Facebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers know their victims, and gain access to a victim’s account by interacting directly with their device. To characterize these attacks, we ran two MTurk studies. In the first study Continue reading
Category Archives: social networks security
Social Insider Attacks on Facebook
Sharing Health Information on Facebook Among Americans
Motivated by the benefits, people have used a variety of web-based services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active subscribers, has become a common place for sharing various types of HI. At the same time, Facebook was shown to be vulnerable to various attacks, resulting in unintended information disclosure, privacy invasion, and information misuse. As such, Facebook users face the dilemma of benefiting from HI sharing and risking their privacy. In this SOUPS ’16 paper, we report our investigation of HI sharing practices, preferences, and risk perceptions among US Facebook users. Continue reading
Improving Detection of OSN Fakes by Predicting Victims
LERSSE student Yazan Boshmaf (co-supervised with Matei Ripeanu) has presented at NDSS last part of his Ph.D. research, Integro. It helps OSNs detect automated fake accounts using a robust user ranking scheme. The key idea is based on an insight that victims, benign users who control real accounts and have befriended fakes, form a distinct classification category that is useful for designing robust detection mechanisms. As attackers have no control over victim accounts and cannot alter their activities, a victim account classifier which relies on user-level activities is relatively hard to circumvent. Moreover, as fakes are directly connected to victims, a fake account detection mechanism that integrates victim prediction into graph-level structures can be more robust against manipulations of the graph. Continue reading
What research do I really do?
My department has made a short introductory video-clip about my research group LERSSE. For those who won’t read papers but still want to get an idea about what kind of research my graduate students do, just sit back and enjoy this 3-minute long summary.
httpv://www.youtube.com/watch?v=mJMxjnwfe8U
If your bot friends are nicer and more interesting …
Credit: Palto/iStockphoto
Popular press continues to discuss research of my graduate students on Social BotNets. The most recent article (by Eagle Gamma) appeared in Infoworld in early April. Unlike earlier coverage, it discusses more recent work (Design and Analysis of a Social Botnet), in which an economic analysis of Social Botnet feasability and challenges for throttling them is discussed.
Project Presentations at Graduate Course in Security
Students in my graduate course on computer security are presenting their term papers on April 10. The topics vary from evaluation of Sybil detection mechanisms to detection of DDoS attacks on grid clusters. This mini-conference is open to public.
Teaching Security and Privacy in Online Social Networks
This term, I’m teaching a graduate seminar-based course on security and privacy in online social networks. Students in the course are reading, presenting, critiquing, and discussing most significant and most recent papers from top venues on the subject. They also do a project related to security and write a term paper based on it. More information about can be found at the course web site.
On vulnerability of Facebook users to social botnets
How likely for a Facebook user to accept a friendship request from a stranger (albeit a pretty/handsome one)? By how much do such chances correlate with “promiscuity” of the user in terms of FB friends? Can such requests be automated? What can an adversary gain from befriending users?
