Weak Identities in Social Computing Systems

Weak Identities in Social Computing Systems
Slide Note
Embed
Share

Social computing systems rely on weak identity infrastructures, leaving them susceptible to Sybil attacks where fake identities manipulate popularity and information. This growing menace poses threats to online platforms like Facebook, Twitter, YouTube, Reddit, Yelp, and more.

  • Social Computing
  • Weak Identities
  • Sybil Attacks
  • Online Platforms
  • Manipulation
annelyst
annelyst Follow

Uploaded on Mar 10, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. On the Strength of Weak Identities in Social Computing Systems Krishna P. Gummadi Max Planck Institute for Software Systems 1

  2. Social computing systems Online systems that allow people to interact Examples: Social networking sites: Facebook, Goolge+ Blogging sites: Twitter, LiveJournal Content-sharing sites: YouTube, Flickr Social bookmarking sites: Delicious, Reddit Crowd-sourced opinions: Yelp, eBay seller ratings Peer-production sites: Wikipedia, AMT Distributed systems of people

  3. The Achilles Heel of Social Computing Systems

  4. Identity infrastructures Most platforms use a weak identity infrastructure Weak identity infrastructure: No verification by trusted authorities required. Fill up a simple profile to create account Pros: Provides some level of anonymity Low entry barrier Cons: Lack accountability Vulnerable to fake (Sybil) id attacks

  5. Sybil attacks: Attacks using fake identities Fundamental problem in systems with weak user ids Numerous real-world examples: Facebook: Fake likes and ad-clicks for businesses and celebrities Twitter: Fake followers and tweet popularity manipulation YouTube, Reddit: Content owners manipulate popularity Yelp: Restaurants buy fake reviews AMT, freelancer: Offer Sybil identities to hire

  6. Sybil attacks are a growing menace There is an incentive to manipulate popularity of ids and information

  7. The emergence of Abuse-As-A-Service

  8. Sybil identities are a growing menace 40% of all newly created Twitter ids are fake!

  9. Sybil identities are a growing menace 50% of all newly created Yelp ids are fake!

  10. The Strength of Weak Identities

  11. Strength of a weak identity Effort needed to forge the weak identity Weak ids come with zero external references Strength is the effort needed to forge ids activities And thereby, the ids reputation Idea: Could we measure ids strength by their blackmarket prices?

