Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University

Published byLaurence Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University"— Presentation transcript:

1 Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University cbw@ccs.neu.edu

2  We tend to think of spam as “low quality”  What about high quality spam and Sybils? High Quality Sybils and Spam 2 Christo Wilson MaxGentleman is the bestest male enhancement system avalable. http://cid-ce6ec5.space.live.com/http://cid-ce6ec5.space.live.com/ FAKE Stock Photographs

3 3

4 Black Market Crowdsourcing 4  Large and profitable  Growing exponentially in size and revenue in China  $1 million per month on just one site  Cost effective: $0.21 per click  Starting to grow in US and other countries  Mechanical Turk, Freelancer  Twitter Follower Markets  Huge problem for existing security systems  Little to no automation to detect  Turing tests fail

5 Crowdsourcing Sybil Defense  Defenders are losing the battle against OSN Sybils  Idea: build a crowdsourced Sybil detector  Leverage human intelligence  Scalable  Open Questions  How accurate are users?  What factors affect detection accuracy?  Is crowdsourced Sybil detection cost effective? 5

6 User Study  Two groups of users  Experts – CS professors, masters, and PhD students  Turkers – crowdworkers from Mechanical Turk and Zhubajie  Three ground-truth datasets of full user profiles  Renren – given to us by Renren Inc.  Facebook US and India Crawled Legitimate profiles – 2-hops from our profiles Suspicious profiles – stock profile images Banned suspicious profiles = Sybils 6 Stock Picture Also used by spammers

7 7 Progress Classifying Profiles Browsing Profiles Screenshot of Profile (Links Cannot be Clicked) Real or fake?Why? Navigation Buttons Testers may skip around and revisit profiles

8 Experiment Overview Dataset# of ProfilesTest Group# of Testers Profile per Tester SybilLegit. Renren100 Chinese Expert24100 Chinese Turker41810 Facebook US 3250 US Expert4050 US Turker29912 Facebook India 5049 India Expert20100 India Turker34212 8 Crawled Data Data from RenrenFewer Experts More Profiles for Experts

9 Individual Tester Accuracy 9 Not so good :( Experts prove that humans can be accurate Turkers need extra help… Awesome! 80% of experts have >90% accuracy! Awesome! 80% of experts have >90% accuracy!

10 Accuracy of the Crowd  Treat each classification by each tester as a vote  Majority makes final decision 10 DatasetTest Group False Positives False Negatives Renren Chinese Expert0%3% Chinese Turker0%63% Facebook US US Expert0%10% US Turker2%19% Facebook India India Expert0%16% India Turker0%50% Almost Zero False Positives Experts Perform Okay Turkers Miss Lots of Sybils False positive rates are excellent Turkers need extra help against false negatives What can be done to improve accuracy?

11 How Many Classifications Do You Need? 11 China India US False Negatives False Positives Only need a 4-5 classifications to converge Few classifications = less cost

12 Eliminating Inaccurate Turkers 12 Dramatic Improvement Most workers are >40% accurate From 60% to 10% False Negatives Only a subset of workers are removed (<50%) Getting rid of inaccurate turkers is a no-brainer

13 How to turn our results into a system? 13 1. Scalability  OSNs with millions of users 2. Performance  Improve turker accuracy  Reduce costs 3. Privacy  Preserve user privacy when giving data to turkers

14 14 Social Network Heuristics User Reports Suspicious Profiles All Turkers Experts Turker Selection Accurate Turkers Very Accurate Turkers Sybils System Architecture Filtering Layer Crowdsourcing Layer Filter Out Inaccurate Turkers Maximize Usefulness of High Accuracy Turkers Rejected! Leverage Existing Techniques Help the System Scale Leverage Existing Techniques Help the System Scale ? Continuous Quality Control Locate Malicious Workers Continuous Quality Control Locate Malicious Workers

15 Trace Driven Simulations  Simulate 2000 profiles  Error rates drawn from survey data  Vary 4 parameters 15 Accurate Turkers Very Accurate Turkers Classifications Controversial Range Results Average 6 classifications per profile <1% false positives <1% false negatives 2 2 5 5 90% 20-50% Results++ Average 8 classifications per profile <0.1% false positives <0.1% false negatives Threshold

16 Estimating Cost  Estimated cost in a real-world social networks: Tuenti  12,000 profiles to verify daily  14 full-time employees  Minimum wage ($8 per hour)  $890 per day  Crowdsourced Sybil Detection  20sec/profile, 8 hour day  50 turkers  Facebook wage ($1 per hour)  $400 per day  Cost with malicious turkers  Estimate that 25% of turkers are malicious  63 turkers  $1 per hour  $504 per day 16

17 Takeaways 17  Humans can differentiate between real and fake profiles  Crowdsourced Sybil detection is feasible  Designed a crowdsourced Sybil detection system  False positives and negatives <1%  Resistant to infiltration by malicious workers  Sensitive to user privacy  Low cost  Augments existing security systems

18 Questions? 18

19 Survey Fatigue 19 US Experts US Turkers No fatigue Fatigue matters All testers speed up over time

20 Sybil Profile Difficulty 20 Experts perform well on most difficult Sybils Really difficult profiles Some Sybils are more stealthy Experts catch more tough Sybils than turkers

21 Preserving User Privacy 21  Showing profiles to crowdworkers raises privacy issues  Solution: reveal profile information in context ! Crowdsourced Evaluation ! Public Profile Information Friend-Only Profile Information Friends

Download ppt "Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University"

Similar presentations

Securing your Social Networking Profile Presented by: Kevin O'Brien Division of IT SF State.

