Socialbots and its implication On ONLINE SOCIAL Networks

Md Abdul Alim, Xiang Li and Tianyi PanGroup 18

Outline

2

Overview of socialbot

How socialbots spreads dangers

Impacts of socialbots

Infiltration mechanism: a case study

Socialbots Detection

Overview

A socialbot is a piece of software that controls a user account in an online social network and passes itself of as a human being

3

The dangers of socialbots

Harvest private user data Socialbots can be

used to collect organizational data Online

surveillance Profiling Data

commoditization

4

Contd.

Spread misinformation OSNs are attractive

medium for abusive content and Socialbots take advantage of it Propagate

propaganda Political astroturfing Bias public opinion Influence user

perception5

Contd.

Malware infection Infect computers

and use it for DDoS Social spamming Fraudulent

activities

6

Impact of socialbots

OSNs are growing source of income for advertisers, investors, developers Inaccurate representation of actual users in

OSNs severely impact the revenue of dependent businesses

7

Up to 15 millio

n (1.2%

of monthly active users)

are fake [2014

Facebook earning

report]

Boshmaf et. al (2011) showed that Facebook can be infiltrated by socialbots sending friend requests. Average reported acceptance rate: 35.7% up to 80% depending on how many mutual friends the social bots had with the infiltrated users

Impact of socialbots (contd.)

8

Socialbots: a case study

Elyashar et al. (2013) performed a social study for infiltrating specific users in targeted organizations using socialbots

Technology oriented organizations were chosen to emphasize the vulnerability of users in OSNs Employees of these organization should be

more aware of the dangers of exposing private information

An infiltration is defined as accepting a Socialbot's friend request. Upon accepting a Socialbot's friend request, users unknowingly expose information about themselves and their workplace which leads to security compromise

9

Socialbot: infiltration mechanism

OSN: Facebook Target Organization: 3 [selected by the

authors, not disclosed] Targeted users: 10 Socialbot: one socialbot per organization

Idea is to send friend requests to all specific users' mutual friends who worked or work in the same targeted organization. The rationale behind this idea was to gain as many mutual friends as possible and through this act increase the probability that our friend requests will be accepted by the targeted users.

10

Steps: infiltration mechanism1. Step1:

crawl on targeted organizations to gather public information regarding its employees who have a Facebook user account and declared that they work or worked in the targeted organizations

2. Step2: Choose 10 users randomly to be a target for infiltration

3. Step3: Increase credibility of the socialbot: Send friend request to random users each of them having more than 1000 friend regardless of organization.

4. Step4: After socialbot has 50 friends, send friend request to targeted users’ mutual friends 11

Algorithm: infiltration mechanism

12

Result of the study

13

Socialbot 1 in Organization 1 succeeded to accumulate 50% of the targeted users

Socialbot 2 in Organization 2 succeeded to accumulate 70% of the targeted users

Results for two organization

How to detect the socialbots?

14

Socialbot Detection

Existing Detection Methods

Feature-based detection

15

Feature-based Detection

16

Relies on user-level activities and its account details

Uses machine learning techniques to classify accounts (fake or real)

For the attacker: relatively easy to circumvent

Mimic real users! Only 20% of fake accounts are detected

by this method. (Boshmaf et. al 2011)

Existing Detection Methods

Feature-based detection Graph-based detection

17

Graph-based Detection

18

Rank nodes based on landing probability of short random walks, started from trusted nodes.

Graph-based Detection

19

Perform cut based on node ranking

Graph-based Detection

Assumption: social infiltration on a large scale is infeasible

20

Not always true!

(Pic from Boshmaf et. al 2011)

Graph-based Detection

21

Solution: Integro (Boshmaf et. al 2015 )

Find potential victims Machine learning method (random forests) Assign each node a probability of being a

victim Create weighted graph & choose trusted

nodes Decide edge weights based on their incident

nodes’ victim probability The higher the probability, the lower the

weight Community based trusted nodes selection

Rank nodes based on short random walks in the weighted graph

22

Integro

23

Integro

24

Integro

25

Find Potential Victims

Random Forest Learning method Decision tree based learning Separate the dataset to subsets and use a

decision tree for each dataset Cross-validation method

Chop the dataset into 10 equally sized sets RF method on 9 sets Use the remaining one for testing

26

Create Weighted Graph & Choose Trusted Nodes

Assign weight based on victim probability

Choose trusted nodes Detect communities by the Louvain method Randomly pick a small set of nodes from

each community Manual verification of the selected nodes

27

Rank Nodes Based on Short Random Walks

Trust propagation process

Stop after rounds Rank nodes by

in descending order

28

Experiments

Datasets Labeled feature vectors (for learning)

8.8K public Facebook profiles (32% victims) 60K full Tuenti profiles (50% victims)

Graph samples (for detection) Snapshot of Tuenti’s daily active user graph on

Feb. 6 2014

29

Feature Vector

30

Experiment Results

Precision (In Tuenti)

31

Experiment Results

Scalability (In small-world graphs)

32

RF Ranking

What else can be done?

Stop fake accounts at the time they are created? Fake accounts send random friend requests

at the time they are created It is abnormal when the friends of a real

person all belong to different communities Methods other than random walk to cut

the graph? Current random walk method is limited to

undirected graphs

33

34

Questions?

35

Thank you!