-
Beyond Trolling: Malware-Induced Misperception Attacks on Polarized Facebook Discourse
Authors:
Filipo Sharevski,
Paige Treebridge,
Peter Jachim,
Audrey Li,
Adam Babin,
Jessica Westbrook
Abstract:
Social media trolling is a powerful tactic to manipulate public opinion on issues with a high moral component. Troll farms, as evidenced in the past, created fabricated content to provoke or silence people to share their opinion on social media during the US presidential election in 2016. In this paper, we introduce an alternate way of provoking or silencing social media discourse by manipulating…
▽ More
Social media trolling is a powerful tactic to manipulate public opinion on issues with a high moral component. Troll farms, as evidenced in the past, created fabricated content to provoke or silence people to share their opinion on social media during the US presidential election in 2016. In this paper, we introduce an alternate way of provoking or silencing social media discourse by manipulating how users perceive authentic content. This manipulation is performed by man-in-the-middle malware that covertly rearranges the linguistic content of an authentic social media post and comments. We call this attack Malware-Induced Misperception (MIM) because the goal is to socially engineer spiral-of-silence conditions on social media by inducing perception. We conducted experimental tests in controlled settings (N = 311) where a malware covertly altered selected words in a Facebook post about the freedom of political expression on college campuses. The empirical results (1) confirm the previous findings about the presence of the spiral-of-silence effect on social media; and (2) demonstrate that inducing misperception is an effective tactic to silence or provoke targeted users on Facebook to express their opinion on a polarizing political issue.
△ Less
Submitted 10 February, 2020;
originally announced February 2020.
-
Meet Malexa, Alexa's Malicious Twin: Malware-Induced Misperception Through Intelligent Voice Assistants
Authors:
Filipo Sharevski,
Paige Treebridge,
Peter Jachim,
Audrey Li,
Adam Babin,
Jessica Westbrook
Abstract:
This paper reports the findings of a study where users (N=220) interacted with Malexa, Alexa's malicious twin. Malexa is an intelligent voice assistant with a simple and seemingly harmless third-party skill that delivers news briefings to users. The twist, however, is that Malexa covertly rewords these briefings to intentionally introduce misperception about the reported events. This covert reword…
▽ More
This paper reports the findings of a study where users (N=220) interacted with Malexa, Alexa's malicious twin. Malexa is an intelligent voice assistant with a simple and seemingly harmless third-party skill that delivers news briefings to users. The twist, however, is that Malexa covertly rewords these briefings to intentionally introduce misperception about the reported events. This covert rewording is referred to as a Malware-Induced Misperception (MIM) attack. It differs from squatting or invocation hijacking attacks in that it is focused on manipulating the "content" delivered through a third-party skill instead of the skill's "invocation logic." Malexa, in the study, reworded regulatory briefings to make a government response sound more accidental or lenient than the original news delivered by Alexa. The results show that users who interacted with Malexa perceived that the government was less friendly to working people and more in favor of big businesses. The results also show that Malexa is capable of inducing misperceptions regardless of the user's gender, political ideology or frequency of interaction with intelligent voice assistants. We discuss the implications in the context of using Malexa as a covert "influencer" in people's living or working environments.
△ Less
Submitted 9 February, 2020;
originally announced February 2020.
-
Manipulation of Perceived Politeness in a Web-based Email Discourse Through a Malicious Browser Extension
Authors:
Filipo Sharevski,
Paige Treebridge,
Jessica Westbrook
Abstract:
This paper presents a specific man-in-the-middle exploit: Ambient Tactical Deception (ATD) in online communication, realized via a malicious web browser extension. Extensions manipulate web content in unobtrusive ways as ambient intermediaries of the overall browsing experience. In our previous work, we demonstrated that it is possible to employ tactical deception by making covert changes in the t…
▽ More
This paper presents a specific man-in-the-middle exploit: Ambient Tactical Deception (ATD) in online communication, realized via a malicious web browser extension. Extensions manipulate web content in unobtrusive ways as ambient intermediaries of the overall browsing experience. In our previous work, we demonstrated that it is possible to employ tactical deception by making covert changes in the text content of a web page, regardless of the source. In this work, we investigated the application of ATD in a web-based email discourse where the objective is to manipulate the interpersonal perception without the knowledge of the involved parties. We focus on web-based email text because it is asynchronous and usually revised for clarity and politeness. Previous research has demonstrated that people's perception of politeness in online communication is based on three factors: the degree of imposition, the power of the receiver over the sender, and the social distance between them. We interviewed participants about their perception of these factors to establish the plausibility of ATD for email discourse. The results indicate that by covertly altering the politeness strategy in an email, it is possible for an ATD attacker to manipulate the receiver's perception on all of the politeness factors. Our findings support the Brown and Levinson's politeness theory and Walther's hyperpersonal model of email communication.
△ Less
Submitted 24 December, 2019; v1 submitted 30 August, 2019;
originally announced August 2019.
-
Pressure and flow statistics of Darcy flow from simulated annealing
Authors:
Marise J. E. Westbroek,
Peter R. King,
Dimitri D. Vvedensky,
Ronnie L. Schwede
Abstract:
The pressure and flow statistics of Darcy flow through a random permeable medium are expressed in a form suitable for evaluation by the method of simulated annealing. There are several attractive aspects to using simulated annealing: (i) any probability distribution can be used for the permeability, (ii) there is no need to invert the transmissibility matrix which, while not a factor for single-ph…
▽ More
The pressure and flow statistics of Darcy flow through a random permeable medium are expressed in a form suitable for evaluation by the method of simulated annealing. There are several attractive aspects to using simulated annealing: (i) any probability distribution can be used for the permeability, (ii) there is no need to invert the transmissibility matrix which, while not a factor for single-phase flow, offers distinct advantages for the case of multiphase flow, and (iii) the action used for simulated annealing is eminently suitable for coarse graining by integrating over the short-wavelength degrees of freedom. In this paper, we show that the pressure and flow statistics obtained by simulated annealing are in excellent agreement with the more conventional finite-volume calculations.
