Remarkable things can be achieved by harnessing power of the masses. By breaking down tasks and distributing to users, "crowdsourcing" systems can accomplish complex tasks such as translating books or creating 3D photo tours. Unfortunately, the opposite also holds: misuse of these systems creates powerful tools that can compromise the security of online communities, since today's security mechanisms focus on defending against automated scripts and fake accounts, but not real users.
In a malicious crowdsourcing system, customers initiate campaigns, and workers are paid for tasks such as creating Facebook accounts, posting fake Yelp reviews, or starting rumors on Twitter, with results indistinguishable from those of normal users. This type of malicious activity is called crowdturfing, because of its similarity to both crowd-sourcing systems and "astroturfing." The PIs have already found example sites today, and early measurements show some that generate over $1Million in annual revenue, while growing exponentially in users and revenue.
This project studies crowdturfing systems in detail via measurements and experiments, and use those results to develop robust defenses against them. Measurements and interviews will be used to study their support structure and incentives; develop endhost-based techniques to mark their results and economic solutions that reduce incentives for customers and workers; and build effective detection systems that identify crowdturfing in different domains using per-user behavioral models.
This work can change the way we view security in online communities, and its results can guide the deployment of new protection mechanisms that target crowdsourced fake user accounts and activities.
