardian, May 2010)

2010 UK General Elections

slide-7
SLIDE 7

Predicting the Future: Markets

7

Twitter mood (Calm) predicts Dow Jones Industrial Average (DJIA)

Bollen et al. Twitter mood predicts the stock market. J. Comp. Sc. March, 2011.

Day-to-day Overlap Calm lagged by 3 days

slide-8
SLIDE 8

8

Socialbots

slide-9
SLIDE 9

Bots and Socialbots

+

Automation software (to pass off as human) Social media account

Socialbot

Computer program used to perform highly repetitive operations (AI?)

9

slide-10
SLIDE 10

Rise of the Socialbots

10

The Web Ecology Project (Social Engineering), 2011 Zack Coburn and Greg Marra, Olin College, 2010

ACM Interactions Magazine Cover Story, April 2012

slide-11
SLIDE 11

Misusing Socialbots on a Large Scale?

11

Infiltration Misinformation Data collection

An automated social engineering tool for:

Boshmaf et al. The Socialbot Network: When Bots Socialize for Fame and Money. ACSAC’11

slide-12
SLIDE 12

13

OSN Security

slide-13
SLIDE 13

14

Tolerate Socialbots

slide-14
SLIDE 14

Adversarial Machine Learning

classifications classifiers influence

profit first specific

erfit superficial

Attacker Detects Defender Responds Begin Attack Initial Detection Attacker Controls Defender Controls Attack Detect Defense Mutate

classifier indefinitely

filter filtering,

15

Stein et al., The Facebook Immune System, EuroSys – SNS, 2011

slide-15
SLIDE 15

Graph-theoretic Defense Techniques

16

Honest region Sybil region Attack edges

Sybil detection via social networks1 With adversary running large-scale infiltration2

Honest node

1 Haifeng Yu. Sybil Defenses via Social Networks: A Tutorial and Survey. ACM SIGACT News’11 2 Boshmaf et al. The Socialbot Network: When Bots Socialize for Fame and Money. ACSAC’11

slide-16
SLIDE 16

17

Prevent Socialbots

slide-17
SLIDE 17

Observation: It’s all about automation Prevent it and the socialbot threat will go away (almost surely) Not an easy job!

18

slide-18
SLIDE 18

19

Challenges

Solve at least one

slide-19
SLIDE 19

OSN Vulnerabilities: Ineffective CAPTCHAs

20

Koobface Botnet CAPTCHA-solving businesses

slide-20
SLIDE 20

#1

21

Design a reverse Turing test that is usable and effective even against “illegitimate” human solvers

slide-21
SLIDE 21

How about Social Authentication?

22

Use “personal” social knowledge to challenge users

Kim et al. Social authentication: Harder than it looks. FC’12

slide-22
SLIDE 22

23

slide-23
SLIDE 23

OSN Vulnerabilities: Fake (Sybil) User Accounts and Profiles

24

slide-24
SLIDE 24

#2

25

Guarantee an anonymous, yet credible,

  • nline-offline identity binding in online and
  • pen-access systems
slide-25
SLIDE 25

How can we deal with Sybils?

26

Centralized trusted authority Tie identities to resources Use external information

slide-26
SLIDE 26

OSN Vulnerabilities: Large-Scale Network Crawls

27

slide-27
SLIDE 27

#3

28

Effectively limit large-scale Sybil crawls of OSNs without restricting users’ social experience.

slide-28
SLIDE 28

How about using a credit network?

29

slide-29
SLIDE 29

Small edge cut

Assumption #1 Assumption #2

30

slide-30
SLIDE 30

OSN Vulnerabilities: Exploitable Platforms and APIs

31

slide-31
SLIDE 31

#4

32

Detect abusive and automated usage of OSN platforms and their social APIs across the Internet

slide-32
SLIDE 32

OSN Vulnerabilities: Poorly Designed Privacy/Security Controls

33

slide-33
SLIDE 33

#5

34

Develop usable OSN security and privacy controls that help users make more informed decisions

slide-34
SLIDE 34

35

slide-35
SLIDE 35

Take-home message(s)

  • Large-scale infiltration is feasible

– has serious privacy and security implications

  • Socialbots make it difficult for OSN security

defenses and their users to detect their true nature

– defending against such bots raises a set of unique challenges

  • Effective, socio-technical defenses less

vulnerable to both human and technical exploits are needed

36

slide-36
SLIDE 36

37

Yazan Boshmaf Ildar Muslukhov Konstantin Beznosov Matei Ripeanu

Key Challenges in Defending Against Malicious Socialbots

Funded by: