Social networking fraud is target of UO-led initiative

Jun Li, director of the UO's Center for Cyber Security and Privacy

That friend invite you accepted on Facebook turns out to be from an unknown person using a forged identity to invade your personal life. You are not alone. It happens often, to many people. You've fallen victim to a Sybil attack.

Fraud comes in many other forms, too. On social networks the consequences can range from a minor irritation to a major disruption in a person's life. Online fraud costs an estimated $100 billion a year worldwide; fake accounts on Twitter, alone, are tied to $360 million annually to fraud. Sybil attacks, by the way, are named after the woman with multiple personalities in the 1973 book "Sybil."

Jun Li, the director of the University of Oregon's Center for Cyber Security and Privacy, is leading a new charge to go after all forms of online fraudulent activities.

The four-year project, which begins July 1, will be done in collaboration with computer scientists at the University of Arkansas and University of North Carolina at Charlotte. Most research to date has focused on individual forms of fraud. The new effort will seek to capture the whole package.

"Our work is to first understand what's happening," Li said. "We want to model the many forms of attack in a cool way. Many types of fraud may not be worrisome, but others have the potential to cause lots of havoc."

Oregon Cyber Security Day is Friday, April 22

Initially, researchers will build a model — a complex graph — mapping people and their relationships within a social media platform. Using that information, they will convert the graph into a mathematically driven framework, much like a 3-D map, that should open a pathway to detecting fraudulent and potentially damaging activities.

The system being developed is known as oSAFARI — Online SociAl network Fraud and Attack Research and Identification.

"We will use visualization techniques to build a larger view of what's going on," Li said. "We will build a simulation network to evaluate our approaches. That will involve test users and maybe even an independent red team to see how our solution performs. Our hope is to be able to see the essence of fraudulent activity amid very large and noisy social networking systems."

Eventually, he said, the work will lead to real world approaches to improve online security and raise public awareness of safe practices. In addition, the work should lead to educational curriculum to expand the UO's efforts to train future cyber security experts, he added.

The project is being funded by a $1.2 million grants from the National Science Foundation. The UO gets $507,000 for the project, which will include up to two graduate students and as many undergraduate researchers as possible, Li said.

—By Jim Barlow, University Communications