Socialbots and its implication On ONLINE SOCIAL Networks

Md Abdul Alim, Xiang Li and Tianyi Pan

Group 18

Outline

2

Overview of socialbot

How socialbots spreads dangers

Impacts of socialbots

Infiltration mechanism: a case study

Socialbots Detection

Overview

A socialbot is apiece of softwarethat controls a useraccount in an onlinesocial network andpasses itself of as ahuman being

3

The dangers of socialbots

Harvest private userdata

Socialbots can beused to collectorganizational data

Online surveillance

Profiling

Datacommoditization

4

Contd.

Spread misinformation

OSNs are attractive medium for abusive content and Socialbots take advantage of it

Propagate propaganda

Political astroturfing

Bias public opinion

Influence user perception

5

Contd.

Malware infection

Infect computersand use it for DDoS

Social spamming

Fraudulentactivities

6

Impact of socialbots

OSNs are growing source of income foradvertisers, investors, developers

Inaccurate representation of actual users in OSNsseverely impact the revenue of dependent businesses

7

Boshmaf et. al (2011) showed that Facebookcan be infiltrated by socialbots sending friendrequests. Average reported acceptance rate:

35.7% up to 80% depending on how manymutual friends the social bots had with theinfiltrated users

Impact of socialbots (contd.)

8

Socialbots: a case study

Elyashar et al. (2013) performed a social study forinfiltrating specific users in targetedorganizations using socialbots

Technology oriented organizations were chosento emphasize the vulnerability of users in OSNs

Employees of these organization should be moreaware of the dangers of exposing private information

An infiltration is defined as accepting a Socialbot's friend request. Upon accepting a Socialbot's friend request, users unknowingly expose information about themselves and their workplace which leads to security compromise

9

Socialbot: infiltration mechanism

OSN: Facebook

Target Organization: 3 [selected by the authors, notdisclosed]

Targeted users: 10

Socialbot: one socialbot per organization

Idea is to send friend requests to all specific users' mutual friends who worked or work in the same targeted organization. The rationale behind this idea was to gain as many mutual friends as possible and through this act increase the probability that our friend requests will be accepted by the targeted users.

10

Steps: infiltration mechanism

1. Step1:

crawl on targeted organizations to gather public informationregarding its employees who have a Facebook user accountand declared that they work or worked in the targetedorganizations

2. Step2:

Choose 10 users randomly to be a target for infiltration

3. Step3:

Increase credibility of the socialbot: Send friend request torandom users each of them having more than 1000 friendregardless of organization.

4. Step4:

After socialbot has 50 friends, send friend request to targetedusers’ mutual friends

11

Algorithm: infiltration mechanism

12

Result of the study

13

Socialbot 1 in Organization 1 succeeded to accumulate50% of the targeted users

Socialbot 2 in Organization 2 succeeded to accumulate70% of the targeted users

Results for two organization

How to detect the socialbots?

14

Socialbot Detection

Existing Detection Methods

Feature-based detection

15

Feature-based Detection

16

Relies on user-level activities and its account details

Uses machine learning techniques to classify accounts (fake or real)

For the attacker: relatively easy to circumvent

Mimic real users!

Only 20% of fake accounts are detected by this method. (Boshmaf et. al 2011)

Existing Detection Methods

Feature-based detection

Graph-based detection

17

Graph-based Detection

18

Rank nodes based on landing probability of short random walks, started from trusted nodes.

Graph-based Detection

19

Perform cut based on node ranking

Graph-based Detection

Assumption: social infiltration on a large scale is infeasible

20

Not always true!

(Pic from Boshmaf et. al 2011)

Graph-based Detection

21

Solution: Integro (Boshmaf et. al 2015 )

Find potential victims

Machine learning method (random forests)

Assign each node a probability of being a victim

Create weighted graph & choose trusted nodes

Decide edge weights based on their incident nodes’ victim probability

The higher the probability, the lower the weight

Community based trusted nodes selection

Rank nodes based on short random walks in the weighted graph

22

Integro

23

Integro

24

Integro

25

Find Potential Victims

Random Forest Learning method

Decision tree based learning

Separate the dataset to subsets and use a decision tree for each dataset

Cross-validation method

Chop the dataset into 10 equally sized sets

RF method on 9 sets

Use the remaining one for testing

26

Create Weighted Graph & Choose Trusted Nodes

Assign weight based on victim probability

Choose trusted nodes

Detect communities by the Louvain method

Randomly pick a small set of nodes from each community

Manual verification of the selected nodes

27

Rank Nodes Based on Short Random Walks

Trust propagation process

Stop after log 𝑛 rounds

Rank nodes by in descending order

28

Experiments

Datasets

Labeled feature vectors (for learning)

8.8K public Facebook profiles (32% victims)

60K full Tuenti profiles (50% victims)

Graph samples (for detection)

Snapshot of Tuenti’s daily active user graph on Feb. 6 2014

29

Feature Vector

30

Experiment Results

Precision (In Tuenti)

31

Experiment Results

Scalability (In small-world graphs)

32

RF Ranking

What else can be done?

Stop fake accounts at the time they are created?

Fake accounts send random friend requests at the time they are created

It is abnormal when the friends of a real person all belong to different communities

Methods other than random walk to cut the graph?

Current random walk method is limited to undirected graphs

33

34

Questions?

35

Thank you!