Design and analysis of a social botnet

Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and eve...

Full description

Saved in:
Bibliographic Details
Published inComputer networks (Amsterdam, Netherlands : 1999) Vol. 57; no. 2; pp. 556 - 578
Main Authors Boshmaf, Yazan, Muslukhov, Ildar, Beznosov, Konstantin, Ripeanu, Matei
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier B.V 04.02.2013
Elsevier Sequoia S.A
Subjects
Automated social engineering
Automation
Botnets
Computer networks
Computer viruses
Online privacy
Online social networks
Privacy
Prototypes
Social network security
Social networks
Socialbots
Studies
User behavior
Social network security
Automated social engineering
Online privacy
Socialbots
Botnets
Online social networks
Online AccessGet full text

Cover

More Information
Summary:Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today’s web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for 8weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today’s underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2012.06.006