A Survey of Social Network Security Issues

1
A Survey of Social Network Security Issues

• Hongyu Gao, Tuo Huang, Jun Hu, Jingnan Wang

2
History of Social Network Sites

• Boyd et al. Social Network Sites Definition,
  History, and Scholarship. Journal of
  Computer-Mediated Communication, 13(1), article
  11. 2007

3
Explosion of Social Network

• Rapid growth of social network sites spawns a new
  area of network security and privacy issues

4
Purpose of the Study

• To conduct a comprehensive survey of existing and
  potential attack behaviors in social network
  sites
• Identify patterns in such attack behaviors
• Review existing solutions, measurement as well as
  defense mechanisms

5
Security Issues Identified

• Social Engineering attacks
• Spamming
• Phishing
• Social Network vs. Social Network Sites (SNS)
• Sybil attack
• Social network Account Attack
• Hack the social network account using password
  cracking.
• Malware attack
• Social Network sites as vectors of malware
  propagation

6
Spamming

• SNS as vectors for conventional spamming
• Messages, Wallposts, Comments,
• Detection and measurements

7
Active detection ---Social Honeypots Steve et al

• Message spam and comment spam are similar with
  traditional spam.In my space there is new form of
  spam deceptive profile spam.
• This kind of spammer uses sexy photo and
  seductive story in about me section to attract
  visitors.

8
Social honeypots
Figure 1 An example of a deceptive spam profile
9
Social honeypots

• Social honeypots can be seen as a kind of active
  detection of social network spam.
• The author constructed 51 honeypot profiles and
  associated them with distinct geographic location
  in Myspace to collect the deceptive spam
  profiles.
• For the num of their honeypots is small,so the
  dataset they collected is very limited.

10
Passive detection-----Detecting spammers and
content promoters in online video social
networks, by F. Benevenuto, et. al.

• This paper is a comprehensive behavior-based
  detection and it can be cataloged into passive
  dectection compared with Social Honeypots.

11
Passive detection

• The author manually select a test collection of
  real YouTube users, classifying them  as
  spammers, promoters, and legitimates. Using this
  collection,they provided a characterization of
  social and content attributes that help
  distinguish each user class.They used a
  state-of-the-art supervised classification
  algorithm to detect spammers and promoters, and
  assess its effectiveness in their test
  collection.

12
Passive detection

• They considered three attribute sets, namely,
  video attributes, user attributes, and social
  network (SN) attributes.

13
Passive detection

• They characterize each video by its duration,
  numbers of views and of commentaries received,
  ratings, number of times the video was selected
  as favorite, as well as numbers of honors and of
  external links

14
Passive detection

• They select the following 10 user attributes
  number of friends, number of videos Uploaded,
  number of videos watched, number of videos added
  as favorite, numbers of video responses posted
  and received, numbers of subscriptions and
  subscribers, average time between video uploads,
  and maximum number of videos uploaded in 24 hours.

15
Passive detection

• Social network (SN) attributes clustering
  coefficient, betweenness,reciprocity,
  assortativity, and UserRank.

16
Passive detection

• For it is passive detection,it need pre-knowledge
  and another drawback is that using supervised
  learning algorithm may require large dataset for
  learning, otherwise the result will not be
  accurate.

17
Social Spamming

• Characteristics
• No specific recipient
• Using SNS as free advertisement site
• Can completely undermine the service of the
  website especially if launched as Sybil attacks
• Detection Metrics
• TagSpam
• TagBlur
• DomFp
• NumAds
• ValidLink

18
Sybil Attack

• A general form of attack to reputation systems
• Large amount of fake identities outvote honest
  identities
• Can be used to thwart the intended purpose of
  certain SNSes

19
Defense to Sybil Attacks SybilGuard Yu et al.

• Sybil Nodes have small Quotient Cuts
• Inherent social networks do not
• Possible to encircle the Sybil nodes

20
Malware attack

• The most notorious worm in social network is the
  koobface. According to Trend Micro, the attack
  from koobface as follows

Step 1 Registering a Facebook account. Step
2Confirming an e-mail address in Gmail to
activate the registered account. Step 3 Joining
random Facebook groups. Step 4 Adding friends
and posting messages on their walls.
21
Malware attack

• There are worms and other threats that have
  plagued social networking sites. E.g. Grey Goo
  targeting at Second Life, JS/SpaceFlash targeting
  at MySpace,Kut Wormer targeting at Orkut, Secret
  Crush targeting at Facebook, etc.

22
Malware attack

• Until now there are few papers on detecting these
  attacks.

23
Social network Account Attack

• Hack the social network account using password
  cracking.

-----In February,2009, the Twitter account of
Miley Cyrus was hijacked too and someone posted
some offensive messages
24
And more to be discovered