Anti-Reconnaissance Tools: Detecting Targeted Socialbots

Advanced attackers use online social networks to extract useful information about the target organization, including its members and their connections, affiliations, and positions. Socialbots are artificial, machine-operated, social network profiles that connect to real members of an organization, greatly increasing the amount of information an attacker can collect. To connect socialbots, attackers can employ several strategies. The authors' approach hunts socialbots using a carefully chosen monitoring strategy by intelligently selecting organization member profiles and monitoring their activity. Their results demonstrate their method's efficacy-specifically, when attackers know the defense strategy being deployed, the attack they will most likely use is randomly sprayed friend requests, which eventually lead to a low number of connections.

[1]  George Danezis,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2009, NDSS.

[2]  Philip S. Yu,et al.  Proceedings of the ACM SIGKDD Workshop on Mining Data Semantics , 2012, KDD 2012.

[3]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[5]  Ben Y. Zhao,et al.  Uncovering social network sybils in the wild , 2011, IMC '11.

[6]  Krishna P. Gummadi,et al.  Exploring the design space of social network-based Sybil defenses , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[7]  Lior Rokach,et al.  Intruder or Welcome Friend: Inferring Group Membership in Online Social Networks , 2013, SBP.

[8]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[9]  Dongho Won,et al.  A Practical Study on Advanced Persistent Threats , 2012 .

[10]  Sameer Patil,et al.  Will you be my friend?: responses to friendship requests from strangers , 2012, iConference '12.

[11]  Yuval Elovici,et al.  Organizational Intrusion: Organization Mining Using Socialbots , 2012, 2012 International Conference on Social Informatics.

[12]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[13]  Tai-hoon Kim,et al.  Computer Applications for Security, Control and System Engineering , 2012, Communications in Computer and Information Science.

[14]  Jure Leskovec,et al.  Defining and evaluating network communities based on ground-truth , 2012, Knowledge and Information Systems.

[15]  Lisa Singh,et al.  Can Friends Be Trusted? Exploring Privacy in Online Social Networks , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[16]  Rami Puzis,et al.  TONIC: Target Oriented Network Intelligence Collection for the Social Web , 2013, AAAI.

[17]  Shanton Chang,et al.  Information Leakage through Online Social Networking: Opening the Doorway for Advanced Persistence Threats , 2010, AISM 2010.

[18]  Sebastiano Vigna,et al.  Axioms for Centrality , 2013, Internet Math..

[19]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[20]  Mitri Kitti,et al.  Axioms for centrality scoring with principal eigenvectors , 2016, Soc. Choice Welf..