60 research outputs found
Stateless Puzzles for Real Time Online Fraud Preemption
The profitability of fraud in online systems such as app markets and social
networks marks the failure of existing defense mechanisms. In this paper, we
propose FraudSys, a real-time fraud preemption approach that imposes
Bitcoin-inspired computational puzzles on the devices that post online system
activities, such as reviews and likes. We introduce and leverage several novel
concepts that include (i) stateless, verifiable computational puzzles, that
impose minimal performance overhead, but enable the efficient verification of
their authenticity, (ii) a real-time, graph-based solution to assign fraud
scores to user activities, and (iii) mechanisms to dynamically adjust puzzle
difficulty levels based on fraud scores and the computational capabilities of
devices. FraudSys does not alter the experience of users in online systems, but
delays fraudulent actions and consumes significant computational resources of
the fraudsters. Using real datasets from Google Play and Facebook, we
demonstrate the feasibility of FraudSys by showing that the devices of honest
users are minimally impacted, while fraudster controlled devices receive daily
computational penalties of up to 3,079 hours. In addition, we show that with
FraudSys, fraud does not pay off, as a user equipped with mining hardware
(e.g., AntMiner S7) will earn less than half through fraud than from honest
Bitcoin mining
AbuSniff: Automatic Detection and Defenses Against Abusive Facebook Friends
Adversaries leverage social network friend relationships to collect sensitive
data from users and target them with abuse that includes fake news,
cyberbullying, malware, and propaganda. Case in point, 71 out of 80 user study
participants had at least 1 Facebook friend with whom they never interact,
either in Facebook or in real life, or whom they believe is likely to abuse
their posted photos or status updates, or post offensive, false or malicious
content. We introduce AbuSniff, a system that identifies Facebook friends
perceived as strangers or abusive, and protects the user by unfriending,
unfollowing, or restricting the access to information for such friends. We
develop a questionnaire to detect perceived strangers and friend abuse.We
introduce mutual Facebook activity features and show that they can train
supervised learning algorithms to predict questionnaire responses. We have
evaluated AbuSniff through several user studies with a total of 263
participants from 25 countries. After answering the questionnaire, participants
agreed to unfollow and restrict abusers in 91.6% and 90.9% of the cases
respectively, and sandbox or unfriend non-abusive strangers in 92.45% of the
cases. Without answering the questionnaire, participants agreed to take the
AbuSniff suggested action against friends predicted to be strangers or abusive,
in 78.2% of the cases. AbuSniff increased the participant self-reported
willingness to reject invitations from strangers and abusers, their awareness
of friend abuse implications and their perceived protection from friend abuse.Comment: 12TH INTERNATIONAL AAAI CONFERENCE ON WEB AND SOCIAL MEDIA
(ICWSM-18), 10 page
Efficient access enforcement in distributed role-based access control (RBAC) deployments
We address the distributed setting for enforcement of a centralized Role-Based Access Control (RBAC) protection state. We present a new approach for time- and space-efficient access enforcement. Underlying our approach is a data structure that we call a cas-cade Bloom filter. We describe our approach, provide details about the cascade Bloom filter, its associated algorithms, soundness and completeness properties for those algorithms, and provide an em-pirical validation for distributed access enforcement of RBAC. We demonstrate that even in low-capability devices such as WiFi net-work access points, we can perform thousands of access checks in a second
- …