📝 SummarXiv

Abstract

We study the efficacy of strategies aimed at controlling the spread of deception-based cyber-threats unfolding on online social networks. We model directed and temporal interactions between users using a family of activity-driven networks featuring tunable homophily levels among gullibility classes. We simulate the spreading of cyber-threats using classic Susceptible-Infected-Susceptible (SIS) models. We explore and quantify the effectiveness of four control strategies. Akin to vaccination campaigns with a limited budget, each strategy selects a fraction of nodes with the aim to increase their awareness and provide protection from cyber-threats. The first strategy picks nodes randomly. The second assumes global knowledge of the system selecting nodes based on their activity. The third picks nodes via egocentric sampling. The fourth selects nodes based on the outcome of standard security awareness tests, customarily used by institutions to probe, estimate, and raise the awareness of their workforce. We quantify the impact of each strategy by deriving analytically how they affect the spreading threshold. Analytical expressions are validated via large-scale numerical simulations. Interestingly, we find that targeted strategies, focusing on key features of the population such as the activity, are extremely effective. Egocentric sampling strategies, though not as effective, emerge as clear second best despite not assuming any knowledge about the system. Interestingly, we find that networks characterized by highly homophilic interactions linked to gullibility might expand the range of transmissibility parameters that allows for macroscopic outbreaks. At the same time, they reduce the reach of these spreading events. Hence, rather isolated patches of the network formed by highly gullible individuals might provide fertile grounds for the propagation and survival of cyber-threats.