Professor aims to prevent fraud through ‘sock puppet’ social media accounts

“Hey everyone, don’t accept anything from me. It is not me!”

How many times has a post like this appeared on your social media feed? A researcher at Southern Illinois University Carbondale is working on technologies to stop “sock puppet” requests that can lead to profile takeovers, identity theft and other havoc for social media users.

Sajedul Talukder, assistant professor in the School of Computing at SIU and director of the Security and Privacy Enhanced Machine Learning Lab, received a $158,000 grant from the National Science Foundation’s Computer and Information Science and Engineering Research Initiative to study ways to ‘Prevent ‘puppet’ login requests, which are fake online identities and user accounts created for deceptive purposes.

Talukder aims to build a digital framework rooted in cognitive psychology, user-centered research, and machine learning methods to defend against such accounts and demands in online social networks. Work will begin in April and will last at least two years.

In 2019, identity theft cost victims nearly $17 million. The work could not only help prevent identity theft, but also reduce fake accounts that push propaganda during ongoing conflicts, such as currently in Ukraine, and attempts by a hostile government to influence US policy. .

Social media sites generate revenue through targeted advertising, using personal information to refine and deliver these messages. The more information you provide, the better the ads are targeted, but it also means that scammers have more opportunity than ever to steal identities or commit fraud.

Attackers often use social media login relationships to gain access to users’ personal and sensitive data, post false or abusive information, or defraud and influence victims’ perceptions, Talukder said. People who actively use social media are 30% more likely to be affected by identity theft.

“The massive growth in social media usage has prompted perpetrators to connect with users through impersonation, which is often successful due to lack of proper verification of reported information,” Talukder said.

Talukder’s goal is to dramatically expand the understanding of deception and identity abuse in online social networks, and to design and build ways to defeat these types of attacks. The first steps are to develop survey instruments and user studies to investigate connection decisions, motivations and pending behaviors in online social networks.

Sock puppets are automatic or semi-automatic profiles that mimic human profiles. Fake profiles or their operators send requests to social media users to “follow” or “friends”, who often accept them. If a user has friends in common with the fake account, for example, the chances of accepting the request are 80%.

Other times, a fake profile is created to essentially duplicate a user’s online presence. These attacks, called identity clone attacks, are designed to collect personal information and direct online fraud.

But fake accounts can still be detected by looking at characteristics such as profile history, posting frequency, posting pattern, profile age, friendship pattern, and like/follow patterns. Ultimately, the researchers will develop an application platform aimed at collecting detailed and baseline “truth behavior data” from social media users based on these characteristics.

“The underlying assumption is that the behavior of a real profile would be different from that of a fake one. In order to design mechanisms for identifying and eliminating fake accounts in near real time, we need to collect the data truth behavior patterns that will help us differentiate the fakes from the real ones,” Talukder said.

Talukder will use his findings to create a pending login decision classifier for Facebook, which will route suspicious login attempts to a spam folder. Researchers will combine sock puppet education and motivation to develop this new interface, which will reduce users’ clutter and cognitive load by displaying each pending friend request on a single screen, complete with a large profile picture placed in the center.

When the user taps on a waiting friend’s profile picture, a screen containing the profile summary of the waiting friend appears. Users can navigate through their pending friends list using the next and back buttons on the sides of the profile picture.

“Additionally, the interface will turn the ‘Confirm’ button into an inhibiting attractor, displaying it in the same gray color as the ‘Delete’ button. To address the case where the user does not feel comfortable making a decision, we will also include an ‘Ignore’ button displayed in the same gray color,” Talukder said.

Getting inside the minds of puppeteers and their victims will allow researchers to address the dynamic between them, Talukder said.

“The work will not only improve understanding of just-in-time motivations and behaviors related to social media risks,” he said, “but it will also help sociologists gain deeper insights from the social and underexplored spatial data provided by social networks in order to test relevant theories.

As founding director of SIU’s Security and Privacy Enhanced Machine Learning Lab, Talukder and his group develop protection systems with machine learning and artificial intelligence applications. Growing demand for privacy research has invaded this field in recent years, but NSF efforts have a reputation for funding only the most promising research. In addition to his recent grant, Talukder also received funding from NSF’s Secure and Trustworthy Cyberspace program.

“These types of grants are extremely competitive,” Talukder said. “NSF has recognized my efforts at SIU as an emerging leader in this area of ​​research.”

This latest grant will fund survey work and user studies that will help researchers develop applications, collect data, and create solutions. The grant will also support several new doctoral students, as well as existing graduate students, working with Talukder at SIU’s School of Computer Science.

Comments are closed.