Krishna P. Gummadi Networked Systems Research Group MPI-SWS

Slides:

Advertisements

Similar presentations

Defending against large-scale crawls in online social networks Mainack Mondal Bimal Viswanath Allen Clement Peter Druschel Krishna Gummadi Alan Mislove.

Advertisements

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

Λ14 Διαδικτυακά Κοινωνικά Δίκτυα και Μέσα Strong and Weak Ties Chapter 3, from D. Easley and J. Kleinberg book.

Analysis and Modeling of Social Networks Foudalis Ilias.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Based on chapter 3 in Networks, Crowds and markets (by Easley and Kleinberg) Roy Mitz Supervised by: Prof. Ronitt Rubinfeld November 2014 Strong and weak.

Ostra: Leveraging trust to thwart unwanted commnunication Alan Mislove Ansley Post Reter Druschel Krishna P. Gummadi.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Online Social Networks and Media. Graph partitioning The general problem – Input: a graph G=(V,E) edge (u,v) denotes similarity between u and v weighted.

Social Media Mining Chapter 5 1 Chapter 5, Community Detection and Mining in Social Media. Lei Tang and Huan Liu, Morgan & Claypool, September, 2010.

An Analysis of Social Network-Based Sybil Defenses Sybil Defender

Toward an Optimal Social Network Defense Against Sybil Attacks Haifeng Yu National University of Singapore Phillip B. Gibbons Intel Research Pittsburgh.

Qiang Cao Duke University

Enabling the Social Web Krishna P. Gummadi Networked Systems Group Max Planck Institute for Software Systems.

Flickr Information propagation in the Flickr social network Meeyoung Cha Max Planck Institute for Software Systems With Alan Mislove.

Haifeng Yu National University of Singapore

Sybil Attack Hyeontaek Lim November 12, 2010.

1 SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu Michael Kaminsky Phillip B. Gibbons Abraham Flaxman Presented by John Mak,

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

King : Estimating latency between arbitrary Internet end hosts Krishna Gummadi, Stefan Saroiu Steven D. Gribble University of Washington Presented by:

Measurement and Analysis of Online Social Networks By Alan Mislove, Massimiliano Marcon, Krishna P. Gummadi, Peter Druschel, Bobby Bhattacharjee Attacked.

Computing Trust in Social Networks

Defense: Knowledge Sharing and Yahoo Answers: Everyone Knows Something L. A. Adamic, et al.

Measurement and Analysis of Online Social Networks Alan Mislove,Massimiliano Marcon, Krishna P. Gummadi, Peter Druschel, Bobby Bhattacharjee Presented.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

1 Measurement and Analysis of Online Social Networks A. Mislove, M. Marcon, K Gummadi, P. Druschel, B. Bhattacharjee Presentation by Yong Wang (Defense.

SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation Michael Sirivianos Telefonica Research Telefonica Research Joint work with Kyungbaek.

Models of Influence in Online Social Networks

Modeling Information Diffusion in Networks with Unobserved Links Quang Duong Michael P. Wellman Satinder Singh Computer Science and Engineering University.

University of California at Santa Barbara Christo Wilson, Bryce Boe, Alessandra Sala, Krishna P. N. Puttaswamy, and Ben Zhao.

OSN Research As If Sociology Mattered Krishna P. Gummadi Networked Systems Research Group MPI-SWS.

Modeling Relationship Strength in Online Social Networks Rongjing Xiang: Purdue University Jennifer Neville: Purdue University Monica Rogati: LinkedIn.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

1 Computing with Social Networks on the Web (2008 slide deck) Jennifer Golbeck University of Maryland, College Park Jim Hendler Rensselaer Polytechnic.

Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.

WALKING IN FACEBOOK: A CASE STUDY OF UNBIASED SAMPLING OF OSNS junction.

Collusion-Resistance Misbehaving User Detection Schemes Speaker: Jing-Kai Lou 2015/10/131.

