An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

Slides:



Advertisements
Similar presentations
BellRigner – 1/30/2012 Match the graph to the function: f(x) = x 3 – 2x + 2 g(x) = -2x h(x) = x 4 – 2 i(x) = -x 3 – 1 A B C D.
Advertisements

©2011 1www.id-book.com Evaluation studies: From controlled to natural settings Chapter 14.
Analysis of Computer Algorithms
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Fundamental Relationship between Node Density and Delay in Wireless Ad Hoc Networks with Unreliable Links Shizhen Zhao, Luoyi Fu, Xinbing Wang Department.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Energy-Efficient Distributed Algorithms for Ad hoc Wireless Networks Gopal Pandurangan Department of Computer Science Purdue University.
Wireless Networks Should Spread Spectrum On Demand Ramki Gummadi (MIT) Joint work with Hari Balakrishnan.
Defending against large-scale crawls in online social networks Mainack Mondal Bimal Viswanath Allen Clement Peter Druschel Krishna Gummadi Alan Mislove.
An Alliance based Peering Scheme for P2P Live Media Streaming Darshan Purandare Ratan Guha University of Central Florida August 31, P2P-TV, Kyoto.
Sampling Research Questions
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Lecture 2 ANALYSIS OF VARIANCE: AN INTRODUCTION
Measurement and Analysis of Online Social Networks 1 A. Mislove, M. Marcon, K Gummadi, P. Druschel, B. Bhattacharjee Presentation by Shahan Khatchadourian.
ZMQS ZMQS
George Anadiotis, Spyros Kotoulas and Ronny Siebes VU University Amsterdam.
BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.
Purpose To create the distribution of contents from the unit three.
Environment-Aware Clock Skew Estimation and Synchronization for Wireless Sensor Networks Zhe Yang (UVic, Canada), Lin Cai (University of Victoria, Canada),
Configuration management
On Comparing Classifiers : Pitfalls to Avoid and Recommended Approach
Randomized Algorithms Randomized Algorithms CS648 1.
ABC Technology Project
1 Generating Network Topologies That Obey Power LawsPalmer/Steffan Carnegie Mellon Generating Network Topologies That Obey Power Laws Christopher R. Palmer.
INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.
A Survey of Web Cache Replacement Strategies Stefan Podlipnig, Laszlo Boszormenyl University Klagenfurt ACM Computing Surveys, December 2003 Presenter:
Taming User-Generated Content in Mobile Networks via Drop Zones Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Determining the Significant Aspects
Protecting Location Privacy: Optimal Strategy against Localization Attacks Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux,
Do you have the Maths Factor?. Maths Can you beat this term’s Maths Challenge?
Traditional IR models Jian-Yun Nie.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Chapter 5 Test Review Sections 5-1 through 5-4.
SIMOCODE-DP Software.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to 20.
25 seconds left…...
Music Recommendation by Unified Hypergraph: Music Recommendation by Unified Hypergraph: Combining Social Media Information and Music Content Jiajun Bu,
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
Week 1.
Chapter 10: The Traditional Approach to Design
Systems Analysis and Design in a Changing World, Fifth Edition
We will resume in: 25 Minutes.
Introduction to Ad-hoc & Sensor Networks Security In The Name of God ISC Student Branch in KNTU 4 th Workshop Ad-hoc & Sensor Networks.
Testing Hypotheses About Proportions
How Cells Obtain Energy from Food
CO-AUTHOR RELATIONSHIP PREDICTION IN HETEROGENEOUS BIBLIOGRAPHIC NETWORKS Yizhou Sun, Rick Barber, Manish Gupta, Charu C. Aggarwal, Jiawei Han 1.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Mike Fisher Royal Liverpool and Broadgreen University Hospitals NHS Trust 1.
Krishna P. Gummadi Networked Systems Research Group MPI-SWS
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
An Analysis of Social Network-Based Sybil Defenses Sybil Defender
Qiang Cao Duke University
Haifeng Yu National University of Singapore
Measurement and Analysis of Online Social Networks By Alan Mislove, Massimiliano Marcon, Krishna P. Gummadi, Peter Druschel, Bobby Bhattacharjee Attacked.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
OSN Research As If Sociology Mattered Krishna P. Gummadi Networked Systems Research Group MPI-SWS.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
Leveraging Social Networks to Defend against Sybil attacks Krishna Gummadi Networked Systems Research Group Max Planck Institute for Software Systems Germany.
Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University SIGCOMM 2010 Presented by Junyao Zhang Many of the.
Socialbots and its implication On ONLINE SOCIAL Networks Md Abdul Alim, Xiang Li and Tianyi Pan Group 18.
Privacy Preserving in Social Network Based System PRENTER: YI LIANG.
Measuring the Mixing Time of Social Graphs Abedelaziz Mohaisen, Aaram Yun, and Yongdae Kim Computer Science and Engineering Department University of Minnesota.
By group 3(not the ones who made the paper :D)
Social Network-Based Sybil Defenses
Presentation transcript:

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University SIGCOMM

2 Sybil attack Fundamental problem in distributed systems Attacker creates many fake identities (Sybils) Used to manipulate the system Many online services vulnerable Webmail, social networks, p2p Several observed instances of Sybil attacks Ex. Content voting tampered on YouTube, Digg

3 Sybil defense approaches Tie identities to resources that are hard to forge or obtain RESOURCE 1 Certification from trusted authorities Ex. Passport, social security numbers Users tend to resist such techniques RESOURCE 2 Resource challenges (e.g., cryptopuzzles) Vulnerable to attackers with significant resources Ex. Botnets, renting cloud computing resources RESOURCE 3 Links in a social network?