  12. Domain Price range per account ($) 0.003 to 0.45 0.01 to 0.375 0.010 to 1 0.05 to 0.5 0.033 to 0.67 0.05 to 0.5 0.10 to 2.50 Median price per account ($) 0.013 0.038 0.093 0.103 0.145 0.250 0.515 Domain Reputation Measure aged 2.5 years aged 4 years 100+ followers 300+ followers 200+ real/ active followers aged 1.5 years aged 4 years 1000 real/ active friends 5000 real/ active friends Price range per account($) 0.25 1 0.5 1 5 5 to 6 15 to 16 30 150 Hotmail Yahoo Twitter Pinterest Google LinkedIn Facebook Twitter Twitter Twitter Twitter Twitter Facebook Facebook Facebook Facebook Table 1: Black market prices of Sybils (without any particular reputation). Table 2: Black market prices of Sybil identities with different levels of reputation. fort it takes to create and groom them. We manually collect price information from 8 black-market services that we found via google search, using queries such as Buy Facebook accounts . They include services such as Fiverr [10] and Blackhatworld [8]. While most of the pricing data was obtained by following the links from thetop Googlesearch results, for oneof theblack- market service, Fiverr, we had to issue an additional search query in their service to obtain pricing informa- tion. ings related to two domains (Twitter and Facebook) at specific reputation levels (e.g. accounts with different ages and different numbers of friends and followers) in the 8 black-market sites. We show this pricing data for Twitter and Facebook identities at varying reputation levels in Table 2. As expected, accounts with higher reputation have prices higher than accounts with no particular reputation (the ones in Table 1). For exam- ple, on Twitter an account that is aged 4 yearscosts$1 whilean account that wasjust created costs$0.01. It is further possible to buy accounts with more specialized reputation signals or simply buy reputation for an ac- count already owned [26]. Thesefindingsshow that it is possibleto obtain pricing information for accountswith different levels of grooming on current black-markets, and that prices reflect the level of grooming. 3.2.1 Table1showsthecomparativepricesof identitiesacross different open domainsaggregated from all the8 black- market sites mentioned previously. For each domain, we were able to identify offers by at least 7 different sellers, covering at least 3 of the black-market services. For each domain, we rely on the median price to avoid outliers.2We can see that an identity on Google costs 11 times more than an identity on Hotmail based on the median price. To further check if prices reflect to a certain extent the effort needed to create the accounts, we tried to create multiple Google and Hotmail identi- ties from a single IP address. After creating 2 identi- ties, Googleenforced phoneverification for creating the third identity. Hotmail on theother hand, allowed usto create4 identitieswithout phoneverification, beforeen- forcingadaily limit on identity creation. Thedaily limit of Hotmail was lifted the next day from the same IP, whileon theother hand Googlepersisted with askingfor phone verification. Thus, it appears that attackers can easily create more identities on Hotmail than Google which is reflected in the price. These results show that we can measure the relative trustworthiness of identi- ties coming from different domains using black-market pricing data. Comparingidentitiesacrossdifferent domains Case study: Inferring trust using black- market prices We now present preliminary results from a case study of Pinterest [36] which isa social network that letsusers share and discover content in a visual manner via pins (which areacombination of an image, text and a URL). We try to understand if black-market prices provide a good estimate of trustworthiness of identities in Pin- terest. First, we need ground-truth information about (un)trustworthiness of Pinterest identities. We rely on a signal provided by Pinterest to identify untrustworthy identities Pinterest tends to block pins that point to suspiciousdomains. In our dataset of 1.17million users, we had 48,496 users who had at least one pin blocked. To eliminatefalsepositives, weconsider 2,062 Pinterest identities that have more than 50 pins blocked as un- trustworthy giving us ground-truth information about trustworthiness of identities. Pinterest allowsuserstocreatean identity usingtheir Facebook, Twitter or email accounts. From section 3.2.1, we know the black-market prices of identities on Face- book, Twitter and other email domains. We find that a vast majority (74%) of of untrustworthy Pinterest accounts are created using email domains, while only 18.2% and 5.4% accounts were created using Twitter 3.3 3.2.2 Next we show that the prices of identities within a sin- gle domain are not the same and that it depends on the grooming level. We manually looked for job post- Comparingidentitieswithinasingledomain 2It ispossiblethat therearefraudulent sellers who advertise a cheap price and do not deliver on their promise.

