University of California Santa Barbara Combating Attacks and Abuse in Large Online Communities Adissertationsubmittedinpartialsatisfaction of the requirements for the degree Doctor of Philosophy in Computer Science by Gang Wang Committee in charge: Professor Ben Y. Zhao, Chair Professor Haitao Zheng Professor Christopher Kruegel September 2016 The Dissertation of Gang Wang is approved. Professor Christopher Kruegel Professor Haitao Zheng Professor Ben Y. Zhao, Committee Chair July 2016 Combating Attacks and Abuse in Large Online Communities Copyright c 2016 ⃝ by Gang Wang iii Acknowledgements I would like to thank my advisors Ben Y.Zhao and Haitao Zheng formentoringmethrough- out the PhD program. They were always there for me, giving me timely and helpful advice in almost all aspects of both research and life. I also want to thank my PhD committee member Christopher Kruegel for his guidance in my research projects and job hunting. Finally, I want to thank my mentors in previous internships: Jay Stokes, Cormac Herley, Weidong Cui and Helen Wang from Microsoft Research, and Vicente Silveira fromLinkedIn.Specialthanksto Janet Kayfetz, who has helped me greatly with my writing and presentation skills. Iamverymuchthankfultomycollaboratorsfortheirhardwork, without which none of this research would have been possible. First and foremost, to the members of SAND Lab at UC Santa Barbara: Christo Wilson, Bolun Wang, Tianyi Wang, Manish Mohanlal, Xiaohan Zhao, Zengbin Zhang, Xia Zhou, Ana Nika, Xinyi Zhang, Shiliang Tang, Alessandra Sala, Yibo Zhu, Lin Zhou, Weile Zhang, Konark Gill, Divya Sambasivan, Xiaoxiao Yu, Troy Stein- bauer, Tristan Konolige, Yu Su and Yuanyang Zhang. Second, totheemployeesatMicrosoft: Jack Stokes, Cormac Herley and David Felstead. Third, to Miriam Metzger from the Depart- ment of Communications at UC Santa Barbara, and Sarita Y. Schoenebeck from the School of Information at University of Michigan. Fourth, to our collaborators from SecLab at UC Santa Barbara: Gianluca Stringhini, Manuel Egele, Christopher Kruegel and Giovanni Vigna. Finally, to Xiao Wang at Renren Inc., David Freeman at LinkedIn Inc., and Ulas Bardak at Whisper Inc. for sharing data for my research. iv Curriculum Vitæ Gang Wang Education 2010–2016 Ph.D. in Computer Science, University of California, Santa Barbara. 2006–2010 B.E. in Electronic Engineering, Tsinghua University Field of Study Major Field Computer Science with Prof. Ben Y. Zhao and Prof. Haitao Zheng. Employment 2010/9–2016/7 Research Assistant, UC Santa Barbara, Santa Barbara, CA. 2014/6–2014/9 Research Internship, Microsoft Research, Redmond, WA. 2012/6–2012/9 Data Scientist Internship, LinkedIn Inc., Mountain View, CA. 2011/6–2011/9 Research Internship, Microsoft Research, Redmond, WA. 2010/3–2010/6 Research Internship, Technicolor Research, Beijing, China. Publications MobiSys’16 Defending Against Sybil Devices in Crowdsourced Mapping Services. Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao. In Proc. of International Conference on Mobile Systems, Ap- plications, and Services, June 2016. ICWSM’16 “Will Check-in for Badges”: Understanding Bias and Misbehavior on Location-based Social Networks. Gang Wang, Sarita Schoenebeck, Haitao Zheng, Ben Y. Zhao. In Proc. of International AAAI Conference on Web and Social Media, May 2016. CHI’16 Unsupervised Clickstream Clustering For User Behavior Analysis. Gang Wang, Xinyi Zhang, Shiliang Tang, Haitao Zheng, Ben Y.Zhao. InProc. of SIGCHI Conference on Human Factors in Computing Systems, May 2016. CSCW’15 Crowds on Wall Street: Extracting Value from Collaborative Investing Platforms. Gang Wang, Tianyi Wang, Bolun Wang, Divya Sambasivan, Zengbin Zhang, Haitao Zheng, Ben Y. Zhao. In Proc. of ACM confer- ence on Computer-Supported Cooperative Work and Social Computing, March 2015. v FCS’15 The Power of Comments: Fostering Social Interactions inMicroblog Networks. Tianyi Wang, Yang Chen, Yi Wang, Bolun Wang, Gang Wang, Xing Li, Haitao Zheng, Ben Y. Zhao. Springer Frontiers of Com- puter Science, 2015. IMC’14 Whispers in the Dark: Analysis of an Anonymous Social Network. Gang Wang, Bolun Wang, Tianyi Wang, Ana Nika, Haitao Zheng, Ben Y. Zhao. In Proc. of Internet Measurement Conference, November 2014. USENIX SEC’14 Man vs. Machine: Practical Adversarial Detection of Malicious Crowd- sourcing Workers. Gang Wang, Tianyi Wang, Haitao Zheng, Ben Y. Zhao. In Proc. of USENIX Security Symposium, August 2014. TON’14 Practical Conflict Graphs in the Wild. Xia Zhou, ZengbinZhang,Gang Wang, Xiaoxiao Yu, Ben Y. Zhao, Haitao Zheng. ACM Transactions on Networking, 2014. HotNets’13 On the Validity of Geosocial Mobility Traces. Zengbin Zhang, Lin Zhou, Xiaohan Zhao, Gang Wang, Yu Su, Miriam Metzger, Haitao Zheng, Ben Y. Zhao. In Proc. of Workshop on Hot Topics in Networks, Novem- ber 2013. IMC’13 Follow the Green: Growth and Dynamics in Twitter Follower Markets. Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, Ben Y. Zhao. In Proc. of InternetMea- surement Conference, October 2013. USENIX SEC’13 You are How You Click: Clickstream Analysis for Sybil Detection. Gang Wang, Tristan Konolige, Christo Wilson, Xiao Wang, Haitao Zheng, Ben Y. Zhao. In Proc. of USENIX Security Symposium, August 2013. DSN’13 Detecting Malicious Landing Pages in Malware Distribution Networks. Gang Wang, Jack Stokes, Cormac Herley, David Felstead. In Proc. of IEEE/IFIP International Conference on Dependable Systems and Net- works, June 2013. SIGMETRICS’13 Practical Conflict Graphs for Dynamic Spectrum Distribution. Xia Zhou, Zengbin Zhang, Gang Wang, Xiaoxiao Yu, Ben Y. Zhao, Haitao Zheng. In Proc. of International Conference on Measurement and Modeling of Computer Systems, June 2013. WWW’13 Wisdom in the Social Crowd: an Analysis of Quora. Gang Wang, Konark Gill, Manish Mohanlal, Haitao Zheng, Ben Y. Zhao. In Proc. of International World Wide Web Conference, May 2013. NDSS’13 Social Turing Tests: Crowdsourcing Sybil Detection.GangWang,Man- ish Mohanlal, Christo Wilson, Xiao Wang, Miriam Metzger, Haitao Zheng, Ben Y. Zhao. In Proc. of Network & Distributed System Se- curity Symposium, February 2013. vi WWW’12 Serf and Turf: Crowdturfing for Fun and Profit. Gang Wang, Christo Wilson, Xiaohan Zhao, Yibo Zhu, Manish Mohanlal, Haitao Zheng, Ben Y. Zhao. In Proc. of International World Wide Web Conference, April 2012. MobiCom’11 I am the Antenna: Accurate Outdoor AP Location using Smartphones. Zengbin Zhang, Xia Zhou, Weile Zhang, Yuanyang Zhang, Gang Wang, Ben Y. Zhao, Haitao Zheng. In Proc. of International Conferenceon Mobile Computing and Networking, September 2011. HotMobile’11 Privacy, Availability and Economics in the Polaris Mobile Social Net- work. Christo Wilson, Troy Steinbauer, Gang Wang, AlessandraSala, Haitao Zheng, Ben Y. Zhao. In Proc. of Workshop on Mobile Comput- ing Systems and Applications, March 2011. P2PNet’09 Experimental Study on Neighbor Selection Policy for Phoenix Network Coordinate System. Gang Wang, Shining Wu, Guodong Wang, Beixing Deng, Xing Li. In Proc. of Workshop on Peer-To-Peer Networking, October, 2009. vii Abstract Combating Attacks and Abuse in Large Online Communities by Gang Wang Internet users today are connected more widely and ubiquitously than ever before. As aresult,variousonlinecommunitiesareformed,rangingfrom online social networks (Face- book, Twitter), to mobile communities (Foursquare, Waze), to content/interests based networks (Wikipedia, Yelp, Quora). While users are benefiting from the ease of access to information and social interactions, there is a growing concern for users’ security and privacy against vari- ous attacks such as spam, phishing, malware infection and identity theft. Combating attacks and abuse in online communities is challenging. First, todays online communities are increasingly dependent on users and user-generated content. Securing online systems demands a deep understanding of the complex and oftenunpredictablehumanbehav- iors. Second, online communities can easily have millions orevenbillionsofusers,which requires the corresponding security mechanisms to be highlyscalable.Finally,cybercriminals are constantly evolving to launch new types of attacks. This further demands high robustness of security defenses. In this thesis, we take concrete steps towards measuring, understanding, and defending against attacks and abuse in online communities. We begin with a series of empirical mea- surements to understand user behaviors in different online services and the unique security and privacy challenges that users are facing with. This effort covers a broad set of popular online services including social networks for question and answering (Quora), anonymous social net- works (Whisper), and crowdsourced mobile communities (Waze). Despite the differences of specific online communities, our study provides a first look attheiruseractivitypatternsbased viii on empirical data, and reveals the need for reliable mechanisms to curate user content, protect privacy, and defend against emerging attacks. Next, we turn our attention to attacks targeting online communities, with focus on spam campaigns. While traditional spam is mostly generated by automated software, attackers today start to introduce “human intelligence” to implement attacks. This is malicious crowdsourcing (or crowdturfing) where a large group of real-users are organized to carry out malicious cam- paigns, such as writing fake reviews or spreading rumors on social media. Using collective human efforts, attackers