Characterizing and detecting malicious crowdsourcing

Abstract

Popular Internet services in recent years have shown that remarkable things can be achieved by harnessing the power of the masses. However, crowd-sourcing systems also pose a real challenge to existing security mechanisms deployed to protect Internet services, particularly those tools that identify malicious activity by detecting activities of automated programs such as CAPTCHAs. In this work, we leverage access to two large crowdturfing sites to gather a large corpus of ground-truth data generated by crowdturfing campaigns. We compare and contrast this data with "organic" content generated by normal users to identify unique characteristics and potential signatures for use in real-time detectors. This poster describes first steps taken focused on crowdturfing campaigns targeting the Sina Weibo microblogging system. We describe our methodology, our data (over 290K campaigns, 34K worker accounts, 61 million tweets...), and some initial results.