  13. Domain Price range per account ($) 0.003 to 0.45 0.01 to 0.375 0.010 to 1 0.05 to 0.5 0.033 to 0.67 0.05 to 0.5 0.10 to 2.50 Median price per account ($) 0.013 0.038 0.093 0.103 0.145 0.250 0.515 Domain Reputation Measure aged 2.5 years aged 4 years 100+ followers 300+ followers 200+ real/ active followers aged 1.5 years aged 4 years 1000 real/ active friends 5000 real/ active friends Price range per account($) 0.25 1 0.5 1 5 5 to 6 15 to 16 30 150 Hotmail Yahoo Twitter Pinterest Google LinkedIn Facebook Twitter Twitter Twitter Twitter Twitter Facebook Facebook Facebook Facebook Table 1: Black market prices of Sybils (without any particular reputation). Table 2: Black market prices of Sybil identities with different levels of reputation. fort it takes to create and groom them. We manually collect price information from 8 black-market services that we found via google search, using queries such as Buy Facebook accounts . They include services such as Fiverr [10] and Blackhatworld [8]. While most of the pricing data was obtained by following the links from thetop Googlesearch results, for oneof theblack- market service, Fiverr, we had to issue an additional search query in their service to obtain pricing informa- tion. ings related to two domains (Twitter and Facebook) at specific reputation levels (e.g. accounts with different ages and different numbers of friends and followers) in the 8 black-market sites. We show this pricing data for Twitter and Facebook identities at varying reputation levels in Table 2. As expected, accounts with higher reputation have prices higher than accounts with no particular reputation (the ones in Table 1). For exam- ple, on Twitter an account that is aged 4 yearscosts$1 whilean account that wasjust created costs$0.01. It is further possible to buy accounts with more specialized reputation signals or simply buy reputation for an ac- count already owned [26]. Thesefindingsshow that it is possibleto obtain pricing information for accountswith different levels of grooming on current black-markets, and that prices reflect the level of grooming. 3.2.1 Table1showsthecomparativepricesof identitiesacross different open domainsaggregated from all the8 black- market sites mentioned previously. For each domain, we were able to identify offers by at least 7 different sellers, covering at least 3 of the black-market services. For each domain, we rely on the median price to avoid outliers.2We can see that an identity on Google costs 11 times more than an identity on Hotmail based on the median price. To further check if prices reflect to a certain extent the effort needed to create the accounts, we tried to create multiple Google and Hotmail identi- ties from a single IP address. After creating 2 identi- ties, Googleenforced phoneverification for creating the third identity. Hotmail on theother hand, allowed usto create4 identitieswithout phoneverification, beforeen- forcingadaily limit on identity creation. Thedaily limit of Hotmail was lifted the next day from the same IP, whileon theother hand Googlepersisted with askingfor phone verification. Thus, it appears that attackers can easily create more identities on Hotmail than Google which is reflected in the price. These results show that we can measure the relative trustworthiness of identi- ties coming from different domains using black-market pricing data. Comparingidentitiesacrossdifferent domains Case study: Inferring trust using black- market prices We now present preliminary results from a case study of Pinterest [36] which isa social network that letsusers share and discover content in a visual manner via pins (which areacombination of an image, text and a URL). We try to understand if black-market prices provide a good estimate of trustworthiness of identities in Pin- terest. First, we need ground-truth information about (un)trustworthiness of Pinterest identities. We rely on asignal provided by Pinterest to identify untrustworthy identities Pinterest tends to block pins that point to suspiciousdomains. In our dataset of 1.17million users, we had 48,496 users who had at least one pin blocked. To eliminatefalsepositives, weconsider 2,062 Pinterest identities that have more than 50 pins blocked as un- trustworthy giving us ground-truth information about trustworthiness of identities. Pinterest allowsuserstocreatean identity usingtheir Facebook, Twitter or email accounts. From section 3.2.1, we know the black-market prices of identities on Face- book, Twitter and other email domains. We find that a vast majority (74%) of of untrustworthy Pinterest accounts are created using email domains, while only 18.2% and 5.4% accounts were created using Twitter 3.3 3.2.2 Next we show that the prices of identities within a sin- gle domain are not the same and that it depends on the grooming level. We manually looked for job post- Comparingidentitieswithinasingledomain 2It ispossiblethat therearefraudulent sellers who advertise a cheap price and do not deliver on their promise.

  14. Key observation Attackers cannot tamper timestamps of activities E.g., join dates, id creation timestamps Older ids are less likely to be fake than newer ids Attackers do not target till sites reach critical mass Over time, older ids are more curated than newer ids Spam filters had more time to check older ids

  15. Most active fakes are new ids Older ids are less likely to be fake than newer ids

  16. Assessing strength of weak identities Leverage the temporal evolution of reputation scores Evolution of reputation score of a single participant Evolution time Reputation score Current reputation score t0 t50 t100 Time Attacker cannot forge the timestamps when the reputation score changed! Join date timestamp

  17. Trustworthiness of Weak Identities

  18. Trustworthiness of an identity Probability that its activities are in compliance with the online site s ToS How to assess trustworthiness? Ability to hold the user behind the identity accountable Via non-anonymous strong ids Economic incentives vs. costs for the attack Strength of weak id determines attacker costs Leverage social behavioral stereotypes

