It is the bane of every security researcher: no matter how sophisticated the tool is to fight harmful behavior on any given interface, hackers will always adapt, scale up their game, and find new ways to work around the mechanism.
In an effort to get ahead of the scammers, Facebook is trying a new approach: to unleash an army of bots on a version of the platform, tasked with harmful actions – so that the Facebook-controlled bots can discover the loopholes before the real scammers even get to them.
- Facebook is recycling heat from its data centers to warm up these homes
- Robots, drones and surveillance apps: The unexpected future of medicine
- Best video conferencing software for business: Microsoft Teams plus eight more Zoom alternatives
- United Airlines says there’s no point leaving middle seats empty (ZDNet YouTube)
- The US, China and the AI arms race: Cutting through the hype (CNET)
- Verizon develops 5G-enabled EMS solutions with its fourth First Responder Lab (TechRepublic)
The technology will be operating in an alternative version of Facebook, dubbed WW to reflect that the system is a scaled-down version of the World Wide Web (WWW).
SEE: Managing AI and ML in the enterprise 2020: Tech leaders increase project development and implementation (TechRepublic Premium)
Contrary to traditional simulations, in which the simulated bots would be working on a simulated platform, WW is built on Facebook’s real-world software platform.
The company’s engineering team developed a method called Web-Enabled Simulation (WES), which consists of carrying out simulations on real web infrastructures, rather than artificial ones, to better reflect real user interactions and social behavior.
Using WES, Facebook’s engineers built WW – a parallel version of the social media platform, complete with Messenger, profiles, pages, and inopportune friend requests, but exclusively reserved for bots.
Presenting the technology at a webinar, Mark Hartman, research scientist at Facebook, said: “The simulations happen on the actual tens of millions of lines of code that make up the Facebook infrastructure. The bots use all of the same software and tools that a user would be using on the platform.”
“It means the simulation results are much closer to the reality of what happens on the platform, and to the many subtleties where harmful behavior can occur,” he added.
The bots, therefore, operate in an environment that is very close to the actual users on the platform, but a safe distance has wisely been kept. The bots’ actions are carefully constrained, and the engineers set up both a privacy layer and interaction mechanism layer to separate the two worlds.
Hartman’s team is currently focusing on using the bots to simulate scamming behavior, to find out if the detection mechanisms on Facebook are good enough, but also to uncover the new ways that scammers might try to extort money from unknowing users.
Real-life scammers typically crawl over the social-media platform until they find a target. And so, in a similar vein to game development, the engineering team recreated a scenario in which innocent bots simulate interactions with bots that are rewarded for crawling and acquiring another agent that they can scam.
Hartman explained that several methods were used to train the bots. They ranged from the old-fashioned rule-based approach, in which bots chose to carry out actions like sending a friend request based on a predetermined set of rules, to unsupervised learning, in which the bots are given the reward criteria but not the rules to get there.
Supervised learning was also a part of the mix: using anonymized data, the researchers defined patterns of real user behavior and trained the bots to imitate them.
“There is a strong relationship with AI-assisted gameplay,” said Hartman. “Simulated game players are a little bit like our bots. We are automating the process of making the game ever-more challenging, because we want to make it harder for potentially sophisticated and well-skilled bad actors.”
From an engineering perspective, the proposal is ambitious, and Hartman stressed that the project is still in a research phase. Hartman hopes that it is only a matter of months before the WW initiative comes to life, but admitted that further research was needed in various fields such as machine learning, graph theory or AI-assisted gameplay.
If the project were to come about at scale, however, the research team anticipated a significant boost to Facebook’s defense in the war against harmful behavior.
“The bots, in theory, can do things we haven’t seen before thanks to reinforcement learning,” said Hartman. “That’s something we want because it will let us get ahead of the bad behavior, rather than catch up with it.”
What’s more: using the WES method, WW could be replicated for any large-scale web system in which a community’s behavior can be observed. It could go a long way, therefore, in alleviating moderation efforts for many organizations.
- Microsoft Double Key Encryption enters public preview
- University of York discloses data breach, staff and student records stolen
- Best security keys in 2020: Hardware-based two-factor authentication for online protection
- Best password managers for business in 2020: 1Password, Keeper, LastPass, and more
- Cyber security 101: Protect your privacy from hackers, spies, and the government
- Phone privacy settings: Securing your iPhone and Android phone (ZDNet YouTube)
- Top 6 cheap home security devices in 2020 (CNET)
- What are IT pros concerned about in the new normal? (TechRepublic)