New approach: Use social networks Assumption: Links to good users hard to form and maintain Users mostly link to others they recognize Attacker can only create limited links to non-Sybil users 4 Leverage the topological feature introduced by sparse set of links

Social network-based schemes Very active area of research Many schemes proposed over past five years Examples: SybilGuard [SIGCOMM06] SybilLimit [Oakland S&P 08] SybilInfer [NDSS08] SumUp [NSDI09] Whanau [NSDI10] MOBID [INFOCOM10] 5

6 But, many unanswered questions All schemes make same assumptions Use only social network But, schemes work using different mechanisms Unclear relationship between schemes Is there a common insight across the schemes? Is there a common structural property these schemes rely on? Understanding relationship would help How well would these schemes work in practice? Are there any fundamental limitations of Sybil defense?

7 This talk Propose a methodology for comparing schemes Allows us to take closer look at how schemes are related Finding: All schemes work in a similar manner Despite different mechanisms Implications: Hidden dependence on network structure Understand the limitations of these schemes

8 How to compare schemes? Straightforward approach is to implement and compare Treat like a black-box But, only gives one point evaluation Output dependent on scheme-specific parameters We want to understand HOW schemes choose Sybils Interested in underlying graph algorithm Thus, we had to open up the black-box We analyze SybilGuard, SybilLimit, SumUp and SybilInfer

How do schemes work internally? Take in a social network and trusted node Declare Sybils from perspective of trusted node Internally, schemes assign probability to nodes Likelihood of being a Sybil Leverage this to compare schemes? View schemes as inducing ranking on nodes Easier to compare rankings than full schemes 9

How do the rankings compare? 10 All schemes observed to have distinct cut-off point What is going on at this cut-off point? Cut-off

Where do the rankings match? The cut-off point at the boundary of the local community Around the trusted node Community well-defined in paper Roughly, set of nodes more tightly knit than surrounding graph 11

12 Cut-off Partition similarity (higher is better) Community Strength (lower is better) Investigating the cut-off point Peak in similarly corresponds to boundary of local community Details, more results in paper

13 Common insight across schemes All schemes are effectively detecting communities Nodes in the local community are ranked higher Ranking within and outside community in no particular order

Implications

Leveraging community detection Community detection is a well-studied topic Wealth of algorithms available Can leverage existing work on community detection To design new approaches to detect Sybils Also, better understand the limitations 15

What are the limitations? Recall, schemes effectively finding local communities Suggests dependence on graph structural properties Size, location, characteristics of local community Explore two implications: IMPLICATION 1 Are certain network structures more vulnerable? IMPLICATION 2 What happens if the attacker knows this? Are more intelligent attacks possible? 16

Certain network structures vulnerable? Increasing community structure of honest region Hypothesis: Community structure makes identifying Sybils harder 17

Testing community structure hypothesis Selected eight real-world networks Online social networks: Facebook (2) Collaboration networks: Advogato, Wikipedia, co-authorship Communication networks: Simulated attack by consistently adding Sybils Similar strength attacker, despite different network sizes 5% attack links, 25% Sybil nodes Measure accuracy using ranking Accuracy: Probability Sybils ranked lower than non-Sybils Fair comparison across schemes, networks 18

Impact of community structure? More community structure makes Sybils indistinguishable Amount of community structure (modularity) (higher is more community structure) Accuracy (higher is better) 19

Can attacker exploit this dependence? Attackers goal is to be higher up in the rankings Increases likelihood of being accepted Existing Sybil schemes tested with random attackers Links placed to random non-Sybils What happens if attacker given slightly more power? 20

Hypothesis: Closer links makes Sybils harder to detect Changing attacker strength 21 Links placed closer to trusted node

Testing strong attacker hypothesis Simulated attack by consistently adding Sybils Same strength as before Allow attacker more flexibility in link placement Place links randomly among top N nodes; vary N Lower N represents more control Present results on the Facebook network Tested other networks as well What happens as Sybils given more control? 22

Impact of targeted links? 23 Accuracy (higher is better) Control over link placement (higher is more control over placement) Attack becomes much more effective Sybils ranked higher than non-Sybils (accuracy << 0.5)

Summary Many social network-based Sybil defense schemes proposed All use very different mechanisms Hard to understand relationship, fundamental insight Are they doing the same thing? Developed methodology to compare schemes Found they are all detecting local communities Significant implications of this finding Can leverage community detection for Sybil defense Certain networks more difficult to defend Attacker can exploit this to spend effort more wisely 24

Moving forward Is social network-based Sybil defense always practical? Certain real networks have significant communities Could be still useful for white-listing small number of nodes Is more information beyond graph structure helpful? More information about Sybil/non-Sybil nodes is useful Other information from higher layers eg. interaction 25

Questions? Thank You!