Anti-reconnaissance tools: Detecting targeted socialbots

Abigail Paradise, Rami Puzis, Asaf Shabtai

IEEE Internet Computing 18 (5), 11-19, 2014

Advanced attackers use online social networks to extract useful information about the target organization, including its members and their connections, affiliations, and positions. Socialbots are artificial, machine-operated, social network profiles that connect to real members of an organization, greatly increasing the amount of information an attacker can collect. To connect socialbots, attackers can employ several strategies. The authors’ approach hunts socialbots using a carefully chosen monitoring strategy by intelligently selecting organization member profiles and monitoring their activity. Their results demonstrate their method’s efficacy–specifically, when attackers know the defense strategy being deployed, the attack they will most likely use is randomly sprayed friend requests, which eventually lead to a low number of connections.