August 14, 2017

Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser

USENIX Workshop on Cyber Security Experimentation and Test

In this paper we describe an approach used at Facebook for dealing with this problem. We present a methodology whereby users exhibiting suspicious online behaviors are scanned (with permission) to identify the set of extensions in their browser, and those extensions are in turn labelled based on the threat indicators they contain.

Louis F. DeKoven, Stefan Savage, Geoffrey M. Voelker, Nektarios Leontiadis
May 22, 2017

IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks

IEEE Symposium on Security and Privacy (IEEE S&P)

In this paper, we propose Invariant Detector (IVD), a defense-in-depth system that automatically learns authorization rules from normal data manipulation patterns and distills them into likely invariants.

Paul Marinescu, Chad Parry, Marjori Pomarole, Yuan Tian, Patrick Tague, Ioannis Papagiannis
May 18, 2014

Analyzing Forged SSL Certificates in the Wild

IEEE Symposium on Security and Privacy (IEEE S&P)

The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook.

David Huang, Alex Rice, Erling Ellingsen, Collin Jackson
May 8, 2013

CopyCatch: Stopping Group Attacks by Spotting Lockstep Behavior in Social Networks

International World Wide Web Conference (WWW)

In this paper we focus on the social network Facebook and the problem of discerning ill-gotten Page Likes, made by spammers hoping to turn a profit, from legitimate Page Likes. Our method, which we refer to as CopyCatch, detects lockstep Page Like patterns on Facebook by analyzing only the social graph between users and Pages and the times at which the edges in the graph (the Likes) were created.

Alex Beutel, Tom Wanhong Xu, Venkatesan Guruswami, Christopher Palow, Christos Faloutsos
April 10, 2011

Facebook Immune System

Workshop on Social Network Systems (SNS)

Popular Internet sites are under attack all the time from phishers, fraudsters, and spammers. They aim to steal user information and expose users to unwanted spam. The attackers have vast resources at their disposal. They are well-funded, with full-time skilled labor, control over compromised and infected accounts, and access to global botnets.

Tao Stein, Roger Chen, Karan Mangla