Honeypots pages

Category: Entertainment

Presentation Description

No description available.


Presentation Transcript

Paying for likes? Understanding Facebook Like Fraud Using Honeypots Emiliano De Cristofaro, Arik Friedman, Guillaume Jourjon, Mohamed Ali Kaafar, M. Zubair Shafiq :

Paying for likes? Understanding Facebook Like Fraud Using Honeypots Emiliano De Cristofaro, Arik Friedman, Guillaume Jourjon, Mohamed Ali Kaafar, M. Zubair Shafiq By Harshit Jain Department of Computer Science University of Victoria

Background: Why Facebook is popular?:

Background: Why F acebook is popular? A dvertisement platform to reach large audience. Revenue is generated by number of likes on posted Facebook Pages. Global platform for businesses to advertise and communicate. In 2013, F acebook net ad revenue amounted to $6.7B, i.e., 5.64% of the global market. Businesses can opt to receive update, post message, or connect with other customers. Targeted ads are used for promotion to users from there specific context.

What is the Problem? :

What is the Problem? Increased growth of illegitimate businesses to offer F acebook likes on demand. These paid services inflate the interest in a Facebook page using “like farms ”. Fake likes generated by these farms are less valuable to businesses in terms of potential customer engagement and revenue . Fake profiles attempt to diversify their liking activities to avoid Facebook’s fraud detection algorithms. Lack of systematic analysis of Facebook pages promotion methods.

Proposed Solution :

Proposed Solution Conducting a comparative measurement study of Facebook likes garnered by Facebook ads and by underground like farms. Systematic investigation into the nature of like farms and how they operate . Experimental design: Setting up 13 Facebook honeypots pages about “Virtual Electricity” but without any content. Disclaimer provided : “This is not a real page, so please do not like it.”

How is there work different?:

How is there work different? Disclosing information about social structure and activity of fake profiles attracted by the honeypot pages. Our Analysis supersedes sybil detection algorithms by reveals greater insights as well as new patterns that could complement them. In contrast to passive measurements, there work rely on the deployment of several honeypot pages and (paid) campaigns. Explicit declaration about the authenticity of the pages.

What is the Approach ?:

What is the Approach ? Deployment and monitoring of 13 Facebook honeypots pages called “Virtual Electricity ” Intentionally left blank to promote them using both Facebook page like ads and like farms. Disclaimer about the legitimacy provided. 5 pages were promoted using legitimate Facebook ad campaigns and the remaining 8 pages were promoted using 4 popular like farms. The three methodologies used for comparative study are: Data Collection Campaign Summary Ethics Consideration

What is the Approach ?:

What is the Approach ? Table shows the details of honeypots pages along with the corresponding add campaigns. Used Facebook ads to generate visits to five of these pages, targeting users in the US, France, India, Egypt and worldwide, respectively. Their budget was six dollars a day up to a total of $90 the 15 days. U sed four “like farms” to generate visits to the remaining eight pages. With each of these like farms, they targeted worldwide or US users. These services charged between $70 and $190 for 1000 likes in 15 days. The team then measured the activity on each page over the following 22 days. All Campaigns were Launched on March 12, 2014 Table 1

What is the Approach ?:

What is the Approach ? Data Collection Monitor Likes on Honeypots pages in every 2 hours. Reduce monitoring frequency at the end of the campaign. Used Facebook report tool for page administration. S tatistics used to compare distributions of honeypot pages likers to that of the overall Facebook population. Campaign Summary From table 1 they report the total number of likes garnered by each. The BL-ALL and MS-ALL campaigns remained inactive. C ollected a total of 6,292 likes. The largest and lowest number of likes were garnered by AL-USA and FB-USA. Ethics Considerations Collected only openly available data. E nforced a few mechanisms to protect user privacy. Aware that paying farms to generate fake likes might raise ethical concerns. Also note that the amount of money each farm received was small ($190 at most ). The three methodologies used for comparative study are:

What is the Approach ?:

What is the Approach ?

Analysis :

Analysis Location and Demographic Analysis Temporal Analysis Social Graph Analysis Page Like Analysis Compare the characteristics of the likes garnered by the honeypots pages promoted via legitimate Facebook Campaigns and those obtained via like farms.

Location and Demographic Analysis :

Location and Demographic Analysis Distribution of likers countries are considered. First four Facebook campaigns (FB-USA, FB-FRA, FB-IND, FB-EGY) M ainly received likes from the targeted country ( 87–99.8). Targeted Facebook users world-wide (FB-ALL ),almost exclusively received likes from India (96 %). For the Looking at the like Four farms . Most likers from SocialFormula were based in Turkey, regardless of whether we requested a US-only campaign. Other three farms delivered likes complying to our requests, e.g., for US-only campaigns, the pages received a majority of likes from US profiles. Location

Location and Demographic Analysis :

Location and Demographic Analysis Demographic D istribution of likers gender and age, and also compare them to the global Facebook network (last row ). These three campaigns also appear to be skewed toward male profiles. In contrast, the demographics of likers from SocialFormula and, to a lesser extent, AuhtenticLikes and MammothSocials, are much more similar to those of the entire network, even though male users are still over-represented.

Temporal Analysis :

Temporal Analysis A nalyzed temporal patterns observed for each of the campaigns. Figure shows the cumulative number of likes observed on each honeypot page over there observation period (15 days).

Social Graph Analysis :

Social Graph Analysis Author evaluated the Social graph induced by the likers profiles. Table shown summarizes the number of likers associated with each service, as well as additional details about their friendship networks. It shows the number and percentage of users with public friend lists.

Social Graph Analysis :

Social Graph Analysis Author evaluated Social graph induced by such friendship relations (likers who did not have friendship relations with any other likers were excluded from the graph ). C onsidered indirect links between likers, through mutual friends . Also observe many isolated pairs and triplets of likers who are not connected .

Page Like Analysis :

Page Like Analysis L ooked at the other pages liked by profiles attracted to our honeypot pages . Plot the distribution of the number of page likes for Facebook ads and like farm campaigns users. O bserved a large variance in the number of pages liked, ranging from 1 to 10,000 H oneypot pages attracted users that tend to like significantly more pages than regular Facebook users.

Page Like Analysis :

Page Like Analysis To confirm the hypothesis, for each pair of campaigns, they plot their Jaccard similarity. Figure (a) shows the plot of the Jaccard similarity between the set of likes by likers of two campaigns A and B. Figure (b) shows the plot of the similarity between the set of likers of the different campaigns.

Conclusion :

Conclusion They identified two main modi operandi : SocialFormula and AuthenticLikes, seem to be operated by bots and do not really try to hide the nature of their operations. BoostLikes , follow a much stealthier approach, aiming to mimic regular users’ behavior, and rely on their large and well-connected network structure. Observed a high number of friends per profile and a “reasonable” number of likes. Provides strong evidence that likers attracted on our honeypot pages, even when using legitimate Facebook campaigns. Most fake likes exhibit some peculiar characteristics including demographics, likes, temporal and social graph patterns that can and should be exploited by like fraud detection algorithms. F uture work include larger and more diverse honeypots measurements as well as longer observation of removed likes.

Questions ? :

Questions ?

authorStream Live Help