Man vs. Machine: Practical adversarial detection of malicious crowdsourcing workers

Gang Wang, Tianyi Wang, Haitao Zheng, Ben Y. Zhao

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Recent work in security and systems has embraced the use of machine learning (ML) techniques for identifying misbehavior, e.g. email spam and fake (Sybil) users in social networks. However, ML models are typically derived from fixed datasets, and must be periodically retrained. In adversarial environments, attackers can adapt by modifying their behavior or even sabotaging ML models by polluting training data. In this paper1, we perform an empirical study of adversarial attacks against machine learning models in the context of detecting malicious crowdsourcing systems, where sites connect paying users with workers willing to carry out malicious campaigns. By using human workers, these systems can easily circumvent deployed security mechanisms, e.g. CAPTCHAs. We collect a dataset of malicious workers actively performing tasks on Weibo, China's Twitter, and use it to develop ML-based detectors. We show that traditional ML techniques are accurate (95%-99%) in detection but can be highly vulnerable to adversarial attacks, including simple evasion attacks (workers modify their behavior) and powerful poisoning attacks (where administrators tamper with the training set). We quantify the robustness of ML classifiers by evaluating them in a range of practical adversarial models using ground truth data. Our analysis provides a detailed look at practical adversarial attacks on ML models, and helps defenders make informed decisions in the design and configuration of ML detectors.

Original languageEnglish (US)
Title of host publicationProceedings of the 23rd USENIX Security Symposium
PublisherUSENIX Association
Number of pages16
ISBN (Electronic)9781931971157
StatePublished - 2014
Externally publishedYes
Event23rd USENIX Security Symposium - San Diego, United States
Duration: Aug 20 2014Aug 22 2014

Publication series

NameProceedings of the 23rd USENIX Security Symposium


Conference23rd USENIX Security Symposium
Country/TerritoryUnited States
CitySan Diego

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Man vs. Machine: Practical adversarial detection of malicious crowdsourcing workers'. Together they form a unique fingerprint.

Cite this