ELIZA—a computer program for the study of natural language communication between man and machine
Communications of the ACM
Chord: a scalable peer-to-peer lookup protocol for internet applications
IEEE/ACM Transactions on Networking (TON)
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
The sybil attack in sensor networks: analysis & defenses
Proceedings of the 3rd international symposium on Information processing in sensor networks
Monte Carlo Statistical Methods (Springer Texts in Statistics)
Monte Carlo Statistical Methods (Springer Texts in Statistics)
Hacking human: data-archaeology and surveillance in social networks
ACM SIGGROUP Bulletin - Special issue on virtual communities
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
SybilGuard: defending against sybil attacks via social networks
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
A face(book) in the crowd: social Searching vs. social browsing
CSCW '06 Proceedings of the 2006 20th anniversary conference on Computer supported cooperative work
Communications of the ACM
Measurement and analysis of online social networks
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
A model of a trust-based recommendation system on a social network
Autonomous Agents and Multi-Agent Systems
Planetary-scale views on a large instant-messaging network
Proceedings of the 17th international conference on World Wide Web
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Photo-based authentication using social networks
Proceedings of the first workshop on Online social networks
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
The Venn of Identity: Options and Issues in Federated Identity Management
IEEE Security and Privacy
Friendstore: cooperative online backup using trusted nodes
Proceedings of the 1st Workshop on Social Network Systems
Social networks and context-aware spam
Proceedings of the 2008 ACM conference on Computer supported cooperative work
Changes in use and perception of facebook
Proceedings of the 2008 ACM conference on Computer supported cooperative work
User interactions in social networks and their implications
Proceedings of the 4th ACM European conference on Computer systems
Research ethics in the facebook era: privacy, anonymity, and oversight
CHI '09 Extended Abstracts on Human Factors in Computing Systems
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
Mining (Social) Network Graphs to Detect Random Link Attacks
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Sybil-resilient online content voting
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Can Friends Be Trusted? Exploring Privacy in Online Social Networks
ASONAM '09 Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining
Towards Automating Social Engineering Using Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
CAPTCHA smuggling: hijacking web browsing sessions to create CAPTCHA farms
Proceedings of the 2010 ACM Symposium on Applied Computing
Walking in facebook: a case study of unbiased sampling of OSNs
INFOCOM'10 Proceedings of the 29th conference on Information communications
An analysis of social network-based Sybil defenses
Proceedings of the ACM SIGCOMM 2010 conference
Honeybot, your man in the middle for automated social engineering
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
@spam: the underground on 140 characters or less
Proceedings of the 17th ACM conference on Computer and communications security
iFriendU: leveraging 3-cliques to enhance infiltration attacks in online social networks
Proceedings of the 17th ACM conference on Computer and communications security
A survey of DHT security techniques
ACM Computing Surveys (CSUR)
Social network-based botnet command-and-control: emerging threats and countermeasures
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Detecting spammers on social networks
Proceedings of the 26th Annual Computer Security Applications Conference
Truthy: mapping the spread of astroturf in microblog streams
Proceedings of the 20th international conference companion on World wide web
Detecting and analyzing automated activity on twitter
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Proceedings of the 4th Workshop on Social Network Systems
Limiting large-scale crawls of social networking sites
Proceedings of the ACM SIGCOMM 2011 conference
Reverse social engineering attacks in online social networks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Dirty jobs: the role of freelance labor in web service abuse
SEC'11 Proceedings of the 20th USENIX conference on Security
Show me the money: characterizing spam-advertised revenue
SEC'11 Proceedings of the 20th USENIX conference on Security
Sybil defenses via social networks: a tutorial and survey
ACM SIGACT News
Stegobot: a covert social network botnet
IH'11 Proceedings of the 13th international conference on Information hiding
Analyzing facebook privacy settings: user expectations vs. reality
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Uncovering social network sybils in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Aiding the detection of fake accounts in large scale social online services
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Key challenges in defending against malicious socialbots
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Computer Networks: The International Journal of Computer and Telecommunications Networking
Graph-based Sybil detection in social and information systems
Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
Hi-index | 0.00 |
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today's underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.