Detecting Organization-Targeted Socialbots by Monitoring Social Network Profiles

Advanced attackers use online social networks in order to extract useful information about targeted organizations, including the names of the organization's members, their connections, affiliations, positions, etc. Using artificial profiles (socialbots) attackers connect to real members of the organization, thus establishing a foothold inside the organization and greatly increasing the amount of sensitive information they can collect. The connection methods used by attackers are versatile, ranging from random friend requests to carefully crafted, manually operated social engineering attempts. In this paper we provide an analysis of the cost-effectiveness of strategies used to monitor organizational social networks and detect the socialbots that penetrate a target organization. These strategies were evaluated against heterogeneous attackers with different levels of knowledge about the monitoring strategies, using simulation on actual social network data and data from a real scenario of socialbot intrusion. The results demonstrate the efficacy of the monitoring strategies in detecting less sophisticated attackers and slowing down attackers that deliberately avoid the monitored profiles.