ERIC Number: ED667832
Record Type: Non-Journal
Publication Date: 2021
Pages: 164
Abstractor: As Provided
ISBN: 979-8-5346-6213-9
ISSN: N/A
EISSN: N/A
Available Date: 0000-00-00
A Measurement-Driven Approach towards Understanding and Detecting Abuse of Third-Party Apps
Shehroze Farooqi
ProQuest LLC, Ph.D. Dissertation, The University of Iowa
Popular platforms such as Facebook and Twitter integrate third-party apps from developers to enhance the experience of their users. While third-party apps are widely used to provide legitimate functionality, the abuse of third-party apps by attackers is also becoming prevalent. Attackers are abusing third-party apps to orchestrate their malicious activities such as spreading spam/malware, conducting reputation fraud, and misusing user data. However, it is unclear whether or not anti-abuse defenses, currently deployed by platforms, are effective in mitigating the abuse of third-party apps. Therefore, this thesis focuses on understanding and detecting real-world abuse of third-party apps to enable external entities such as researchers or regulators to independently audit these defenses. Through these audits, our goal is to evaluate the effectiveness of these defenses as well as identify their weaknesses to help us build defenses to curb third-party app abuse.Prior research lacks methods that allow external entities to systematically investigate the abuse of third-party apps. A key challenge in conducting these investigations is that they require collecting data at scale to monitor attackers' activities. This thesis tackles this challenge by adopting a measurement-driven approach to collect data and then analyze it to detect abuse of third-party apps. In our measurements, we interact with attackers to actively collect data on their activities by setting up specialized honeypots in controlled settings. Honeypots bait and deceive attackers to engage with them that allows us to obtain information about their attacks. In our measurements, we also collect publicly available data (e.g., Twitter's streaming API) to passively monitor attacker's activities without interacting with them. Finally, we develop data-driven countermeasures such as training a machine learning model to detect these attacks at a large scale in the future. We perform measurement studies to investigate four real-world attacks where attackers abuse third-party apps on Facebook, Twitter, and Google Play Store. Our results indicate that existing defenses deployed by all three platforms are ineffective against third-party app abuse across these platforms. On Twitter, we find that attackers create hundreds of thousands of third-party apps that go undetected by Twitter for several months while they post hundreds of millions of spam tweets. On Google Play Store, we find that attackers bypass their existing defenses to artificially inflate the reputation of their third-party apps. On Facebook, we find that attackers compromise legitimate third-party apps to generate hundreds of millions of fake likes without getting detected. We also find that attackers are abusing third-party apps on Facebook to misuse user data.We then analyze attackers' activities that are identified through our measurements to obtain novel insights into attackers' behaviors and then leverage those insights to develop data-driven countermeasures. We deployed our data-driven countermeasures with and without the collaboration of platforms to detect third-party app abuse. For example, we partnered with Facebook to revise their existing API rate limits for third-party apps that previously allowed attackers to generate a high-volume of malicious activities without getting detected. As another example, we independently trained and deployed a machine-learning model to detect abuse of third-party apps much earlier than Twitter could, which would have prevented attackers from posting tens of millions of spam tweets. We believe that this thesis will provide a footprint for independent auditors (e.g., researchers) or regulators (e.g., FTC) to measure the effectiveness of these defenses as well as identify their weaknesses. Furthermore, platforms can use our measurements, insights, and proposed countermeasures to improve their existing defenses and curb the abuse of third-party apps. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com.bibliotheek.ehb.be/en-US/products/dissertations/individuals.shtml.]
Descriptors: Social Media, Computer Security, Crime Prevention, Information Security, Technological Advancement, Computer Assisted Design, Artificial Intelligence, Cybernetics, Deception, Data Use, Investigations, Program Effectiveness
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com.bibliotheek.ehb.be/en-US/products/dissertations/individuals.shtml
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A
Grant or Contract Numbers: N/A
Author Affiliations: N/A