No Arabic abstract
Modern fraudsters write malicious programs to coordinate a group of accounts to commit collective fraud for illegal profits in online platforms. These programs have access to a set of finite resources - a set of IPs, devices, and accounts etc. and sometime manipulate fake accounts to collaboratively attack the target system. Inspired by these observations, we share our experience in building two real-time risk control systems to detect collective fraud. We show that with TigerGraph, a powerful graph database, and its innovative query language - GSQL, data scientists and fraud experts can conveniently implement and deploy an end-to-end risk control system as a graph database application.
The growing trend of sharing news/contents, through social media platforms and the World Wide Web has been seen to impact our perception of the truth, altering our views about politics, economics, relationships, needs and wants. This is because of the growing spread of misinformation and disinformation intentionally or unintentionally by individuals and organizations. This trend has grave political, social, ethical, and privacy implications for society due to 1) the rapid developments in the field of Machine Learning (ML) and Deep Learning (DL) algorithms in creating realistic-looking yet fake digital content (such as text, images, and videos), 2) the ability to customize the content feeds and to create a polarized so-called filter-bubbles leveraging the availability of the big-data. Therefore, there is an ethical need to combat the flow of fake content. This paper attempts to resolve some of the aspects of this combat by presenting a high-level overview of TRUSTD, a blockchain and collective signature-based ecosystem to help content creators in getting their content backed by the community, and to help users judge on the credibility and correctness of these contents.
Statistical divergence is widely applied in multimedia processing, basically due to regularity and interpretable features displayed in data. However, in a broader range of data realm, these advantages may no longer be feasible, and therefore a more general approach is required. In data detection, statistical divergence can be used as a similarity measurement based on collective features. In this paper, we present a collective detection technique based on statistical divergence. The technique extracts distribution similarities among data collections, and then uses the statistical divergence to detect collective anomalies. Evaluation shows that it is applicable in the real world.
App builders commonly use security challenges, a form of step-up authentication, to add security to their apps. However, the ethical implications of this type of architecture has not been studied previously. In this paper, we present a large-scale measurement study of running an existing anti-fraud security challenge, Boxer, in real apps running on mobile devices. We find that although Boxer does work well overall, it is unable to scan effectively on devices that run its machine learning models at less than one frame per second (FPS), blocking users who use inexpensive devices. With the insights from our study, we design Daredevil, anew anti-fraud system for scanning payment cards that work swell across the broad range of performance characteristics and hardware configurations found on modern mobile devices. Daredevil reduces the number of devices that run at less than one FPS by an order of magnitude compared to Boxer, providing a more equitable system for fighting fraud. In total, we collect data from 5,085,444 real devices spread across 496 real apps running production software and interacting with real users.
Although the use of pay-per-click mechanisms stimulates the prosperity of the mobile advertisement network, fraudulent ad clicks result in huge financial losses for advertisers. Extensive studies identify click fraud according to click/traffic patterns based on dynamic analysis. However, in this study, we identify a novel click fraud, named humanoid attack, which can circumvent existing detection schemes by generating fraudulent clicks with similar patterns to normal clicks. We implement the first tool ClickScanner to detect humanoid attacks on Android apps based on static analysis and variational AutoEncoder (VAE) with limited knowledge of fraudulent examples. We define novel features to characterize the patterns of humanoid attacks in the apps bytecode level. ClickScanner builds a data dependency graph (DDG) based on static analysis to extract these key features and form a feature vector. We then propose a classification model only trained on benign datasets to overcome the limited knowledge of humanoid attacks. We leverage ClickScanner to conduct the first large-scale measurement on app markets (i.e.,120,000 apps from Google Play and Huawei AppGallery) and reveal several unprecedented phenomena. First, even for the top-rated 20,000 apps, ClickScanner still identifies 157 apps as fraudulent, which shows the prevalence of humanoid attacks. Second, it is observed that the ad SDK-based attack (i.e., the fraudulent codes are in the third-party ad SDKs) is now a dominant attack approach. Third, the manner of attack is notably different across apps of various categories and popularities. Finally, we notice there are several existing variants of the humanoid attack. Additionally, our measurements demonstrate the proposed ClickScanner is accurate and time-efficient (i.e., the detection overhead is only 15.35% of those of existing schemes).
The beginning of 2020 has seen the emergence of coronavirus outbreak caused by a novel virus called SARS-CoV-2. The sudden explosion and uncontrolled worldwide spread of COVID-19 show the limitations of existing healthcare systems in timely handling public health emergencies. In such contexts, innovative technologies such as blockchain and Artificial Intelligence (AI) have emerged as promising solutions for fighting coronavirus epidemic. In particular, blockchain can combat pandemics by enabling early detection of outbreaks, ensuring the ordering of medical data, and ensuring reliable medical supply chain during the outbreak tracing. Moreover, AI provides intelligent solutions for identifying symptoms caused by coronavirus for treatments and supporting drug manufacturing. Therefore, we present an extensive survey on the use of blockchain and AI for combating COVID-19 epidemics. First, we introduce a new conceptual architecture which integrates blockchain and AI for fighting COVID-19. Then, we survey the latest research efforts on the use of blockchain and AI for fighting COVID-19 in various applications. The newly emerging projects and use cases enabled by these technologies to deal with coronavirus pandemic are also presented. A case study is also provided using federated AI for COVID-19 detection. Finally, we point out challenges and future directions that motivate more research efforts to deal with future coronavirus-like epidemics.