Nestor Gabriel Hernandez Hernandez
School of Computing and Information Sciences
Nestor Gabriel Hernandez Hernandez is a PhD candidate in the School of Computing and Information Sciences (SCIS) at FIU where he works under the supervision of Dr. Bogdan Carbunar in the Cyber Security and Privacy (CaSPR) lab. Nestor obtained a MSc in computer science from FIU, and a BSc in Applied Mathematics from Universidad Simon Bolivar in Caracas, Venezuela. In his research, Nestor applies a data-driven approach to better understand and mitigate abuse on the internet. His research involves a mix of quantitative analysis, some qualitative analysis, machine learning, social engineering, and system design. His work has been published at ACM CCS and IEEE TKDE.
Search rank fraud, i.e., the posting of large numbers of fake activities for products hosted in commercial peer-opinion services such as those provided by Google, Apple, Amazon, seeks to give the illusion of grassroots engagement, boost financial gains, promote malware and even assist censorship efforts. In this thesis we argue that knowledge of the authentic capabilities, behaviors and strategies employed by empirically validated workers, is paramount to develop solutions that efficiently manage and contain search rank fraud.
Unlike earlier fraud detection efforts that are based on axiomatic assumptions on how workers operate, in this thesis we engaged with professional workers to study their capabilities, behaviors and strategies, and evaluate fraud detection and attribution solutions that we developed. We conducted qualitative and quantitative investigations with professional workers concerning activities they performed on Google Play, and reveal findings concerning their capabilities, working patterns and strategies to avoid fraud detection. We confirm the existence of power workers who control many devices and user accounts, and the emergence of organic workers, i.e., almost-regular users who occasionally promote products from their personal accounts. We introduce a novel framework to capture detailed insights about device and app usage, and use it to develop and evaluate the first solutions that disentangle organic fraud from power fraud and honest behaviors. Further, we introduce and evaluate fraud de-anonymization techniques to attribute user accounts used to promote apps to the human workers in crowdsourcing sites who control them.
We argue that fraud detection and prevention solutions can only succeed by integrating validated workers into the problem modeling and the solution design and evaluation processes.