Retrieving Hidden Friends: A Collusion Privacy Attack Against Online Friend Search Engine

Online social networks (OSNs) are providing a variety of applications for human users to interact with families, friends, and even strangers. One such application, the friend search engine, allows the general public to query individual users’ friend lists and has been gaining popularity recently. However, without proper design, this application may mistakenly disclose users’ private relationship information. Our previous work has proposed a privacy preservation solution that can effectively boost OSNs’ sociability while protecting users’ friendship privacy against attacks launched by individual malicious requestors. In this paper, we propose an advanced collusion attack, where a victim user’s friendship privacy can be compromised through a series of carefully designed queries coordinately launched by multiple malicious requestors. The effect of the proposed collusion attack is validated through synthetic and real-world social network data sets. The in-depth research on the advanced collusion attacks will help us design a more robust and secure friend search engine on OSNs in the near future.

[1]  Frank Stajano,et al.  Eight friends are enough: social graph approximation via public listings , 2009, SNS '09.

[2]  Feng Xiao,et al.  DSybil: Optimal Sybil-Resistance for Recommendation Systems , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[3]  Jian Pei,et al.  Preserving Privacy in Social Networks Against Neighborhood Attacks , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[4]  Krishna P. Gummadi,et al.  On the evolution of user interaction in Facebook , 2009, WOSN '09.

[5]  Sajal K. Das,et al.  Relationship Privacy Preservation in Publishing Online Social Networks , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[6]  Jose M. Such,et al.  Open Challenges in Relationship-Based Privacy Mechanisms for Social Network Services , 2015, Int. J. Hum. Comput. Interact..

[7]  Haihua Shen,et al.  Relationship Privacy Protection for Mobile Social Network , 2016, 2016 International Conference on Advanced Cloud and Big Data (CBD).

[8]  Donald F. Towsley,et al.  Resisting structural re-identification in anonymized social networks , 2010, The VLDB Journal.

[9]  Lian Liu,et al.  Privacy Preserving in Social Networks Against Sensitive Edge Disclosure , 2008 .

[10]  Jian Pei,et al.  A brief survey on anonymization techniques for privacy preserving publishing of social network data , 2008, SKDD.

[11]  Yuguang Fang,et al.  A Trust-Based Privacy-Preserving Friend Recommendation Scheme for Online Social Networks , 2015, IEEE Transactions on Dependable and Secure Computing.

[12]  Na Li,et al.  Privacy-aware display strategy in friend search , 2014, 2014 IEEE International Conference on Communications (ICC).

[13]  Jia Liu,et al.  K-isomorphism: privacy preserving network publication against structural attacks , 2010, SIGMOD Conference.

[14]  Yuguang Fang,et al.  A Privacy-Preserving Scheme for Online Social Networks with Efficient Revocation , 2010, 2010 Proceedings IEEE INFOCOM.

[15]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[16]  Lei Zou,et al.  K-Automorphism: A General Framework For Privacy Preserving Network Publication , 2009, Proc. VLDB Endow..

[17]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[18]  Jure Leskovec,et al.  Community Structure in Large Networks: Natural Cluster Sizes and the Absence of Large Well-Defined Clusters , 2008, Internet Math..

[19]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[20]  Hillol Kargupta,et al.  Privacy-Preserving Data Analysis on Graphs and Social Networks , 2008, Next Generation of Data Mining.

[21]  Amr El Abbadi,et al.  Anonymizing Edge-Weighted Social Network Graphs , 2009 .

[22]  Lise Getoor,et al.  Preserving the Privacy of Sensitive Relationships in Graph Data , 2007, PinKDD.

[23]  Chandra Prakash,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2011 .

[24]  R. Alba A graph‐theoretic definition of a sociometric clique† , 1973 .

[25]  A. Perrig,et al.  Exploiting Privacy Policy Conflicts in Online Social Networks (CMU-CyLab-12-005) , 2011 .