Quantifying the impact of the Twitter fake accounts purge - a technical analysis

Quantifying the impact of the Twitter fake accounts purge – a technical analysis

|
This post provides an overview of the impact of the Twitter 2018 accounts purge through the lens of its impact on 16k of Twitter’s most popular accounts. Overall, we found that on average, popular accounts lost 2.8 percent of their followers bases due to the purge. In terms of raw ... Read More
How to Successfully Harness AI to Combat Fraud and Abuse - RSA 2018

Attacks against machine learning — an overview

|
This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. At a high level, attacks against classifiers can be broken down into three types: Adversarial inputs , which are specially crafted inputs that have been developed with the aim of being ... Read More
How to Successfully Harness AI to Combat Fraud and Abuse - RSA 2018

How to handle mistakes while using AI to block attacks

|
This post looks at the main difficulties faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable. At a high level, the main difficulty faced when using a classifier to block attacks is how to handle mistakes. The need ... Read More
How to Successfully Harness AI to Combat Fraud and Abuse - RSA 2018

Challenges faced while training an AI to combat abuse

|
This post looks at the main challenges that arise when training a classifier to combat fraud and abuse. At a high level, what makes training a classifier to detect fraud and abuse unique is that it deals with data generated by an adversary that actively attempts to evade detection. Sucessfully ... Read More

How to successfully harness AI to combat fraud and abuse

|
While machine learning is integral to innumerable anti-abuse systems including spam and phishing detection, the road to reap its benefits is paved with numerous abuse-specific challenges. Drawing from concrete examples this session will discuss how these challenges are addressed at Google and providea roadmap to anyone interested in applying machine ... Read More
How to Successfully Harness AI to Combat Fraud and Abuse - RSA 2018

Why AI is the key to robust anti-abuse defenses

|
This post explains why artificial intelligence (AI) is the key to building anti-abuse defenses that keep up with user expectations and combat increasingly sophisticated attacks. This is the first post of a series of four posts dedicated to provide a concise overview of how to harness AI to build robust ... Read More
Hunting down Gooligan - Botconf 2017

Taking down Gooligan part 3 — monetization and clean-up

This post provides an in-depth analysis of Gooligan monetization schemas and recounts how Google took it down with the help of external partners. This post is the final post of the series dedicated to the hunt and take down of Gooligan that we did at Google in collaboration with Check ... Read More
Hunting down Gooligan - Botconf 2017

Taking down Gooligan: part 2 — inner workings

This post provides an in-depth analysis of the inner workings of Gooligan, the infamous Android OAuth stealing botnet. This is the second post of a series dedicated to the hunt and takedown of Gooligan that we did at Google, in collaboration with Check Point, in November 2016. The first post ... Read More
Hunting down Gooligan - Botconf 2017

Taking down Gooligan: part 1 — overview

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth ... Read More
Hunting down Gooligan — retrospective analysis

Hunting down Gooligan — retrospective analysis

This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time. Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an ... Read More
Loading...