Classification of various attacks and their defence mechanism in online social networks: a survey

ABSTRACT Due to the popularity and user friendliness of the Internet, numbers of users of online social networks (OSNs) and social media have grown significantly. However, globally utilised, social networks are the consequence of the lack of understanding of secrecy and protection on OSN and media has increased. Secrecy and surety of OSNs need to be inquired from various positions. According to recent studies, OSN users expose their private information such as email address, phone number etc. In this paper, we have presented a high-level classification of recent OSN attacks for recognising the problem and analysing the blow of such attacks on World Wide Web. We have also discussed OSN attacks on different social networking web applications by citing certain recent reports such as Kaspersky security network and Sophos security threat report. We also offer some simple-to-implement user practice tips to protect the system and user’s information. In addition to this, we have discussed a comprehensive analysis of numerous defensive approaches on OSN security. Lastly, based on the acknowledged strength and faults of these defensive approaches, we have explained open research issues.

[1]  Zhiguo Gong,et al.  Identifying influential user communities on the social network , 2015, Enterp. Inf. Syst..

[2]  Aditya Khamparia,et al.  A comprehensive survey of edge prediction in social networks: Techniques, parameters and challenges , 2019, Expert Syst. Appl..

[3]  Peng Zhang,et al.  Analyzing and Detecting Money-Laundering Accounts in Online Social Networks , 2018, IEEE Network.

[4]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[5]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[6]  Wei Ren,et al.  Provably secure information hiding via short text in social networking tools , 2012 .

[7]  Cristina Nita-Rotaru,et al.  A survey of attack and defense techniques for reputation systems , 2009, CSUR.

[8]  Qiang Li,et al.  Towards fast and lightweight spam account detection in mobile social networks through fog computing , 2018, Peer Peer Netw. Appl..

[9]  Karima Benatchba,et al.  Tracking community evolution in social networks: A survey , 2019, Inf. Process. Manag..

[10]  Shiuh-Pyng Shieh,et al.  A Batch-Authenticated and Key Agreement Framework for P2P-Based Online Social Networks , 2012, IEEE Transactions on Vehicular Technology.

[11]  Aspen Olmsted,et al.  Friend or faux? engineering your social network to detect fraudulent profiles , 2016, 2016 International Conference on Information Society (i-Society).

[12]  Ponnurangam Kumaraguru,et al.  PhishAri : Automatic Realtime Phishing Detection on Twitter Anupama Aggarwal , 2012 .

[13]  Sylvio Barbon Junior,et al.  Detection of Human, Legitimate Bot, and Malicious Bot in Online Social Networks Based on Wavelets , 2018, ACM Trans. Multim. Comput. Commun. Appl..

[14]  David E. Culler,et al.  A blueprint for introducing disruptive technology into the Internet , 2003, CCRV.

[15]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[16]  Michalis Faloutsos,et al.  An analysis of socware cascades in online social networks , 2013, WWW.

[17]  Mohd. Shadab Siddiqui,et al.  Cross site request forgery: A common web application weakness , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[18]  Gianluca Stringhini,et al.  Detecting spammers on social networks , 2010, ACSAC '10.

[19]  Alessandro Armando,et al.  Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[20]  Dwen-Ren Tsai,et al.  A proxy-based real-time protection mechanism for social networking sites , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[21]  Scott A. Golder,et al.  Security Issues and Recommendations for Online Social Networks. , 2007 .

[22]  Xiuzhen Zhang,et al.  Anomaly detection in online social networks , 2014, Soc. Networks.

[23]  Marcin Maleszka,et al.  Application of collective knowledge diffusion in a social network environment , 2018, Enterp. Inf. Syst..

[24]  Jun Hu,et al.  Security Issues in Online Social Networks , 2011, IEEE Internet Computing.

[25]  Hajer Kefi,et al.  Dark Side of Online Social Networks: Technical, Managerial, and Behavioral Perspectives , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[26]  N. K. Rana,et al.  Detection and prevention of Profile Cloning in Online Social Networks , 2014, International Conference on Recent Advances and Innovations in Engineering (ICRAIE-2014).

[27]  Mohamed Torky,et al.  Recognizing Fake identities in Online Social Networks based on a Finite Automaton approach , 2016, 2016 12th International Computer Engineering Conference (ICENCO).

