Tao Stein
ABSTRACT
Popular Internet sites are under attack all the time from phishers, fraudsters, and spammers. They aim to steal user information and expose users to unwanted spam. The attackers have vast resources at their disposal. They are well-funded, with full-time skilled labor, control over compromised and infected accounts, and access to global botnets. Protecting our users is a challenging adversarial learning problem with extreme scale and load requirements. Over the past several years we have built and deployed a coherent, scalable, and extensible realtime system to protect our users and the social graph. This Immune System performs realtime checks and classifications on every read and write action. As of March 2011, this is 25B checks per day, reaching 650K per second at peak. The system also generates signals for use as feedback in classifiers and other components. We believe this system has contributed to making Facebook the safest place on the Internet for people and their information. This paper outlines the design of the Facebook Immune System, the challenges we have faced and overcome, and the challenges we continue to face.
- {Blanzieri 2008} E. Blanzieri and A. Bryl. A survey of learning-based techniques of email spam filtering. Artif. Intell. Rev., 29:63--92, March 2008. Google Scholar
Digital Library
- {Carreras 2001} X. Carreras and L. Márquez. Boosting trees for anti-spam email filtering. In Proceedings of RANLP-01, 4th International Conference on Recent Advances in Natural Language Processing, Tzigov Chark, BG, 2001.Google Scholar
- {Dalvi 2004} N. Dalvi, P. Domingos, Mausam, S. Sanghai, and D. Verma. Adversarial classification. In Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, KDD '04, pages 99--108, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- {Hao 2009} S. Hao, N. A. Syed, N. Feamster, A. G. Gray, and S. Krasser. Detecting spammers with snare: spatio-temporal network-level automatic reputation engine. USENIX Security Symposium, page 101118, 2009. Google ScholarDigital Library
- {Heymann 2007} P. Heymann, G. Koutrika, and H. Garcia-Molina. Fighting spam on social web sites: A survey of approaches and future challenges. IEEE Internet Computing, 11:36--45, November 2007. Google ScholarDigital Library
- {Lowd 2005} D. Lowd and C. Meek. Adversarial learning. In Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, KDD '05, pages 641--647, New York, NY, USA, 2005. ACM. Google ScholarDigital Library
- {Ma 2009} J. Ma, L. K. Saul, S. Savage, and G. M. Voelker. Identifying suspicious URLs: an application of large-scale online learning. In Proceedings of the 26th Annual International Conference on Machine Learning, ICML '09, pages 681--688, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- {Thomas 2010} K. Thomas and D. M. Nicol. The Koobface botnet and the rise of social malware. In Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE), pages 63--70. IEEE, October 2010.Google Scholar
- {von Ahn 2003} L. von Ahn, M. Blum, N. Hopper, and J. Langford. CAPTCHA: Using hard AI problems for security. In EuroCrypt, 2003. Google ScholarDigital Library
- {Whittaker 2010} C. Whittaker, B. Ryner, and M. Nazif. Large-scale automatic classification of phishing pages. In NDSS, NDSS '10, 2010.Google Scholar
Index Terms
- Facebook immune system
Recommendations
Adversarial Attack on Microarchitectural Events based Malware Detectors
DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019To overcome the performance overheads incurred by the traditional software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) using machine learning (ML) classifiers has emerged as a panacea to detect malicious applications ...
Understanding a prospective approach to designing malicious social bots
The security implications of social bots are evident in consideration of the fact that data sharing and propagation functionality are well integrated with social media sites. Existing social bots primarily use Really Simple Syndication and OSN online ...
Adversarial attacks on malware detection models for smartphones using reinforcement learning: PhD forum abstract
SenSys '20: Proceedings of the 18th Conference on Embedded Networked Sensor SystemsMalware analysis and detection is a rat race between malware designer and anti-malware community. Most of the current Smartphone antivirus(s) are based on the signature, heuristic and behaviour based mechanisms which are unable to detect advanced ...
Comments