Protecting Sensitive Labels in Social Network Data Anonymization.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

To Blog or Not to Blog: Characterizing and Predicting Retention in Community Blogs Imrul Kayes 1, Xiang Zuo 1, Da Wang 2, Jacob Chakareski 3 1 University.

Uncovering Social Network Sybils in the Wild Zhi YangChristo WilsonXiao Wang Peking UniversityUC Santa BarbaraPeking University Tingting GaoBen Y. ZhaoYafei.

A Graph-based Friend Recommendation System Using Genetic Algorithm

Leveraging Social Networks to Defend against Sybil attacks Krishna Gummadi Networked Systems Research Group Max Planck Institute for Software Systems Germany.

Security Mechanisms for Distributed Computing Systems A9ID1007, Xu Ling Kobayashi Laboratory GSIS, TOHOKU UNIVERSITY 2011/12/15 1.

ICOM 6115: Computer Systems Performance Measurement and Evaluation August 11, 2006.

Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University SIGCOMM 2010 Presented by Junyao Zhang Many of the.

“SybilGuard: Defending Against Sybil Attacks via Social Networks” Authors: Haifeng Yu, Phillip B. Gibbons, and Suman Nath (several slides based on authors’)

Learning the Structure of Related Tasks Presented by Lihan He Machine Learning Reading Group Duke University 02/03/2006 A. Niculescu-Mizil, R. Caruana.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

Community Detection Algorithms: A Comparative Analysis Authors: A. Lancichinetti and S. Fortunato Presented by: Ravi Tiwari.

Socialbots and its implication On ONLINE SOCIAL Networks Md Abdul Alim, Xiang Li and Tianyi Pan Group 18.

DSybil: Optimal Sybil-Resistance for Recommendation Systems Haifeng Yu National University of Singapore Chenwei Shi National University of Singapore Michael.

1 Friends and Neighbors on the Web Presentation for Web Information Retrieval Bruno Lepri.

Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.

Social Networks and Peer to Peer As Presented by Jeremy Robinson 3/22/2007.

Privacy Preserving in Social Network Based System PRENTER: YI LIANG.

1 Discovering Web Communities in the Blogspace Ying Zhou, Joseph Davis (HICSS 2007)

Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.

GRAPH AND LINK MINING 1. Graphs - Basics 2 Undirected Graphs Undirected Graph: The edges are undirected pairs – they can be traversed in any direction.

Alan Mislove Bimal Viswanath Krishna P. Gummadi Peter Druschel.

On the State of OSN-based Sybil Defenses David Koll*, Jun Li^, Joshua Stein^ and Xiaoming Fu* *University of Göttingen, Germany ^University of Oregon,

Measuring the Mixing Time of Social Graphs Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim Computer Science and Engineering Department University of Minnesota.

Dieudo Mulamba November 2017

Statistical properties of network community structure

By group 3(not the ones who made the paper :D)

GANG: Detecting Fraudulent Users in OSNs

Social Network-Based Sybil Defenses

Presentation transcript:

Krishna P. Gummadi Networked Systems Research Group MPI-SWS The Sociology of Sybils: Understanding Social Network-based Sybil Defenses Krishna P. Gummadi Networked Systems Research Group MPI-SWS

Automated sybil attack on Youtube for $147! A fundamental problem in distributed systems Attacker creates many fake/sybil identities Many cases of real world attacks : Digg, Youtube Automated sybil attack on Youtube for $147!

Sybil defense Using a trusted central authority Not always desirable Tie identities to actual human beings Not always desirable Can be hard to find such authority Sensitive info may scare away users Potential bottleneck and target of attack Hard without a trusted central authority Impossible unless using special assumptions [Douceur ’02] Resource challenges using CPU, b.w., memory are not sufficient Adversary can have much more resources than typical user Need some resource that is hard to obtain in abundance Links in a social network?

