Sajedul Talukder, assistant professor in SIU’s School of Computing and director of the Security and Privacy Enhanced Machine Learning Lab, is working on technologies to stop identity deception, which can lead to profile hacking, identity theft and other havoc in the lives of online social media users. Talukder recently received a $158,000 grant from the National Science Foundation to investigate ways to prevent so-called “sock puppet” connection requests on social media. (Photo by Russell Bailey)
March 14, 2022
SIU professor aims to prevent fraud caused by ‘sock puppet’ social media accounts
CARBONDALE, Ill. – “Hey everyone, don’t accept anything from me. It’s not me!” How many times has a message like this come across your social media feed? A researcher at Southern Illinois University Carbondale is working on technologies to stop “sock puppet” requests that can lead to profile hacking, identity theft and other havoc for social media users.
Sajedul Talukder, assistant professor in SIU’s School of Computing and director of the Security and Privacy Enhanced Machine Learning Lab, has received a $158,000 grant from the National Science Foundation’s Computer and Information Science and Engineering Research Initiative to investigate ways to prevent “sock puppet” connection requests, which are false online identities and user accounts created for deceptive purposes.
Talukder aims to build a digital framework rooted in cognitive psychology, user-centric research and machine learning methods to defend against such accounts and requests in online social networks. The work will begin in April and last at least two years.
In 2019, identity theft cost victims almost $17 million. The work could not only help prevent identity theft but also cut down on fake accounts that push propaganda during ongoing conflicts, such as currently in Ukraine, and a hostile government’s attempts to influence American politics.
A growing problem
Social media sites generate revenue with targeted advertising, using personal information to hone and deliver such messaging. The more info you provide, the better targeted the ads, but that also means crooks have more opportunities than ever to steal identities or perpetrate fraud.
Attackers often use connection relations on social media to access private and sensitive user data, post false or abusive information, or scam and influence the perceptions of victims, Talukder said. People who actively use social media are 30% more likely to be affected by identity fraud.
“The massive growth of social media usage has incentivized perpetrators to connect to users through identity deception, which is often successful due to the lack of adequate verification of declared information,” Talukder said.
Understanding the issues
Talukder’s goal is to significantly expand the understanding of identity deception and abuse in online social networks, and design and build ways to defeat those types of attacks. The first steps involve developing survey instruments and user studies to investigate the pending connection decisions, motivations and behaviors in online social networks.
Sock puppets are automatic or semi-automatic profiles that mimic human profiles. Fake profiles or their operators send requests to ‘‘follow’’ or ‘‘friend’’ social media users, who often accept them. If a user has friends in common with the fake account, for instance, the chance of accepting the request is 80%.
Other times, a fake profile is created to essentially duplicate a user’s online presence. Such attacks, called identity clone attacks, are devised to collect personal information and direct online fraud.
But fake accounts can still be detected by examining characteristics such as profile history, posting frequency, posting pattern, profile age, befriending pattern and like/follow patterns. Ultimately, the researchers will develop an app platform aimed at collecting detailed, baseline “truth behavior data” from social network users based on those characteristics.
“The underlying assumption is that the behavior of a true profile would be different than that of a fake one. In order to devise mechanisms for identifying and eliminating fake accounts on a near real-time basis, we need to collect the truth behavior data that will help us to differentiate between fake and real ones,” Talukder said.
Improving user interfaces
Talukder will use his findings to create a pending connection decision classifier for Facebook, which will route suspicious connection attempts to a spam folder. The researchers will combine sock puppet education and motivation in developing this new interface, which will reduce clutter and cognitive load for users by displaying each pending friend request on a single screen, with a large, centrally-placed profile photo.
When the user taps on the profile photo of a pending friend, a screen that includes the profile summary of the pending friend will appear. Users can navigate their pending friend list using the next and previous buttons on the sides of the profile photo.
“Further, the interface will transform the ‘Confirm’ button into an inhibitive attractor, by displaying it in the same gray color as the ‘Delete’ button. To address the case where the user does not feel comfortable making a decision, we also will include a ‘Skip’ button shown in the same gray color,” Talukder said.
Getting into the minds of both sock puppeteers and their victims will allow researchers to address the dynamic that exists between them, Talukder said.
“The work not only will enhance the understanding of just-in-time motivations and behaviors related to social network risks,” he said, “but it will also help sociologists gain deeper insights from underexplored social and spatial dimensions provided by social networks in order to test relevant theories.”
SIU to help lead crowded field
As the founding director of SIU’s Security and Privacy Enhanced Machine Learning Lab, Talukder and his group develop protective systems with machine-learning, artificial intelligence applications. Soaring demand for privacy research has crowded this field in recent years, but the NSF’s efforts have a top reputation for funding only the most promising research. In addition to his recent grant, Talukder also has received funding from the NSF’s Secure and Trustworthy Cyberspace program.
“These types of grants are extremely competitive,” Talukder said. “The NSF has recognized my efforts at SIU as an emerging leader in this area of research.”
This latest grant will pay for survey work and user studies that will help the researchers develop apps, collect data and build solutions. The grant also will support several new doctoral students, along with existing graduate students, working with Talukder in SIU’s School of Computing.