  19. Traditional Sybil defense approaches Catch & suspend ids with bad activities By checking for spam content in posts Can t catch manipulation of genuine content s popularity Profile identities to detect suspicious-looking ids Before they even commit fraudulent activities Analyze info available about individual ids, such as Demographic and activity-related info Social network links

  20. Lots of recent work Gather a ground-truth set of Sybil and non-Sybil ids Social turing tests: Human verification of accounts to determine Sybils [NSDI 10, NDSS 13] Automatically flagging anomalous (rare) user behaviors [Usenix Sec. 14] Train ML classifiers to distinguish between them [CEAS 10] Classifiers trained to flag ids with similar profile features Like humans, they look for features that arise suspicion Does it have a profile photo? Does it have friends who look real? Do the posts look real?

  21. Key idea behind id profiling For many profile attributes, the values assumed by Sybils & non-Sybils tend to be different

  22. Key idea behind id profiling For many profile attributes, the values assumed by Sybils & non-Sybils tend to be different Location field is not set for >90% of Sybils, but <40% of non-Sybils Lots of Sybils have low follower-to-following ratio A much smaller fraction of Sybils have more than 100,000 followers

  23. Limitations of profiling identities Potential discrimination against good users With rare behaviors that are flagged as anomalous With profile attributes that match those of Sybils Sets up a rat-race with attackers Sybils can avoid detection by assuming likely attribute values of good nodes Sybils can set location attributes, lower follower to following ratios Or, by attacking with new ids with no prior activity history

  24. Attacks with newly created Sybils All our bought fake followers were newly created! Existing spam defenses cannot block them

  25. Robust Tamper Detection in Crowd Computations

  26. Is a crowd computation tampered? Does a large computation involve a sizeable fraction of Sybil participants? Business with tampered rating User with tampered follower count Twitter profile Business page Reviewer Follower

  27. Are the following problems equivalent? 1. Detect whether a crowd computation is tampered Does the computation involve a sizeable fraction of Sybil participants? 2. Detect whether an identity is Sybil

  28. Are the following problems equivalent? 1. Detect whether a crowd computation is tampered Does the computation involve a sizeable fraction of Sybil participants? 2. Detect whether an identity is Sybil Our Stamper project: NO! Claim: We can robustly detect tampered computations even when we cannot detect fake ids

  29. Stamper: Detecting tampered crowds Idea: Analyze join date distributions of participants Entropy of tampered computations tends to be lower More generally, temporal evolution of reputation scores Significant fraction of identities dating all the way back to inception of site

  30. Robustness against adaptive attackers Stamper can fundamentally alter the arms race with attackers What about attacks using compromised or colluding identities? Compromised/colluding identities have to be selected in such a way that it would match the reference distribution Any malicious identity that gets suspended leads to a near permanent damage to attacker's power!

  31. TrulyFollowing: A prototype system Detects popular users (politicians) with fake followers trulyfollowing.app-ns.mpi-sws.org

  32. TrulyTweeting: A prototype system Detects popular hashtags, URLs, tweets with fake promoters trulytweeting.app-ns.mpi-sws.org

  33. DEMO

  34. Detection by Stamper: How it works Assume unbiased participation in a computation The join date distributions for ids in any large-scale crowd computation must match that of a large random sample of ids on the site Any deviation indicates Sybil tampering Greater the deviation, the more likely the tampering Deviation can be calculated using KL-divergence Rank computations based on their divergence Flag the most anomalous computations

  35. Dealing with computations with biased participation When nodes come from a biased user population: All computations suffer high deviations Making the tamper detection process less effective Solution: Compute join dates reference distribution from a similarly biased sample user population I.e., select a user population with similar demographics Has the potential to improve accuracy further

  36. Detection accuracy: Yelp case study Case study: Find businesses with tampered reviews in Yelp Experimental set-up: 3,579 businesses with more than 100 reviews "Ground-truth" obtained using Yelp's review filter Stamper flags 362 businesses (83% of all with more then 30% tampering) 125 % Biz flagged 100 75 Stamper flags only 3/54 (5.6%) normal crowds Stamper flags >97% of highly tampered crowds 50 25 0 0% (10-30]% >50% % Reviews tampered (Yelp)

  37. Take-away lesson Ids are increasingly being profiled to detect Sybils Don t profile individual identities! Accuracy would be low Can t prevent tampering of computations Profile groups of ids participating in a computation After all, the goal is to prevent tampering of computations

  38. Take-away questions What should a site do after detecting tampering? How do we know who tampered the computation? Could a politician / business slander competing politicians / businesses by buying fake endorsements for them? Can we eliminate the effects of tampering? Is it possible to discount tampered votes?

  39. Take-away questions In practice, users have weak identities across multiple sites Such weak ids are increasingly being linked Can we transfer trust between weak identities of a user across domains? Can Gmail help Facebook assess trust in Facebook ids created using Gmail ids? Can a collection of a user s weak user ids substitute for a strong user id?

Related


Affirming Mental Healthcare for LGBTQ+/POC: Understanding the Importance of Client Identities

Affirming Mental Healthcare for LGBTQ+/POC: Understanding the Importance of Client Identities

sirius
Trigonometric Integrals: Strategies and Identities

Trigonometric Integrals: Strategies and Identities

cason
Strong and Weak Forms in English Pronunciation

Strong and Weak Forms in English Pronunciation

kason
Bibliographic Identities and Nomen Clusters in Cataloging

Bibliographic Identities and Nomen Clusters in Cataloging

trystan
Parallel and Distributed Computing Systems

Parallel and Distributed Computing Systems

aleeza
Trigonometry: Identities, Equations, and Problem Solving Techniques

Trigonometry: Identities, Equations, and Problem Solving Techniques

thais
Cloud Computing, Edge Computing, and Their Applications

Cloud Computing, Edge Computing, and Their Applications

rudi
Intersectionality: Navigating Power and Identities

Intersectionality: Navigating Power and Identities

helio
Buffer Solutions and pH Indicators

Buffer Solutions and pH Indicators

ozzy
Linguistic Analysis of Drag Queen Identities on RuPaul's Drag Race

Linguistic Analysis of Drag Queen Identities on RuPaul's Drag Race

westlund_d
Overview of the Computing Community Consortium

Overview of the Computing Community Consortium

mgelst
Overview of Task Computing in Parallel and Distributed Systems

Overview of Task Computing in Parallel and Distributed Systems

schofield_m
Strong and Weak Links in Team Talent Distributions

Strong and Weak Links in Team Talent Distributions

zop_lit
Trigonometric Identities for Double Angles

Trigonometric Identities for Double Angles

gest
Matrix Identities in Strong Proof Systems

Matrix Identities in Strong Proof Systems

eaver
Weak Superconductivity and Functional Coordinates

Weak Superconductivity and Functional Coordinates

hallisey_n
Acids and Bases: Ionization and Properties

Acids and Bases: Ionization and Properties

davontayd
Acids and Bases in Chemistry: Key Concepts and Terminology

Acids and Bases in Chemistry: Key Concepts and Terminology

irey_aho
Weak Supervision for NLP: Overcoming Labelled Data Challenges

Weak Supervision for NLP: Overcoming Labelled Data Challenges

beck_142
Introduction to Cloud Computing: A Comprehensive Overview

Introduction to Cloud Computing: A Comprehensive Overview

wyat_45
Reflections on the Interconnectedness of Identities in a Finnish College Setting

Reflections on the Interconnectedness of Identities in a Finnish College Setting

tre_h
Unveiling the Standard Model at Wonju Spring School on Particle Physics and Cosmology 2015

Unveiling the Standard Model at Wonju Spring School on Particle Physics and Cosmology 2015

brey819

More Related Content