![Page 1: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/1.jpg)
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
![Page 2: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/2.jpg)
Focus on the vulnerable population
Proposed Paradigm
2
![Page 3: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/3.jpg)
Current vs. Proposed Paradigm
3
![Page 4: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/4.jpg)
Phishing
4
![Page 5: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/5.jpg)
Phishing
5
![Page 6: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/6.jpg)
Phishing
6
![Page 7: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/7.jpg)
Phishing
7
Efficient Compromise-Detection Campaigns
![Page 8: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/8.jpg)
Phishing
8
Personalized ControlsImmunization
Efficient Compromise-Detection Campaigns
![Page 9: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/9.jpg)
Phishing
9
Throttled OutboxDelayed Inbox
Personalized ControlsImmunization
Efficient Compromise-Detection Campaigns
![Page 10: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/10.jpg)
Predicting the vulnerable population
10
![Page 11: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/11.jpg)
Advantages of the proposed paradigm
11
● Proactive
● Targeted
● Efficient
● Robust
![Page 12: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/12.jpg)
Intermission
12
![Page 13: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/13.jpg)
Focus on detecting theattacks/attackers
Current Paradigm
13
![Page 14: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/14.jpg)
Problems with the current paradigm
14[SNS’11] Tao Stein, Erdong Chen, and Karan Mangla. 2011. Facebook immune system.
In Proceedings of the 4th Workshop on Social Network Systems (SNS'11). ACM, pp. 8, New York, NY, USA.
![Page 15: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/15.jpg)
Fake Accounts in OSNs
15
Enhanced Graph-Based Defences
Customized User Experience
Efficient Compromise-Detection Campaigns
![Page 16: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/16.jpg)
Íntegro: in a nutshell
16[ECS’16] Boshmaf, Y., Logothetis, D., Siganos, G., Lería, J., Lorenzo, J., Ripeanu, M., Beznosov, K., and Halawa, H. (2016).
Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs.
Elsevier Computers & Security. 61: 142-168.
![Page 17: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/17.jpg)
Íntegro: System Model
17[ECS’16] Boshmaf, Y., Logothetis, D., Siganos, G., Lería, J., Lorenzo, J., Ripeanu, M., Beznosov, K., and Halawa, H. (2016).
Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs.
Elsevier Computers & Security. 61: 142-168.
![Page 18: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/18.jpg)
Íntegro: Trust Propagation
18
[ECS’16] Boshmaf, Y., Logothetis, D., Siganos, G., Lería, J., Lorenzo, J., Ripeanu, M., Beznosov, K., and Halawa, H. (2016).
Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs.
Elsevier Computers & Security. 61: 142-168.
![Page 19: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/19.jpg)
Summary
19
![Page 20: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/20.jpg)
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Contact Email: [email protected] Web Site: http://netsyslab.ece.ubc.ca/wiki/index.php/Artemis
![Page 21: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/21.jpg)
Discussion Points
21
![Page 22: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/22.jpg)
Can the vulnerable population be identified?• Offline Worlds
• Online Worlds
• Our Experience
22
![Page 23: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/23.jpg)
Why an approach focused on the vulnerable population is a key defense element?• Similar dynamics to epidemics
• Cost of attack victim
• Multi-stage attacks
23
![Page 24: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/24.jpg)
Why does this approach have the potential to increase the robustness of existing defenses?• Current defenses are attack/attacker centric
• Based on attacker-controlled behavior/features
• Attackers can employ adversarial strategies
24
![Page 25: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/25.jpg)
Can the proposed approach improve the effectiveness of user education or security advice? • First line of defense
• Direct cost (attack) vs. Indirect cost (effort)
• Distribute cost proportional to user vulnerability
25
![Page 26: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/26.jpg)
Are there other domains that can benefit from the proposed approach?• Systems where users can make incorrect decisions
• Enterprise security and risk management
26
![Page 27: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/27.jpg)
Are there legal/ethical implications of the proposed approach?• Paternalism
• Fairness (Service Discrimination)
27
![Page 28: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/28.jpg)
What are some of the challenges that may prevent adopting this paradigm?• Feasibility to develop a vulnerable population classifier
• Inaccuracies in predicting the vulnerable population
• Some mitigation techniques may violate user expectations
• Targeted protection may be confusing / complex
28
![Page 29: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/29.jpg)
What are the categories of defenses enabled by adopting this paradigm?• Targeted protection
• Inferring the origin of attacks
29
![Page 30: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/30.jpg)
What is the relationship to our past work in this area?• Large-scale social-bot infiltration feasible
• Defense system leveraging the proposed paradigm
• Deployed at Telefonica’s OSN Tuenti (50 million+ users)
30
![Page 31: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/31.jpg)
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Contact Email: [email protected] Web Site: http://netsyslab.ece.ubc.ca/wiki/index.php/Artemis
![Page 32: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/32.jpg)
Backup Slides
32
![Page 33: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/33.jpg)
Malware Downloads
33
Temporal & Spatial Traffic Graph Analysis Captive Portals Honeypots
![Page 34: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/34.jpg)
Harvesting the Low-hanging Fruits:Defending Against Automated Large-Scale
Cyber-Intrusions by Focusing on the Vulnerable Population
Hassan Halawa 1, Konstantin Beznosov 1, Yazan Boshmaf 2,Baris Coskun 3, Matei Ripeanu 1, and Elizeu Santos-Neto 4
1 The University of British Columbia2 Qatar Computing Research Institute
3 Yahoo! Research4 Google, Inc.
Contact Email: [email protected] Web Site: http://netsyslab.ece.ubc.ca/wiki/index.php/Artemis
![Page 35: Harvesting the Low-hanging Fruits Defending Against ...matei/papers/nspw16slides.pdf · Íntegro: Leveraging Victim Prediction for Robust Fake Account Detection in Large Scale OSNs](https://reader034.vdocuments.net/reader034/viewer/2022052005/601882ef94a3de454f389c96/html5/thumbnails/35.jpg)
Thank You35
Questions?