Category Archives: social networks security

Social Insider Attacks on Facebook

Facebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers know their victims, and gain access to a victim’s account by interacting directly with their device. To characterize these attacks, we ran two MTurk studies. In the first study Continue reading

Sharing Health Information on Facebook Among Americans


Motivated by the benefits, people have used a variety of web-based services to share health information (HI) online. Among these services, Facebook, which enjoys the largest population of active subscribers, has become a common place for sharing various types of HI. At the same time, Facebook was shown to be vulnerable to various attacks, resulting in unintended information disclosure, privacy invasion, and information misuse. As such, Facebook users face the dilemma of benefiting from HI sharing and risking their privacy. In this SOUPS ’16 paper, we report our investigation of HI sharing practices, preferences, and risk perceptions among US Facebook users. Continue reading

Improving Detection of OSN Fakes by Predicting Victims


LERSSE student Yazan Boshmaf (co-supervised with Matei Ripeanu) has presented at NDSS last part of his Ph.D. research, Integro. It helps OSNs detect automated fake accounts using a robust user ranking scheme. The key idea is based on an insight that victims, benign users who control real accounts and have befriended fakes, form a distinct classification category that is useful for designing robust detection mechanisms. As attackers have no control over victim accounts and cannot alter their activities, a victim account classifier which relies on user-level activities is relatively hard to circumvent. Moreover, as fakes are directly connected to victims, a fake account detection mechanism that integrates victim prediction into graph-level structures can be more robust against manipulations of the graph. Continue reading

What research do I really do?

My department has made a short introductory video-clip about my research group LERSSE. For those who won’t read papers but still want to get an idea about what kind of research my graduate students do, just sit back and enjoy this 3-minute long summary.

If your bot friends are nicer and more interesting …

Credit: Palto/iStockphoto

Credit: Palto/iStockphoto

Popular press continues to discuss research of my graduate students on Social BotNets. The most recent article (by Eagle Gamma) appeared in Infoworld in early April. Unlike earlier coverage, it discusses more recent work (Design and Analysis of a Social Botnet), in which an economic analysis of Social Botnet feasability and challenges for throttling them is discussed.

Continue reading

Project Presentations at Graduate Course in Security


Students in my graduate course on computer security are presenting their term papers on April 10. The topics vary from evaluation of Sybil detection mechanisms to detection of DDoS attacks on grid clusters. This mini-conference is open to public.

Teaching Security and Privacy in Online Social Networks


This term, I’m teaching a graduate seminar-based course on security and privacy in online social networks. Students in the course are reading, presenting, critiquing, and discussing most significant and most recent papers from top venues on the subject. They also do a project related to security and write a term paper based on it. More information about can be found at the course web site.

On vulnerability of Facebook users to social botnets

How likely for a Facebook user to accept a friendship request from a stranger (albeit a pretty/handsome one)? By how much do such chances correlate with “promiscuity” of the user in terms of FB friends? Can such requests be automated? What can an adversary gain from befriending users?

Continue reading