A Study of XSS Worm Propagation and Detection Mechanisms in Online Social Networks

We present analytical models and simulation results that characterize the impacts of the following factors on the propagation of cross-site scripting (XSS) worms in online social networks (OSNs): 1) user behaviors, namely, the probability of visiting a friend's profile versus a stranger's; 2) the highly clustered structure of communities; and 3) community sizes. Our analyses and simulation results show that the clustered structure of a community and users' tendency to visit their friends more often than strangers help slow down the propagation of XSS worms in OSNs. We then present a study of selective monitoring schemes that are more resource efficient than the exhaustive checking approach used by the Facebook detection system which monitors every possible read and write operation of every user in the network. The studied selective monitoring schemes take advantage of the characteristics of OSNs such as the highly clustered structure and short average distance to select only a subset of strategically placed users to monitor, thus minimizing resource usage while maximizing the monitoring coverage. We present simulation results to show the effectiveness of the studied selective monitoring schemes for XSS worm detection.

[1]  Zonghua Liu,et al.  How community structure influences epidemic spread in social networks , 2008 .

[2]  Hossein Saidi,et al.  Social Networks' XSS Worms , 2009, 2009 International Conference on Computational Science and Engineering.

[3]  Chung-Horng Lung,et al.  A Study of Trojan Propagation in Online Social Networks , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).

[4]  Shilpa Chakravartula,et al.  Complex Networks: Structure and Dynamics , 2014 .

[5]  Florian Probst,et al.  Identifying Key Users in Online Social Networks: A PageRank Based Approach , 2010, ICIS.

[6]  Seungyeop Han,et al.  Analysis of topological characteristics of huge online social networking services , 2007, WWW '07.

[7]  Vinod Yegneswaran,et al.  PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks , 2012, NDSS.

[8]  Zhendong Su,et al.  Client-Side Detection of XSS Worms by Monitoring Payload Propagation , 2009, ESORICS.

[9]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[10]  Rami Puzis,et al.  Deployment of DNIDS in Social Networks , 2007, 2007 IEEE Intelligence and Security Informatics.

[11]  Beom Jun Kim,et al.  Growing scale-free networks with tunable clustering. , 2001, Physical review. E, Statistical, nonlinear, and soft matter physics.

[12]  Wei Xu,et al.  Toward worm detection in online social networks , 2010, ACSAC '10.

[13]  J. Jeffry Howbert,et al.  The Maximum Clique Problem , 2007 .

[14]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[15]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[16]  Guanhua Yan,et al.  Malware propagation in online social networks: nature, dynamics, and defense implications , 2011, ASIACCS '11.

[17]  Nam P. Nguyen,et al.  Containment of misinformation spread in online social networks , 2012, WebSci '12.

[18]  Panos M. Pardalos,et al.  The maximum clique problem , 1994, J. Glob. Optim..

[19]  Nam P. Nguyen,et al.  A novel method for worm containment on dynamic social networks , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[20]  Hossein Saidi,et al.  Malware propagation in Online Social Networks , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[21]  Jasmine Novak,et al.  PageRank Computation and the Structure of the Web: Experiments and Algorithms , 2002 .

[22]  Cecilia Mascolo,et al.  Exploiting temporal complex network metrics in mobile malware containment , 2010, 2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[23]  Stefan Bornholdt,et al.  Emergence of a small world from local interactions: modeling acquaintance networks. , 2002, Physical review letters.

[24]  Shuji Tsukiyama,et al.  A New Algorithm for Generating All the Maximal Independent Sets , 1977, SIAM J. Comput..

[25]  Benjamin Livshits,et al.  Spectator: Detection and Containment of JavaScript Worms , 2008, USENIX Annual Technical Conference.

[26]  Matthieu Latapy,et al.  Efficient and simple generation of random simple connected graphs with prescribed degree sequence , 2005, J. Complex Networks.

[27]  Erdong Chen,et al.  Facebook immune system , 2011, SNS '11.