000000277 001__ 277
000000277 005__ 20130522141940.0
000000277 037__ $$aLERSSE-RefJnlPaper-2012-002
000000277 100__ $$aYazan Boshmaf
000000277 245__ $$aDesign and Analysis of a Social Botnet
000000277 260__ $$c2012-07-01
000000277 300__ $$amult. p
000000277 520__ $$aOnline Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for eight weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today's underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.
000000277 6531_ $$aOnline Social Networks
000000277 6531_ $$aSocial Network Security
000000277 6531_ $$aAutomated Social Engineering
000000277 6531_ $$aOnline Privacy
000000277 6531_ $$aBotnets
000000277 6531_ $$aSocialbots
000000277 700__ $$aIldar Muslukhov
000000277 700__ $$aKonstantin Beznosov
000000277 700__ $$aMatei Ripeanu
000000277 8560_ $$fboshmaf@ece.ubc.ca
000000277 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/277/files/277.pdf$$yTransfer from CDS 0.99.7
000000277 909C4 $$pYazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, Matei Ripeanu. Design and Analysis of a Social Botnet. Elsevier Journal of Computer Network - Special Issue on Botnets, 2012.
000000277 980__ $$aRefJnlPaper