Privacy Issues in Light of Reconnaissance Attacks with Incomplete Information

A reconnaissance attack, in which attackers lure targets into becoming their friends in order to extract victims' sensitive information for sale or use in future attacks, is one of the most dangerous attacks in social networks. The core of this attack lies in intelligently sending friend requests to a small subset of users, called Critical Friending Set (CFS), so that the attacker can evade current defense mechanisms. Motivated by the above, we present a new paradigm to measure OSN vulnerability in light of reconnaissance attacks. Specifically, we introduce a new optimization problem, namely Min-Friending, which identifies a minimum CFS to friend in order to obtain at least Q benefit, in terms of personal information. A significant challenge of this problem is that network information (i.e. who friends with whom) is generally unknown to attackers. In this paper, we show that Min-Friending is inapproximable within a factor of (1 – o(1)) ln Q and present an adaptive algorithm which has a tight performance bound of (1+ln Q) using adaptive stochastic optimization. The key feature of our solution lies in the adaptive method, where partial network topology is revealed during each successful friend request. Thus the decision of sending each friend request is made taking into account observation about the outcomes of past decisions.

[1]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[2]  Yuval Elovici,et al.  Homing Socialbots: Intrusion on a specific organization's employee using Socialbots , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[3]  Dongho Won,et al.  A Practical Study on Advanced Persistent Threats , 2012 .

[4]  Hung T. Nguyen,et al.  Targeted cyber-attacks: Unveiling target reconnaissance strategy via Social Networks , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[5]  Rami Puzis,et al.  Link Prediction in Social Networks Using Computationally Efficient Topological Features , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[6]  Rami Puzis,et al.  Hunting organization-targeted socialbots , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[7]  Qun A. Li,et al.  A Survey of Security and Privacy in Online Social Networks , 2012 .

[8]  Andreas Krause,et al.  Adaptive Submodularity: Theory and Applications in Active Learning and Stochastic Optimization , 2010, J. Artif. Intell. Res..

[9]  Nam P. Nguyen,et al.  Structural Vulnerability Analysis of Overlapping Communities in Complex Networks , 2014, 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT).

[10]  Jure Leskovec,et al.  Supervised random walks: predicting and recommending links in social networks , 2010, WSDM '11.

[11]  Panos M. Pardalos,et al.  On New Approaches of Assessing Network Vulnerability: Hardness and Approximation , 2012, IEEE/ACM Transactions on Networking.

[12]  Rami Puzis,et al.  Link Prediction in Highly Fractional Data Sets , 2013 .

[13]  Eytan Modiano,et al.  Assessing the Vulnerability of the Fiber Infrastructure to Disasters , 2009, IEEE INFOCOM 2009.

[14]  Konstantin Beznosov,et al.  Graph-based Sybil Detection in social and information systems , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).