24 September 2019

Resarch pick: Necklace Graph to protect social networks - "A challenge-response mechanism for securing online social networks against social bots"

Social bots are malicious computer programs that can penetrate the inner workings of online social networks and social media sites. They are automated software tools built with malicious intent and can execute activity on systems to automatically post and share, send fake “friend” requests to members of those networks, and harvest private and personal information. It might be assumed that such social bots are the work of hackers and crackers, so-called cyber criminals, and others, but they might also be the digital agents of advocacy organizations with a particular agenda, political entities, and others looking to game and manipulate the networks for a wide range of criminal, economic, and political ends.

Writing in the International Journal of Ad Hoc and Ubiquitous Computing, Torky Mohamed, Meligy Ali, and Ibrahim Hani of the Department of Computer Science in the Faculty of Science at Menoufia University, in Egypt, explain how malicious software tools, such as these social bots, represent a big security challenge against social network service providers.

There are tools to safeguard online systems against malware but too often the creators and propagators of these tools find simple ways to circumvent even the most sophisticated of protection systems. The Menoufia team has now devised a new type of “CAPTCHA” – Completely Automated Public Turing test to tell Computers and Humans Apart – that can, they say, automate protection of online networks against social bots.

Their new CAPTCHA, which they call a Necklace CAPTCHA, is an image-based test that requires user input to gain entry to the networks’ signup and subsequent services. It is based on Necklace Graph, which allows the “challenge-response” to be carried out in a novel manner that will hopefully be opaque to social bots attempting to get into the system. In their initial tests of the system, brute-force attacks achieved a very low success rate of just 1.65%. It is, the team says, more effective than the commonly used reCAPTCHA systems with which most users of web and social network signups and logins will be familiar.

Mohamed, T., Ali, M. and Hani, I. (2019) ‘A challenge-response mechanism for securing online social networks against social bots’, Int. J. Ad Hoc and Ubiquitous Computing, Vol. 32, No. 1, pp.1–13.

No comments: