Research Area
Year Published

10 Results

October 31, 2018

Following Their Footsteps: Characterizing Account Automation Abuse and Defenses

Internet Measurement Conference (ICM)

Online social networks routinely attract abuse from for-profit services that offer to artificially manipulate a user’s social standing. In this paper, we examine five such services in depth, each advertising the ability to inflate their customer’s standing on the Instagram social network.

By: Louis F. DeKoven, Trevor Pottinger, Stefan Savage, Geoffrey M. Voelker, Nektarios Leontiadis
October 15, 2018

On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees

ACM Conference on Computer and Communications Security (CCS)

We show for the first time that post-compromise security can be achieved in realistic, asynchronous group messaging systems. We present a design called Asynchronous Ratcheting Trees (ART), which uses tree-based Diffie-Hellman key exchange to allow a group of users to derive a shared symmetric key even if no two are ever online at the same time.

By: Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican, Kevin Milner
April 21, 2018

Examining the Demand for Spam: Who Clicks?

Conference on Human Factors in Computing Systems (CHI)

Some spam content manages to evade detection and engage users which is why, in this paper, we focus on the demand side of the spam equation examining what drives users to click on spam via a largescale analysis of de-identified, aggregated Facebook log data (n=600,000).

By: Elissa M. Redmiles, Neha Chachra, Brian Waismeyer
August 14, 2017

Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser

USENIX Workshop on Cyber Security Experimentation and Test

In this paper we describe an approach used at Facebook for dealing with this problem. We present a methodology whereby users exhibiting suspicious online behaviors are scanned (with permission) to identify the set of extensions in their browser, and those extensions are in turn labelled based on the threat indicators they contain.

By: Louis F. DeKoven, Stefan Savage, Geoffrey M. Voelker, Nektarios Leontiadis
July 18, 2017

Patient-Driven Privacy through Generalized Distillation

Privacy Enhancing Technologies Symposium (PETS)

The introduction of data analytics into medicine has changed the nature of patient treatment. In this, patients are asked to disclose personal information such as genetic markers, lifestyle habits, and clinical history. This data is then used by statistical models to predict personalized treatments. However, due to privacy concerns, patients often desire to withhold sensitive information. This self-censorship can impede proper diagnosis and treatment, which may lead to serious health complications and even death over time. In this paper, we present privacy distillation, a mechanism which allows patients to control the type and amount of information they wish to disclose to the healthcare providers for use in statistical models.

By: Z. Berkay Celik, David Lopez-Paz, Patrick McDaniel
May 22, 2017

IVD: Automatic Learning and Enforcement of Authorization Rules in Online Social Networks

IEEE Symposium on Security and Privacy (IEEE S&P)

In this paper, we propose Invariant Detector (IVD), a defense-in-depth system that automatically learns authorization rules from normal data manipulation patterns and distills them into likely invariants.

By: Paul Marinescu, Chad Parry, Marjori Pomarole, Yuan Tian, Patrick Tague, Ioannis Papagiannis
May 18, 2014

Analyzing Forged SSL Certificates in the Wild

IEEE Symposium on Security and Privacy (IEEE S&P)

The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook.

By: David Huang, Alex Rice, Erling Ellingsen, Collin Jackson
May 13, 2013

CopyCatch: Stopping Group Attacks by Spotting Lockstep Behavior in Social Networks

International World Wide Web Conference (WWW)

In this paper we focus on the social network Facebook and the problem of discerning ill-gotten Page Likes, made by spammers hoping to turn a profit, from legitimate Page Likes. Our method, which we refer to as CopyCatch, detects lockstep Page Like patterns on Facebook by analyzing only the social graph between users and Pages and the times at which the edges in the graph (the Likes) were created.

By: Alex Beutel, Tom Wanhong Xu, Venkatesan Guruswami, Christopher Palow, Christos Faloutsos
April 10, 2011

Facebook Immune System

Workshop on Social Network Systems (SNS)

Popular Internet sites are under attack all the time from phishers, fraudsters, and spammers. They aim to steal user information and expose users to unwanted spam. The attackers have vast resources at their disposal. They are well-funded, with full-time skilled labor, control over compromised and infected accounts, and access to global botnets.

By: Tao Stein, Roger Chen, Karan Mangla
November 1, 2017

Measuring and Mitigating OAuth Access Token Abuse by Collusion Networks

ACM Internet Measurement Conference (IMC)

We uncover a thriving ecosystem of large-scale reputation manipulation services on Facebook that leverage the principle of collusion.

By: Shehroze Farooqi, Fareed Zafar, Nektarios Leontiadis, Zubair Shafq