Md Mizanur Rahman
Florida International University
Md Mizanur Rahman is a Ph.D. candidate in School of Computing and Information Sciences at FIU, works in the Cyber Security and Privacy Lab (CaSPR) at FIU, led by Dr. Bogdan Carbunar. He received his Bachelor’s degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology (BUET) in 2009. His research interests include the intersection of security and machine learning, with applications to fraud and malware detection. His research contributions have been published in renowned conferences and journals, such as IEEE TCSS, IEEE TKDE, ACM WebSci. Before joining FIU, he has held various positions in KAZ Software, iAppDragon and Prolog Inc.
The survival of products in online services such as Google Play, Yelp, Facebook, and Amazon, is contingent on their search rank. This, along with the social impact of such services, has also turned them into a lucrative medium for fraudulently influencing public opinion. Motivated by the need to aggressively promote products, communities that specialize in social network fraud (e.g., fake opinions and reviews, likes, followers, app installs) have emerged, to create a black market for fraudulent search optimization. Fraudulent product developers exploit these communities to hire teams of workers willing and able to commit fraud collectively, emulating realistic, spontaneous activities from unrelated people. We call this behavior “search rank fraud”. In this dissertation, we argue that fraud needs to be proactively discouraged and prevented, instead of only reactively detected and filtered. We introduce two novel approaches to discourage search rank fraud in online systems. First, we detect fraud in real-time, when it is posted, and impose resource consuming penalties on the devices that post activities. We introduce and leverage several novel concepts that include (i) stateless, verifiable computational puzzles that impose minimal performance overhead, but enable the efficient verification of their authenticity, (ii) a real-time, graph based solution to assign fraud scores to user activities, and (iii) mechanisms to dynamically adjust puzzle difficulty levels based on fraud scores and the computational capabilities of devices. In a second approach, we introduce the problem of fraud de-anonymization: reveal the crowdsourcing site accounts of the people who post large amounts of fraud, thus their bank accounts, and provide compelling evidence of fraud to the users of products that they promote. We investigate the ability of our solutions to ensure that fraud does not pay off.