[28]  Nazar Abbas Saqib,et al.  On Detection and Prevention of Clickjacking Attack for OSNs , 2013, 2013 11th International Conference on Frontiers of Information Technology.

[29]  Thorsten Strufe,et al.  A survey on decentralized Online Social Networks , 2014, Comput. Networks.

[30]  Qinghua Zheng,et al.  Semi-supervised clue fusion for spammer detection in Sina Weibo , 2018, Inf. Fusion.

[31]  Michael Sirivianos,et al.  Aiding the Detection of Fake Accounts in Large Scale Social Online Services , 2012, NSDI.

[32]  Adriana Iamnitchi,et al.  A Survey on Privacy and Security in Online Social Networks , 2015, Online Soc. Networks Media.

[33]  Ponnurangam Kumaraguru,et al.  Towards automatic real time identification of malicious posts on Facebook , 2015, 2015 13th Annual Conference on Privacy, Security and Trust (PST).

[34]  John C. S. Lui,et al.  Friends or Foes: Distributed and Randomized Algorithms to Determine Dishonest Recommenders in Online Social Networks , 2014, IEEE Transactions on Information Forensics and Security.

[35]  Xin Wang,et al.  DeepScan: Exploiting Deep Learning for Malicious Account Detection in Location-Based Social Networks , 2018, IEEE Communications Magazine.

[36]  Jianguo Pan,et al.  A Hybrid Trust Evaluation Framework for E-Commerce in Online Social Network: A Factor Enrichment Perspective , 2017, IEEE Access.

[37]  Tal Samuel-Azran,et al.  Gendered discourse patterns on online social networks: A social network analysis perspective , 2017, Comput. Hum. Behav..

[38]  Florian Probst,et al.  Online social networks: A survey of a global phenomenon , 2012 .

[39]  Yuguang Fang,et al.  A Trust-Based Privacy-Preserving Friend Recommendation Scheme for Online Social Networks , 2015, IEEE Transactions on Dependable and Secure Computing.

[40]  Klaus Turowski,et al.  A dynamic perspective: local interactions driving the spread of social networks , 2018, Enterp. Inf. Syst..

[41]  Y. Elovici,et al.  Strangers Intrusion Detection - Detecting Spammers and Fake Proles in Social Networks Based on Topology Anomalies , 2012 .

[42]  Global Kids Online One in three: internet governance and children’s rights , 2016 .

[43]  Refik Molva,et al.  Secret interest groups (SIGs) in social networks with an implementation on Facebook , 2010, SAC '10.

[44]  Flora Amato,et al.  SOS: A multimedia recommender System for Online Social networks , 2017, Future Gener. Comput. Syst..

[45]  Laura Ricci,et al.  A survey on privacy in decentralized online social networks , 2018, Comput. Sci. Rev..

[46]  Yuval Elovici,et al.  Online Social Networks: Threats and Solutions , 2013, IEEE Communications Surveys & Tutorials.

[47]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[48]  Yang Yixian,et al.  Improving security and efciency for encrypted data sharing in online social networks , 2014, China Communications.

[49]  Pan Li,et al.  SPA: A Secure and Private Auction Framework for Decentralized Online Social Networks , 2016, IEEE Transactions on Parallel and Distributed Systems.

[50]  Nick Mathewson,et al.  Reputation in privacy enhancing technologies , 2002, CFP '02.

[51]  Yi Yang,et al.  Beating the Artificial Chaos: Fighting OSN Spam Using Its Own Templates , 2016, IEEE/ACM Transactions on Networking.

[52]  Ming Gu,et al.  A Brief Survey on De-anonymization Attacks in Online Social Networks , 2010, 2010 International Conference on Computational Aspects of Social Networks.

[53]  Sunil Choenni,et al.  A Study of Preventing Email (Spear) Phishing by Enabling Human Intelligence , 2015, 2015 European Intelligence and Security Informatics Conference.

[54]  Mauro Conti,et al.  Friend in the Middle (FiM): Tackling de-anonymization in social networks , 2013, 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[55]  Cong Yan,et al.  Enhancing and identifying cloning attacks in online social networks , 2013, ICUIMC '13.

[56]  Brij B. Gupta,et al.  Hybrid approach for detection of malicious profiles in twitter , 2019, Comput. Electr. Eng..

[57]  Muhammad Al-Qurishi,et al.  A novel prevention mechanism for Sybil attack in online social network , 2015, 2015 2nd World Symposium on Web Applications and Networking (WSWAN).