Leveraging social networks: Basic insight Resource Constraint Bound on number of trust relationships between attackers and honest nodes Attacker cannot create arbitrarily large # of edges between honest nodes and Sybil identities Assumption: edges represent mutual trust E.g., colleagues, relatives in real-world Not online friends! honest nodes Sybil nodes

Several proposals to leverage social nets All rely on detecting the topological features resulting from the resource constraint SybilGuard [Sigcomm ’06] SybilLimit [Oakland S&P ’08] Ostra [NSDI ’08] SybilInfer [NDSS ’09] SumUp [NSDI ’09] Whanau [NSDI ’10] MobId [INFOCOM ’10]

Example: SybilGuard Cannot search for such a cut using brute-force The sub-graph of honest nodes is fast mixing Disproportionally small cut separating honest and Sybil nodes honest nodes sybil nodes Cannot search for such a cut using brute-force

How SybilGuard works: Random walk intersection Verifier accepts a suspect if the two routes intersect W.h.p., verifier’s route stays within honest region W.h.p., routes from two honest nodes intersect # of accepted Sybils < g*w g: # of attack edges w: random walk length Verifier Suspect honest nodes sybil nodes Random walk length w:

Another example: SumUp A Sybil resilient vote aggregator A central party collects all votes and the social graph Goal: extract a subset of votes include at most a few votes from Sybils include most votes from honest users

Step 1: Designate a vote collector

Step 2: Use max-flow to collect votes

Step 2: Use max-flow to collect votes

Step 3: Assign appropriate link capacities

Summary: Sybil defense schemes A number of Sybil schemes already proposed More with each passing conference All schemes rely on two common assumptions Honest nodes: they are fast mixing Sybils: they do not mix quickly with honest nodes But, each relies on its own graph analysis algorithm E.g., back-traceable random walk intersection, bayesian inference from modified random walks, max-flow between nodes, betweenness centrality of nodes

Problem with state of the art Fast mixing assumption provides little insight Into how the schemes work Or what structural properties affect their effectiveness Neither does the evaluation of the Sybil algorithms Lots of sensitive parameters that impact results Each scheme evaluated on different data sets Each scheme performs differently on different data sets Evaluations assume different adversarial models

Rest of the talk Investigate several unanswered questions: How do the different schemes compare against each other? Do they all find Sybils similarly? What types of network structures are vulnerable to Sybil attacks? How prevalent are such structures in real-world social networks? And discuss their implications

Results summary How do the different schemes compare against each other? Do they all find Sybils similarly? All Sybil schemes work by detecting tightly-knit node communities What types of network structures are vulnerable to Sybil attacks? When all honest nodes do not form a single cohesive community How prevalent are such structures in real-world social networks? Very prevalent! Real-world social communities have bounded size

Communities in social networks - maps well onto communities we think of - explain what proximity means - show links - plotted based on physics Group of users more densely connected than overall graph

Results summary How do the different schemes compare against each other? Do they all find Sybils similarly? All Sybil schemes work by detecting tightly-knit node communities What types of network structures are vulnerable to Sybil attacks? When all honest nodes do not form a single cohesive community How prevalent are such structures in real-world social networks? Very prevalent! Real-world social communities have bounded size

How Sybil defense schemes work At their core, Sybil schemes partition the network Into Sybils and non-Sybils Partitioning algorithms can be viewed as ranking nodes With a sliding cutoff determined by parameters

How Sybil defense schemes work Ranking is independent of an algorithm’s parameters Changing parameters yields different partitions

Comparing Sybil defense schemes Compare their node rankings at different partitionings How do the partitions formed by the first k nodes compare Metric: Mutual information [Strehl ’02] Varies between 0 and 1 0 => no correlation between the partitionings 1 => perfect match

Comparing Sybil defense schemes All Sybil schemes rank nodes in the local community before others No correlation between rankings within or outside local community Toy topology with two well defined communities

Comparing Sybil defense schemes Using a Facebook subgraph Nodes from local community ranked before others Little correlation between rankings within & outside the community

Comparing Sybil defense schemes Using an Astrophysicist network Nodes from local community ranked before others Little correlation between rankings within & outside the community

Summary: Comparing Sybil defense schemes All node rankings are biased towards decreasing conductance When multiple nodes are similarly well connected, their orderings can vary in different schemes Nodes in cohesive clusters around reference node are ranked before others in all schemes Sybil defense schemes are effectively detecting communities!

