Design and analysis of a social botnet
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and eve...
Gespeichert in:
Veröffentlicht in: | Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2013-02, Vol.57 (2), p.556-578 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 578 |
---|---|
container_issue | 2 |
container_start_page | 556 |
container_title | Computer networks (Amsterdam, Netherlands : 1999) |
container_volume | 57 |
creator | Boshmaf, Yazan Muslukhov, Ildar Beznosov, Konstantin Ripeanu, Matei |
description | Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today’s underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security. |
doi_str_mv | 10.1016/j.comnet.2012.06.006 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1369516279</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128612002150</els_id><sourcerecordid>2999677761</sourcerecordid><originalsourceid>FETCH-LOGICAL-c380t-abd2fe1f648cefbbcbbbd1d0c546abc8254c0a810a32b933013c770afaf651ec3</originalsourceid><addsrcrecordid>eNp9kE9LxDAQxYMouK5-Aw8FwVvrTNKm6UWQ9S8seNFzSNJEUnabNekK--3NUs8ehpnDe495P0KuESoE5HdDZcJ2tFNFAWkFvALgJ2SBoqVlC7w7zTcTXYlU8HNykdIAAHVNxYLcPtrkv8ZCjX0etTkkn4rgClWkYLzaFDpMOfmSnDm1Sfbqby_J5_PTx-q1XL-_vK0e1qVhAqZS6Z46i47XwlintdFa99iDaWqutBG0qQ0ogaAY1R1jgMy0LSinHG_QGrYkN3PuLobvvU2THMI-5r-SRMa7Bjltu6yqZ5WJIaVondxFv1XxIBHkkYgc5ExEHolI4DITybb72WZzgx9vo0zG29HY3kdrJtkH_3_AL7PcauA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1369516279</pqid></control><display><type>article</type><title>Design and analysis of a social botnet</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Boshmaf, Yazan ; Muslukhov, Ildar ; Beznosov, Konstantin ; Ripeanu, Matei</creator><creatorcontrib>Boshmaf, Yazan ; Muslukhov, Ildar ; Beznosov, Konstantin ; Ripeanu, Matei</creatorcontrib><description>Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today’s underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2012.06.006</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Automated social engineering ; Automation ; Botnets ; Computer networks ; Computer viruses ; Online privacy ; Online social networks ; Privacy ; Prototypes ; Social network security ; Social networks ; Socialbots ; Studies ; User behavior</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2013-02, Vol.57 (2), p.556-578</ispartof><rights>2012 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Feb 4, 2013</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c380t-abd2fe1f648cefbbcbbbd1d0c546abc8254c0a810a32b933013c770afaf651ec3</citedby><cites>FETCH-LOGICAL-c380t-abd2fe1f648cefbbcbbbd1d0c546abc8254c0a810a32b933013c770afaf651ec3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.comnet.2012.06.006$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Boshmaf, Yazan</creatorcontrib><creatorcontrib>Muslukhov, Ildar</creatorcontrib><creatorcontrib>Beznosov, Konstantin</creatorcontrib><creatorcontrib>Ripeanu, Matei</creatorcontrib><title>Design and analysis of a social botnet</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today’s underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.</description><subject>Automated social engineering</subject><subject>Automation</subject><subject>Botnets</subject><subject>Computer networks</subject><subject>Computer viruses</subject><subject>Online privacy</subject><subject>Online social networks</subject><subject>Privacy</subject><subject>Prototypes</subject><subject>Social network security</subject><subject>Social networks</subject><subject>Socialbots</subject><subject>Studies</subject><subject>User behavior</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><recordid>eNp9kE9LxDAQxYMouK5-Aw8FwVvrTNKm6UWQ9S8seNFzSNJEUnabNekK--3NUs8ehpnDe495P0KuESoE5HdDZcJ2tFNFAWkFvALgJ2SBoqVlC7w7zTcTXYlU8HNykdIAAHVNxYLcPtrkv8ZCjX0etTkkn4rgClWkYLzaFDpMOfmSnDm1Sfbqby_J5_PTx-q1XL-_vK0e1qVhAqZS6Z46i47XwlintdFa99iDaWqutBG0qQ0ogaAY1R1jgMy0LSinHG_QGrYkN3PuLobvvU2THMI-5r-SRMa7Bjltu6yqZ5WJIaVondxFv1XxIBHkkYgc5ExEHolI4DITybb72WZzgx9vo0zG29HY3kdrJtkH_3_AL7PcauA</recordid><startdate>20130204</startdate><enddate>20130204</enddate><creator>Boshmaf, Yazan</creator><creator>Muslukhov, Ildar</creator><creator>Beznosov, Konstantin</creator><creator>Ripeanu, Matei</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20130204</creationdate><title>Design and analysis of a social botnet</title><author>Boshmaf, Yazan ; Muslukhov, Ildar ; Beznosov, Konstantin ; Ripeanu, Matei</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c380t-abd2fe1f648cefbbcbbbd1d0c546abc8254c0a810a32b933013c770afaf651ec3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Automated social engineering</topic><topic>Automation</topic><topic>Botnets</topic><topic>Computer networks</topic><topic>Computer viruses</topic><topic>Online privacy</topic><topic>Online social networks</topic><topic>Privacy</topic><topic>Prototypes</topic><topic>Social network security</topic><topic>Social networks</topic><topic>Socialbots</topic><topic>Studies</topic><topic>User behavior</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Boshmaf, Yazan</creatorcontrib><creatorcontrib>Muslukhov, Ildar</creatorcontrib><creatorcontrib>Beznosov, Konstantin</creatorcontrib><creatorcontrib>Ripeanu, Matei</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Boshmaf, Yazan</au><au>Muslukhov, Ildar</au><au>Beznosov, Konstantin</au><au>Ripeanu, Matei</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Design and analysis of a social botnet</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2013-02-04</date><risdate>2013</risdate><volume>57</volume><issue>2</issue><spage>556</spage><epage>578</epage><pages>556-578</pages><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today’s underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2012.06.006</doi><tpages>23</tpages><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1389-1286 |
ispartof | Computer networks (Amsterdam, Netherlands : 1999), 2013-02, Vol.57 (2), p.556-578 |
issn | 1389-1286 1872-7069 |
language | eng |
recordid | cdi_proquest_journals_1369516279 |
source | Elsevier ScienceDirect Journals Complete |
subjects | Automated social engineering Automation Botnets Computer networks Computer viruses Online privacy Online social networks Privacy Prototypes Social network security Social networks Socialbots Studies User behavior |
title | Design and analysis of a social botnet |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T14%3A20%3A48IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Design%20and%20analysis%20of%20a%20social%20botnet&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Boshmaf,%20Yazan&rft.date=2013-02-04&rft.volume=57&rft.issue=2&rft.spage=556&rft.epage=578&rft.pages=556-578&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2012.06.006&rft_dat=%3Cproquest_cross%3E2999677761%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1369516279&rft_id=info:pmid/&rft_els_id=S1389128612002150&rfr_iscdi=true |