Securing your Social Networking Profile Presented by: Kevin O'Brien Division of IT SF State.
Defending against large-scale crawls in online social networks Mainack Mondal Bimal Viswanath Allen Clement Peter Druschel Krishna Gummadi Alan Mislove.

Defending against large-scale crawls in online social networks Mainack Mondal Bimal Viswanath Allen Clement Peter Druschel Krishna Gummadi Alan Mislove.
Rewarding Crowdsourced Workers Panos Ipeirotis New York University and Google Joint work with: Jing Wang, Foster Provost, Josh Attenberg, and Victor Sheng;

Rewarding Crowdsourced Workers Panos Ipeirotis New York University and Google Joint work with: Jing Wang, Foster Provost, Josh Attenberg, and Victor Sheng;
RB-Seeker: Auto-detection of Redirection Botnet Presenter: Yi-Ren Yeh Authors: Xin Hu, Matthew Knysz, Kang G. Shin NDSS 2009 The slides is modified from.

RB-Seeker: Auto-detection of Redirection Botnet Presenter: Yi-Ren Yeh Authors: Xin Hu, Matthew Knysz, Kang G. Shin NDSS 2009 The slides is modified from.
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2010/12/06 1.

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2010/12/06 1.
Qiang Cao Duke University

Qiang Cao Duke University
ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.

ABUSING BROWSER ADDRESS BAR FOR FUN AND PROFIT - AN EMPIRICAL INVESTIGATION OF ADD-ON CROSS SITE SCRIPTING ATTACKS Presenter: Jialong Zhang.
Machine Learning and Data Mining Course Summary. 2 Outline  Data Mining and Society  Discrimination, Privacy, and Security  Hype Curve  Future Directions.

Machine Learning and Data Mining Course Summary. 2 Outline  Data Mining and Society  Discrimination, Privacy, and Security  Hype Curve  Future Directions.
AdaBoost & Its Applications

AdaBoost & Its Applications
Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,

Design and Evaluation of a Real- Time URL Spam Filtering Service Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, Dawn Song University of California,
Face detection Many slides adapted from P. Viola.

Face detection Many slides adapted from P. Viola.
Enabling the Social Web Krishna P. Gummadi Networked Systems Group Max Planck Institute for Software Systems.

Enabling the Social Web Krishna P. Gummadi Networked Systems Group Max Planck Institute for Software Systems.
Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,

Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang.  Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication,
You Are How You Click Clickstream Analysis for Sybil Detection Gang Wang, Tristan Konolige, Christo Wilson †, Xiao Wang ‡ Haitao Zheng and Ben Y. Zhao.

You Are How You Click Clickstream Analysis for Sybil Detection Gang Wang, Tristan Konolige, Christo Wilson †, Xiao Wang ‡ Haitao Zheng and Ben Y. Zhao.
Final Project: Project 9 Part 1: Neural Networks Part 2: Overview of Classifiers Aparna S. Varde April 28, 2005 CS539: Machine Learning Course Instructor:

Final Project: Project 9 Part 1: Neural Networks Part 2: Overview of Classifiers Aparna S. Varde April 28, 2005 CS539: Machine Learning Course Instructor:
UPM, Faculty of Computer Science & IT, 2009 1 A robust automated attendance system using face recognition techniques PhD proposal; May 2009 Gawed Nagi.

UPM, Faculty of Computer Science & IT, A robust automated attendance system using face recognition techniques PhD proposal; May 2009 Gawed Nagi.
Face detection and recognition Many slides adapted from K. Grauman and D. Lowe.

Face detection and recognition Many slides adapted from K. Grauman and D. Lowe.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
GAYATRI SWAMYNATHAN, CHRISTO WILSON, BRYCE BOE, KEVIN ALMEROTH AND BEN Y. ZHAO UC SANTA BARBARA Do Social Networks Improve e-Commerce? A Study on Social.

GAYATRI SWAMYNATHAN, CHRISTO WILSON, BRYCE BOE, KEVIN ALMEROTH AND BEN Y. ZHAO UC SANTA BARBARA Do Social Networks Improve e-Commerce? A Study on Social.
Fighting Fire With Fire: Crowdsourcing Security Threats and Solutions on the Social Web Gang Wang, Christo Wilson, Manish Mohanlal, Ben Y. Zhao Computer.

Fighting Fire With Fire: Crowdsourcing Security Threats and Solutions on the Social Web Gang Wang, Christo Wilson, Manish Mohanlal, Ben Y. Zhao Computer.

Similar presentations

Ads by Google