New Techniques in Fake Reviews

Research paper: "Automated Crowdturfing Attacks and Defenses in Online Review Systems."

Abstract: Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers. In this paper, we identify a new class of attacks that leverage deep learning language models (Recurrent Neural Networks or RNNs) to automate the generation of fake online reviews for products and services. Not only are these attacks cheap and therefore more scalable, but they can control rate of content output to eliminate the signature burstiness that makes crowdsourced campaigns easy to detect.

Using Yelp reviews as an example platform, we show how a two phased review generation and customization attack can produce reviews that are indistinguishable by state-of-the-art statistical detectors. We conduct a survey-based user study to show these reviews not only evade human detection, but also score high on "usefulness" metrics by users. Finally, we develop novel automated defenses against these attacks, by leveraging the lossy transformation introduced by the RNN training and generation cycle. We consider countermeasures against our mechanisms, show that they produce unattractive cost-benefit tradeoffs for attackers, and that they can be further curtailed by simple constraints imposed by online service providers.

Posted on September 4, 2017 at 7:08 AM • 16 Comments

Comments

ScissorsSeptember 4, 2017 8:16 AM

Interesting that the defenses mentioned revolve around using other computers to detect and remove the false reviews. It seems easier to create hurdles that prevent free/inexpensive reviews in the first place–like only allowing verified purchasers to review a product.

Chairman MaoSeptember 4, 2017 9:30 AM

This is FUNNY.

I like the list of credits: Yuanshun Yao Bimal Viswanath Jenna Cryan
ysyao@cs.uchicago.edu
University of Chicago viswanath@cs.uchicago.edu
University of Chicago jennacryan@cs.uchicago.edu
University of Chicago
Haitao Zheng Ben Y. Zhao
htzheng@cs.uchicago.edu
University of Chicago ravenben@cs.uchicago.edu


University of Chicago -- Chinese. Cryan is orignally UCSB.

Obviously, Obama's Mama is paying for this "study."

Chairman MaoSeptember 4, 2017 11:43 AM

@Steve

@Steve: Sheesh. Some people.

That's what I said.

The Internet is no longer the source of reliable information it once was. Today, misinformation is being used as a tool to harm com- petitors, win political campaigns, and sway public opinion. Clashes between conflicting accounts occur daily on social networks and online discussion forums, and the trustworthiness of many online information sources is now in question. One highly effective weapon for spreading misinformation is the use of crowdturfing campaigns [30, 46, 74], where bad actors pay groups of users to perform questionable or illegal actions online.

Obama's Mama.

At least I read the thing which is more than what you did.

bottom windSeptember 4, 2017 12:33 PM

I wonder how much most "fake news" can really affect people already so conditioned, apathetic and ineffectual. Maybe it alters spending habits slightly or sends a tremor through twitter, but I'm skeptical that it often does more than gently poke at the ephemeral conscience of the stolid superconsumer in the U.S. anymore. A whimsical wave of social disturbance in a sea of bewildered serfs hardly frightens me more than a trip to walmart, which isn't without hazards. I fear that even if fed 100 percent authentic news the majority would suffer indigestion and intellectual gerd or starve. Objectivity these days would leave many completely lost, quivering and wondering "where's the beef?" or what to think. It appears that on the dimly lighted path to nowhere, our brightest beacon is demagoguery and shopping, with something to hate on the side.

bottom windSeptember 4, 2017 12:50 PM

Admin: my apologies for getting off tiopic; please remove the comment if out of place. Reviews != news.

von KlandensteinSeptember 4, 2017 1:25 PM

Eventually we are going to use digital signatures in all web-articles (instead of the web-address). At the moment it just does not suit to google and other giants because digital signature also means ability for encryption and ultimately for privacy.

Miss InformedSeptember 4, 2017 2:00 PM

@bottom wind

Watch gas prices fluctuate in the case of prior pre-emptive misinformed spikes. Disinformation properly deployed can go a very very long way.

How about the stock market? A hands off approach to algorithms did what? Dumped stocks last year?

Maybe I'm just

MarkSeptember 4, 2017 10:15 PM

https://forums.theregister.co.uk/forum/1/2017/09/05/australian_defence_export_controls_up_for_review/


Having spent the last few years jumping through the Defence Controls around Cryptology, et al ( 13E, DTC(Act), Fairwork action, A.G.S.V.A. Data Breaches, Australian Signals Directorate delays and essentially requesting source code, Defence Export Controls ( who lost their Office ) delays, Australian Human Rights Cases, etc ), it's a much needed change to ensure innocent end users can obtain access to technologies to ensure a citizens privacy and not be sent to jail on the whim of a Minister in the sitting Australian Federal Government.

