Christo Wilson, Assistant Professor in the College of Computer and Information Science at Northeastern University
Over the last year, there has been growing recognition in the media and in the research community that security problems on the social web are being driven by crowdsourced attacks. Several recent studies have found large marketplaces in the US and China where malicious users can pay real people to send spam, write fake reviews, create fake (Sybil) accounts, etc. These crowdsourced services are cheap and easy to procure. Most disturbingly, crowdsourced attacks violate many of the assumptions leveraged by existing security systems, making these attacks highly effective.
In this talk, we present details on our recent work to understand the underground economy for crowdsourced attacks against social networks and develop novel defense mechanisms against this threat. First, we briefly overview the literature on marketplaces for crowdsourced spam and Sybils. Next, we investigate the possibility of using crowdsourced labor to detect social Sybils. Using ground truth information from two social networks (Facebook and Renren), we conduct a detailed user study to examine how well expert users and crowdworkers are able to identify fake social network accounts. Our results are promising; both groups are able to identify Sybils with a near-zero false positive rate. However, crowdworkers miss many Sybils, i.e. the false negative rate is high. We develop several techniques to improve the accuracy of crowdworkers, and develop a complete system for using crowdsourced labor to detect Sybils in a cost-effective, scalable manner.
Christo Wilson is a new faculty member in the College of Computer and Information Science at Northeastern University. He completed his Ph.D. in computer science at the University of California, Santa Barbara under the direction of Ben Y. Zhao. He received a Best Paper: Honorable Mention award at SIGCOMM 2011 and earned Masters and Bachelors degrees from the University of California, Santa Barbara in 2007 and 2006, respectively.