[58]  Sufian Hameed,et al.  Clicksafe: Providing Security against Clickjacking Attacks , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[59]  Zhigang Chen,et al.  Dynamic reputation information propagation based malicious account detection in OSNs , 2020, Wirel. Networks.

[60]  Valliyammai Chinnaiah,et al.  Fake profile detection techniques in large-scale online social networks: A comprehensive review , 2017, Comput. Electr. Eng..

[61]  Gail-Joon Ahn,et al.  Multiparty Access Control for Online Social Networks: Model and Mechanisms , 2013, IEEE Transactions on Knowledge and Data Engineering.

[62]  Yue Xu,et al.  Toward Detecting Malicious Links in Online Social Networks through User Behavior , 2016, 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW).

[63]  Barbara Carminati,et al.  COIP—Continuous, Operable, Impartial, and Privacy-Aware Identity Validity Estimation for OSN Profiles , 2016, ACM Trans. Web.

[64]  Adam N. Joinson,et al.  Exploring susceptibility to phishing in the workplace , 2018, International Journal of Human-Computer Studies.

[65]  Gail-Joon Ahn,et al.  A Framework for Enabling User-Controlled Persona in Online Social Networks , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[66]  Brij B. Gupta,et al.  Security Issues and Challenges in Online Social Networks (OSNs) Based on User Perspective , 2018 .

[67]  Ying Kei Tse,et al.  An investigation of social media data during a product recall scandal , 2018, Enterp. Inf. Syst..

[68]  Xiaolong Li,et al.  You are where you have been: Sybil detection via geo-location analysis in OSNs , 2014, 2014 IEEE Global Communications Conference.

[69]  Mauro Conti,et al.  Virtual private social networks , 2011, CODASPY '11.

[70]  Hung-Min Sun,et al.  A defence scheme against Identity Theft Attack based on multiple social networks , 2014, Expert Syst. Appl..

[71]  Sultan Almuhammadi,et al.  Detecting malicious user accounts using Canvas Fingerprint , 2017, 2017 8th International Conference on Information and Communication Systems (ICICS).

[72]  Franca Delmastro,et al.  Recommender Systems for Online and Mobile Social Networks: A survey , 2017, Online Soc. Networks Media.

[73]  Ashok Kumar,et al.  Online Social Networks , 2014, Encyclopedia of Social Network Analysis and Mining.

[74]  Shona Leitch,et al.  Social media as an information system: improving the technological agility , 2017, Enterp. Inf. Syst..

[75]  Krishna P. Gummadi,et al.  You are who you know: inferring user profiles in online social networks , 2010, WSDM '10.

[76]  Jugal K. Kalita,et al.  A survey of detection methods for XSS attacks , 2018, J. Netw. Comput. Appl..

[77]  Lee Humphreys,et al.  Mobile Social Networks and Social Practice: A Case Study of Dodgeball , 2007, J. Comput. Mediat. Commun..

[78]  Hahn-Ming Lee,et al.  Suspicious URL Filtering Based on Logistic Regression with Multi-view Analysis , 2013, 2013 Eighth Asia Joint Conference on Information Security.

[79]  Catherine Tucker,et al.  Social Networks, Personalized Advertising, and Privacy Controls , 2013 .

[80]  Weijia Jia,et al.  Influence analysis in social networks: A survey , 2018, J. Netw. Comput. Appl..

[81]  Fei Wang,et al.  Identifying Indicators of Fake Reviews Based on Spammer's Behavior Features , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C).

[82]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[83]  Xinwen Fu,et al.  Analysis of and defense against crowd-retweeting based spam in social networks , 2018, World Wide Web.

[84]  Shucheng Yu,et al.  SBPA: Social behavior based cross Social Network phishing attacks , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[85]  Stewart Kowalski,et al.  Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[86]  Shari Lawrence Pfleeger,et al.  Going Spear Phishing: Exploring Embedded Training and Awareness , 2014, IEEE Security & Privacy.

[87]  Yu Yang,et al.  Automated Detection and Analysis for Android Ransomware , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[88]  Quan Z. Sheng,et al.  Recent research in computational intelligence paradigms into security and privacy for online social networks (OSNs) , 2018, Future Gener. Comput. Syst..

[89]  Jun Li,et al.  Thank You For Being A Friend: An Attacker View on Online-Social-Network-Based Sybil Defenses , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW).