Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang

slurpslapoutNetworking and Communications

Nov 20, 2013 (3 years and 7 months ago)

65 views

Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang


Boyd et al. Social Network Sites: Definition, History, and Scholarship.
Journal of Computer
-
Mediated Communication
,
13
(1), article 11. 2007


Rapid growth of social network sites spawns a new area of network security and
privacy issues


To conduct a comprehensive survey of
existing and potential attack behaviors in
social network sites



Identify patterns in such attack behaviors



Review existing solutions, measurement as
well as defense mechanisms



Social Engineering attacks


Spamming


Phishing


Social Network vs. Social Network Sites (SNS)


Sybil attack


Social network Account Attack


Hack the social network account using password cracking.



Malware attack


Social Network sites as vectors of malware
propagation




SNS as vectors for conventional spamming


Messages, Wallposts, Comments, …


Detection and measurements



Message spam and comment spam are
similar with traditional spam.In my space
there is new form of spam

deceptive profile
spam.


This kind of spammer uses sexy photo and
seductive story in about me section to attract
visitors.

Figure 1: An example of a deceptive spam profile


Social honeypots can be seen as a kind of
active detection of social network spam.


The author constructed 51 honeypot profiles
and associated them with distinct geographic
location in Myspace to collect the deceptive
spam profiles.


For the num of their honeypots is small,so the
dataset they collected is very limited.



This paper is a comprehensive behavior
-
based detection and it can be cataloged into
passive dectection compared with “Social
Honeypots”.


The author manually select a test collection
of real YouTube users, classifying them


as
spammers, promoters, and legitimates. Using
this collection,they provided a
characterization of social and content
attributes that help distinguish each user
class.They used a state
-
of
-
the
-
art supervised
classification algorithm to detect spammers
and promoters, and assess its effectiveness in
their test collection.



They considered three attribute sets, namely,
video attributes, user attributes, and social
network (SN) attributes.


They characterize each video by its duration,
numbers of views and of commentaries
received, ratings, number of times the video
was selected as favorite, as well as numbers
of honors and of external links


They select the following 10 user attributes:
number of friends, number of videos
Uploaded, number of videos watched,
number of videos added as favorite, numbers
of video responses posted and received,
numbers of subscriptions and subscribers,
average time between video uploads, and
maximum number of videos uploaded in 24
hours.


Social network (SN) attributes: clustering
coefficient, betweenness,reciprocity,
assortativity, and UserRank.


For it is passive detection,it need pre
-
knowledge and another drawback is that
using supervised learning algorithm may
require large dataset for learning, otherwise
the result will not be accurate.


Characteristics


No specific recipient


Using SNS as free advertisement site


Can completely undermine the service of the website
especially if launched as Sybil attacks



Detection Metrics


TagSpam


TagBlur


DomFp


NumAds


ValidLink



A general form of attack to reputation systems


Large amount of fake identities “outvote” honest
identities


Can be used to thwart the intended purpose of certain
SNSes




Sybil Nodes have small “Quotient Cuts”


Inherent social networks do not


Possible to encircle the Sybil nodes



The most notorious worm in social network is
the koobface. According to Trend Micro, the
attack from koobface as follows:


Step 1: Registering a Facebook account.

Step 2:Confirming an e
-
mail address in Gmail to
activate the registered account.

Step 3: Joining random Facebook groups.

Step 4: Adding “friends” and posting messages on
their walls.



There are worms and other threats that have
plagued social networking sites. E.g. Grey
Goo targeting at Second Life, JS/SpaceFlash
targeting at MySpace,Kut Wormer targeting
at Orkut, Secret Crush targeting at Facebook,
etc.


Until now there are few papers on detecting
these attacks.


Hack the social network account using
password cracking.

-----
In February,2009, the Twitter account of Miley
Cyrus was hijacked too and someone posted some
offensive messages