hongyu gao, tuo huang, jun hu, jingnan wang. boyd et al. social network sites: definition, history,...
TRANSCRIPT
Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang
Boyd et al. Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication, 13(1), article 11. 2007
Rapid growth of social network sites spawns a new area of network security and privacy issues
To conduct a comprehensive survey of existing and potential attack behaviors in social network sites
Identify patterns in such attack behaviors
Review existing solutions, measurement as well as defense mechanisms
Social Engineering attacks Spamming Phishing
Social Network vs. Social Network Sites (SNS) Sybil attack
Social network Account Attack Hack the social network account using password
cracking. Malware attack
Social Network sites as vectors of malware propagation
SNS as vectors for conventional spamming Messages, Wallposts, Comments, …
Detection and measurements
Active detection ---Social Honeypots Steve et al
Message spam and comment spam are similar with traditional spam.In my space there is new form of spam –deceptive profile spam.
This kind of spammer uses sexy photo and seductive story in about me section to attract visitors.
Social honeypots
Figure 1: An example of a deceptive spam profile
Social honeypots
Social honeypots can be seen as a kind of active detection of social network spam.
The author constructed 51 honeypot profiles and associated them with distinct geographic location in Myspace to collect the deceptive spam profiles.
For the num of their honeypots is small,so the dataset they collected is very limited.
Passive detection-----Detecting spammers and content promoters in online video social networks, by F.
Benevenuto, et. al. This paper is a comprehensive
behavior-based detection and it can be cataloged into passive dectection compared with “Social Honeypots”.
Passive detection
The author manually select a test collection of real YouTube users, classifying them as spammers, promoters, and legitimates. Using this collection,they provided a characterization of social and content attributes that help distinguish each user class.They used a state-of-the-art supervised classification algorithm to detect spammers and promoters, and assess its effectiveness in their test collection.
Passive detection
They considered three attribute sets, namely, video attributes, user attributes, and social network (SN) attributes.
Passive detection
They characterize each video by its duration, numbers of views and of commentaries received, ratings, number of times the video was selected as favorite, as well as numbers of honors and of external links
Passive detection
They select the following 10 user attributes: number of friends, number of videos Uploaded, number of videos watched, number of videos added as favorite, numbers of video responses posted and received, numbers of subscriptions and subscribers, average time between video uploads, and maximum number of videos uploaded in 24 hours.
Passive detection
Social network (SN) attributes: clustering coefficient, betweenness,reciprocity, assortativity, and UserRank.
Passive detection
For it is passive detection,it need pre-knowledge and another drawback is that using supervised learning algorithm may require large dataset for learning, otherwise the result will not be accurate.
Characteristics No specific recipient Using SNS as free advertisement site Can completely undermine the service of the
website especially if launched as Sybil attacks
Detection Metrics TagSpam TagBlur DomFp NumAds ValidLink
A general form of attack to reputation systems Large amount of fake identities “outvote”
honest identities Can be used to thwart the intended purpose of
certain SNSes
Sybil Nodes have small “Quotient Cuts”
Inherent social networks do notPossible to encircle the Sybil nodes
Malware attack
The most notorious worm in social network is the koobface. According to Trend Micro, the attack from koobface as follows: Step 1: Registering a Facebook account.
Step 2:Confirming an e-mail address in Gmail to activate the registered account. Step 3: Joining random Facebook groups. Step 4: Adding “friends” and posting messages on their walls.
Malware attack
There are worms and other threats that have plagued social networking sites. E.g. Grey Goo targeting at Second Life, JS/SpaceFlash targeting at MySpace,Kut Wormer targeting at Orkut, Secret Crush targeting at Facebook, etc.
Malware attack
Until now there are few papers on detecting these attacks.
Social network Account Attack
Hack the social network account using password cracking.
-----In February,2009, the Twitter account of Miley Cyrus was hijacked too and someone posted some
offensive messages