Rest of the talk Investigate several unanswered questions: How do the different schemes compare against each other? Do they all find Sybils similarly? All Sybil schemes work by detecting tightly-knit node communities What types of network structures are vulnerable to Sybil attacks? How prevalent are such structures in real-world social networks? And discuss their implications

What networks are vulnerable to Sybil attacks? When non-Sybils are divided into multiple communities Cannot tell apart Sybils & non-Sybils in a distant community Attackers can launch very effective targeted attacks

Do non-Sybils form multiple communities? Some real-world social networks have high modularity They exhibit well defined community structures

Are networks with stronger community structures more vulnerable? Yes! Networks with higher modularity are more susceptible to attacks Independent of the Sybil defense scheme used

Rest of the talk Investigate several unanswered questions: How do the different schemes compare against each other? Do they all find Sybils similarly? All Sybil schemes work by detecting tightly-knit node communities What types of network structures are vulnerable to Sybil attacks? When all honest nodes do not form a single cohesive community How prevalent are such structures in real-world social networks? And discuss their implications

How often do non-Sybils form one cohesive community? Traditional methodology: Analyze several real-world social network graphs Generalize the results to the universe of social networks A more scientific method: Leverage insights from sociological theories on communities Test if their predictions hold in online social networks And then generalize the findings

Group attachment theory Explains how humans join and relate to groups Common-identity based groups Membership based on self interest or ideology E.g., NRA, Greenpeace, and PETA Tend to be loosely-knit and less cohesive Common-bond based groups Membership based on inter-personal ties, e.g., family or kinship Tend to form tightly-knit communities within the network

Dunbar’s theory Limits the # of stable social relationships a user can have To less than a couple of hundred Linked to size of neo-cortex region of the brain Observed throughout history since hunter-gatherer societies Also observed repeatedly in studies of OSN user activity Users might have a large number of contacts But, regularly interact with less than a couple of hundred of them Limits the size of cohesive common-bond based groups

Prediction and implication Strongly cohesive communities in real-world social networks will be necessarily small No larger than a few hundred nodes! If true, it imposes a limit on the number of non-Sybils we can detect with high accuracy Will be problematic as social networks grow large

Verifying the prediction In all networks, groups larger than a few 100 nodes do not remain cohesive Small cohesive groups tend to be family and alumni groups Large groups are often on abstract topics like music or politics Real-world data sets analyzed

Rest of the talk Investigate several unanswered questions: How do the different schemes compare against each other? Do they all find Sybils similarly? All Sybil schemes work by detecting tightly-knit node communities What types of network structures are vulnerable to Sybil attacks? When all honest nodes do not form a single cohesive community How prevalent are such structures in real-world social networks? Very prevalent! Real-world social communities have bounded size And discuss their implications

Implications Fundamental limits on social network-based Sybil defenses Can reliably identify only a limited number of honest nodes In large networks, limits interactions to a small subset of honest nodes Might still be useful in certain scenarios, e.g., white listing email from friends Social network-based Sybil defense is a misnomer!

Future directions Leverage information beyond social network structure E.g., inter-user activity can reveal the strength of ties and help eliminate links to Sybils Move towards Sybil tolerance Rather than preventing users from creating multiple identities Focus on limiting privileges

Summary We discussed social network-based Sybil defenses Lots of proposed schemes, but little understanding Of how they compare with each other Or what structural properties impact them Or how well they would work in real-world social networks We found that Sybil schemes Work by effectively detecting communities Are vulnerable in networks with well defined community structures Can find only a limited number of trustworthy nodes in real-world Our findings suggest that we need to move beyond using only the social network to defend against Sybil attacks

Thanks! Questions? Acknowledgements: Joint work with Bimal Viswanath, Ansley Post, and Alan Mislove Thanks to Haifeng Yu and Nguyen Tran for illustrations of SybilGuard and SumUp Sybil defense schemes