△ Less
Submitted 3 April, 2019; v1 submitted 22 March, 2019;
originally announced March 2019.
-
Sorry: Ambient Tactical Deception Via Malware-Based Social Engineering
Authors:
Adam Trowbridge,
Jessica Westbrook,
Filipo Sharevski
Abstract:
In this paper we argue, drawing from the perspectives of cybersecurity and social psychology, that Internet-based manipulation of an individual or group reality using ambient tactical deception is possible using only software and changing words in a web browser. We call this attack Ambient Tactical Deception (ATD). Ambient, in artificial intelligence, describes software that is "unobtrusive," and…
▽ More
In this paper we argue, drawing from the perspectives of cybersecurity and social psychology, that Internet-based manipulation of an individual or group reality using ambient tactical deception is possible using only software and changing words in a web browser. We call this attack Ambient Tactical Deception (ATD). Ambient, in artificial intelligence, describes software that is "unobtrusive," and completely integrated into a user's life. Tactical deception is an information warfare term for the use of deception on an opposing force. We suggest that an ATD attack could change the sentiment of text in a web browser. This could alter the victim's perception of reality by providing disinformation. Within the limit of online communication, even a pause in replying to a text can affect how people perceive each other. The outcomes of an ATD attack could include alienation, upsetting a victim, and influencing their feelings about an election, a spouse, or a corporation.
△ Less
Submitted 25 October, 2018;
originally announced October 2018.
-
Malicious User Experience Design Research for Cybersecurity
Authors:
Adam Trowbridge,
Filipo Sharevski,
Jessica Westbrook
Abstract:
This paper explores the factors and theory behind the user-centered research that is necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security t…
▽ More
This paper explores the factors and theory behind the user-centered research that is necessary to create a successful game-like prototype, and user experience, for malicious users in a cybersecurity context. We explore what is known about successful addictive design in the fields of video games and gambling to understand the allure of breaking into a system, and the joy of thwarting the security to reach a goal or a reward of data. Based on the malicious user research, game user research, and using the GameFlow framework, we propose a novel malicious user experience design approach
△ Less
Submitted 28 June, 2018;
originally announced June 2018.
-
Novel Approach for Cybersecurity Workforce Development: A Course in Secure Design
Authors:
Filipo Sharevski,
Adam Trowbridge,
Jessica Westbrook
Abstract:
Training the future cybersecurity workforce to respond to emerging threats requires introduction of novel educational interventions into the cybersecurity curriculum. To be effective, these interventions have to incorporate trending knowledge from cybersecurity and other related domains while allowing for experiential learning through hands-on experimentation. To date, the traditional interdiscipl…
▽ More
Training the future cybersecurity workforce to respond to emerging threats requires introduction of novel educational interventions into the cybersecurity curriculum. To be effective, these interventions have to incorporate trending knowledge from cybersecurity and other related domains while allowing for experiential learning through hands-on experimentation. To date, the traditional interdisciplinary approach for cybersecurity training has infused political science, law, economics or linguistics knowledge into the cybersecurity curriculum, allowing for limited experimentation. Cybersecurity students were left with little opportunity to acquire knowledge, skills, and abilities in domains outside of these. Also, students in outside majors had no options to get into cybersecurity. With this in mind, we developed an interdisciplinary course for experiential learning in the fields of cybersecurity and interaction design. The inaugural course teaches students from cybersecurity, user interaction design, and visual design the principles of designing for secure use - or secure design - and allows them to apply them for prototyping of Internet-of-Things (IoT) products for smart homes. This paper elaborates on the concepts of secure design and how our approach enhances the training of the future cybersecurity workforce.
△ Less
Submitted 4 June, 2018;
originally announced June 2018.
-
Linear-Time Pointer-Machine Algorithms for Path-Evaluation Problems on Trees and Graphs
Authors:
Adam L. Buchsbaum,
Loukas Georgiadis,
Haim Kaplan,
Anne Rogers,
Robert E. Tarjan,
Jeffery R. Westbrook
Abstract:
We present algorithms that run in linear time on pointer machines for a collection of problems, each of which either directly or indirectly requires the evaluation of a function defined on paths in a tree. These problems previously had linear-time algorithms but only for random-access machines (RAMs); the best pointer-machine algorithms were super-linear by an inverse-Ackermann-function factor.…
▽ More
We present algorithms that run in linear time on pointer machines for a collection of problems, each of which either directly or indirectly requires the evaluation of a function defined on paths in a tree. These problems previously had linear-time algorithms but only for random-access machines (RAMs); the best pointer-machine algorithms were super-linear by an inverse-Ackermann-function factor. Our algorithms are also simpler, in some cases substantially, than the previous linear-time RAM algorithms. Our improvements come primarily from three new ideas: a refined analysis of path compression that gives a linear bound if the compressions favor certain nodes, a pointer-based radix sort as a replacement for table-based methods, and a more careful partitioning of a tree into easily managed parts. Our algorithms compute nearest common ancestors off-line, verify and construct minimum spanning trees, do interval analysis on a flowgraph, find the dominators of a flowgraph, and build the component tree of a weighted tree.
△ Less
Submitted 14 November, 2006; v1 submitted 15 July, 2002;
originally announced July 2002.
