Social network attack simulation with honeytokens

In the social media era, the ever-increasing utility of Online Social Networks (OSN) services provide a variety of benefits to users, organizations, and service providers. However, OSN services also introduce new threats and privacy issues regarding the data they are dealing with. For instance, in a reliable OSN service, a user should be able to set up his desired level of information sharing and securely manage sensitive data. Currently, few approaches exist that can model OSNs for the purpose, let alone a model the effects that attackers can have on these networks. In this work a novel OSN modeling approach is presented to fill the gap. This model is based on an innovative game-theoretic approach and it is analyzed both from a theoretical and simulation-oriented view. The game-theoretic model is implemented to analyze several attack scenarios. Honeytokens, which are an information security tool based upon deception, are defined and identified as a security tool that could help in OSN security. As the results show, there are several scenarios where OSN services are very vulnerable and hence more protection mechanisms should be provided to secure the data contained across these networks, including the use of honeytokens. In this work we introduce a novel OSN modeling approach for optimal data sharing based on innovative game theories, considering the states/optimal policies of data sharing on OSNs and possible confrontations between the attacker and the user. After we develop the theoretical framework, we conduct experiments, integrating our ideas with honeytokens in several attack scenarios. Finally, we analyze our experimental results and discuss recommendations based on the results.

[1]  Joon S. Park,et al.  Game theoretic attack analysis in Online Social Network (OSN) services , 2013, 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2013).

[2]  Joon S. Park,et al.  Fine-Grained and Scalable Message Protection in Sensitive Organizations , 2007, J. Softw..

[3]  Rayford B. Vaughn,et al.  Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[4]  Slava Kisilevich,et al.  Analysis of privacy in online social networks of runet , 2010, SIN.

[5]  Roberto Battiti,et al.  Social Networking and Game Theory to foster Cooperation , 2007 .

[6]  Joon S. Park,et al.  Towards trusted data management in online social network (OSN) services , 2012, World Congress on Internet Security (WorldCIS-2012).

[7]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[8]  Gail-Joon Ahn,et al.  Security and Privacy in Social Networks , 2011, IEEE Internet Comput..

[9]  Michael Netter,et al.  Analyzing Privacy in Social Networks--An Interdisciplinary Approach , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[10]  Anna Cinzia Squicciarini,et al.  Toward a Game Theoretic Model of Information Release in Social Media with Experimental Results , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[11]  Joon S. Park,et al.  Optimal State Management of Data Sharing in Online Social Network (OSN) Services , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[12]  Na Li,et al.  Preserving Relation Privacy in Online Social Network Data , 2011, IEEE Internet Computing.

[13]  Edgar R. Weippl,et al.  Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam , 2011, IEEE Internet Computing.

[14]  Jonathan White,et al.  Mirage: Mitigating illicit inventorying in a RFID enabled retail environment , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[15]  Brajendra Panda,et al.  Implementing PII honeytokens to mitigate against the threat of malicous insiders , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[16]  Jun Hu,et al.  Security Issues in Online Social Networks , 2011, IEEE Internet Computing.

[17]  Yuguang Fang,et al.  Privacy and security for online social networks: challenges and opportunities , 2010, IEEE Network.

[18]  Calton Pu,et al.  Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks , 2011, IEEE Internet Computing.

[19]  Joon S. Park,et al.  Trusted Online Social Network (OSN) services with optimal data management , 2014, Comput. Secur..

[20]  Jing Liu,et al.  An Analysis of Security in Social Networks , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[21]  J. Yuill,et al.  Honeyfiles: deceptive files for intrusion detection , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[22]  Joon S. Park,et al.  Active access control (AAC) with fine-granularity and scalability , 2011, Secur. Commun. Networks.

[23]  Joon S. Park,et al.  A game theoretic approach for modeling optimal data sharing on Online Social Networks , 2012, 2012 9th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE).

[24]  Gurpreet Dhillon,et al.  Refereed Papers: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns , 2001 .

[25]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.