Skip to main content

Research Talk:  Securing the Perimeter at LinkedIn - Approaches to Registration and Login Defense

Date:October 13, 2015 
Talk Title:Securing the Perimeter at LinkedIn - Approaches to Registration and Login Defense
Speaker:David Freeman, Head of Anti-Abuse Engineering at LinkedIn
Time & Location:1:30pm - 2:30pm
2101, CIC Building, Pittsburgh

Abstract

As the world's largest professional network, LinkedIn is subject to a barrage of fraudulent and/or abusive activity aimed at its member-facing products. LinkedIn's Anti-Abuse Team is tasked with detecting bad activity and building proactive solutions to keep it from happening in the first place. In this talk we'll explore various types of abuse we see at LinkedIn and discuss some of the solutions we've built to defend against them. We'll focus on perimeter defense: keeping bad guys from creating fake accounts at registration or from taking over real members' accounts at login.

Registration defense presents a challenge because we have very little information at registration time when we are asked to make a decision. In the first part of the talk we will describe the models and infrastructure we have built to stop bad activity at registration or shortly thereafter. Our systems rely heavily on "asset reputation" to score registrations accurately with limited data.

Login defense presents a challenge because passwords are known to have many weaknesses, but no alternative authentication mechanism has been successfully rolled out at scale. In the second part of the talk we will present a statistical login-scoring model we have developed that strengthens password- based authentication without changing the user experience. We will present results of our prototype implementation validated on real-life login data from LinkedIn, showing that a large majority of attacks can be prevented by imposing additional verification steps on only a small fraction of users.

Speaker Bio

David Freeman is head of Anti-Abuse Engineering at LinkedIn, where he leads a team of data scientists and engineers charged with detecting and preventing fraud and abuse across the LinkedIn site and ecosystem. He has a Ph.D. in mathematics from UC Berkeley and did postdoctoral research in cryptography and security at CWI and Stanford University.