Current criminal penalties of up to 10 years in jail and .5 million in fines, for utilising software to ensure their privacy ( Cryptology ) is a ridiculous law effecting all within Australian borders.

https://forums.theregister.co.uk/forum/1/2017/09/05/australian_defence_export_controls_up_for_review/

MarkSeptember 5, 2017 2:23 AM

I've started a blog to discuss the DTC(Act) modifications being put forward to the Australian Parliament.

http://www.foocrypt.net/blog/defence-reviewing-13e

Having spent the last few years jumping through the Defence Controls around Cryptology, et al ( 13E, DTC(Act), Fairwork action, A.G.S.V.A. Data Breaches, Australian Signals Directorate delays and essentially requesting source code, Defence Export Controls ( who lost their Office ) delays, Australian Human Rights Cases, etc ), it's a much needed change to ensure innocent end users can obtain access to technologies to ensure a citizens privacy and not be sent to jail on the whim of a Minister in the sitting Australian Federal Government.

Current criminal penalties of up to 10 years in jail and .5 million in fines, for utilising software to ensure their privacy ( Cryptology ) is a ridiculous law effecting all within Australian borders.

https://forums.theregister.co.uk/forum/1/2017/09/05/australian_defence_export_controls_up_for_review/


Feel free to comment, send on, refer, etc.....

Mike ChanelSeptember 5, 2017 4:00 AM

Have the authors turned their machine loose on the comments above? They all make sense in their own right, but I have no idea which article most of them are commenting on.

JG4September 5, 2017 6:38 AM


the flipside of the question, "Cui bono?" always consider the conflicts of interest.

btw, that was me that brouught up Asimov's Foundation series by way of Ben Hunt's brilliant game theory analysis of how Trump's zero-sum business perspective has shifted the mood from cooperation (win-win) to competition (zero-sum). the problem is when you get to war, a knock-down drag out is a deep negative sum. this was in the daily news compendium at nakedcapitalism, but I forgot to label it as signal spoofing

Who is Actually Harmed by Predatory Publishers?
http://www.triple-c.at/index.php/tripleC/article/view/867
Martin Paul Eve, Ernesto Priego
Abstract
“Predatory publishing” refers to conditions under which gold open-access academic publishers claim to conduct peer review and charge for their publishing services but do not, in fact, actually perform such reviews. Most prominently exposed in recent years by Jeffrey Beall, the phenomenon garners much media attention. In this article, we acknowledge that such practices are deceptive but then examine, across a variety of stakeholder groups, what the harm is from such actions to each group of actors. We find that established publishers have a strong motivation to hype claims of predation as damaging to the scholarly and scientific endeavour while noting that, in fact, systems of peer review are themselves already acknowledged as deeply flawed.

NileSeptember 5, 2017 8:26 AM

The commoditisation of these services is very worrying.

It wasn't exactly worry-free when such things were available to an exclusive club of well-connected oligarchs with access to the Kremlin's trash-poster factories, billionaires with Cambridge Analytica connections, and GCHQ's rolodex of militant vegetarians and climate protestors on social media.

It is, of course, amusing to see another Dilbert snippet coming true: "I have replaced you with a short shell script".

...Which is actually very un-funny indeed.

Forget about driverless trucks and mass unemployment: what about all those liars-for-hire and political trashposts-for-dollars artisans who have now been automated out of a job? Unlike blue-collar workers who drive for a living, these information workers *will* find work. Somewhere. I have a feeling that it will be of even less benefit to society than their current activities.

Teddy RSeptember 5, 2017 3:39 PM

Now all we need is for machines to actually start buying the items. The end is neigh.

Chipping away at trustSeptember 5, 2017 5:16 PM

The web model is trust based. The review model is trust based.

Robo-astroturfing undermines that model and turns any perceived usefulness of reviews against itself.

Garbage in, garbage out, garbage information, garbage society. No trust, no society.

Technology has me hearkening for the days when they'd cut a liar's tongue out on the spot.

LorenzoSeptember 6, 2017 11:48 AM


Hello There,

for sure someone will think I'm joking or I'm lying.
I'm creating the first world's app that solve the problem of false reviews, forever!

Stay Tuned :)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.