Zifei Shan, Haowen Cao, Jason Lv, Cong Yan, Annie Liu Peking University, China 1.

Slides:



Advertisements
Similar presentations
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
Advertisements

Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
PathCutter: Severing the Self- Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao §, Vinod Yegneswaran †, Phillip Porras †, and.
Use Cases for I2RS I2RS Interim Meeting Nicolai Leymann, Deutsche Telekom AG
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2010/12/06 1.
Laboratory for Education and Research in Secure Systems Engineering (LERSSE) Networked Systems Laboratory (NetSysLab) Department of Electrical & Computer.
Automated Security Testing with Formal Threat Models Frank Xu Ph.D.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
An Analysis of Social Network-Based Sybil Defenses Sybil Defender
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Qiang Cao Duke University
Fighting Fire With Fire: Crowdsourcing Security Solutions on the Social Web Christo Wilson Northeastern University
You Are How You Click Clickstream Analysis for Sybil Detection Gang Wang, Tristan Konolige, Christo Wilson †, Xiao Wang ‡ Haitao Zheng and Ben Y. Zhao.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
UNDERSTANDING VISIBLE AND LATENT INTERACTIONS IN ONLINE SOCIAL NETWORK Presented by: Nisha Ranga Under guidance of : Prof. Augustin Chaintreau.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Miscreant of Social Networks Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac.
How naïve are people on Internet Final, June 1st.
User Interactions in OSNs Evangelia Skiani. Do you have a Facebook account? Why? How likely to know ALL your friends? Why confirm requests? Why not remove.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Fighting Fire With Fire: Crowdsourcing Security Threats and Solutions on the Social Web Gang Wang, Christo Wilson, Manish Mohanlal, Ben Y. Zhao Computer.
SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation Michael Sirivianos Telefonica Research Telefonica Research Joint work with Kyungbaek.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Botnets An Introduction Into the World of Botnets Tyler Hudak
Detecting Spammers on Social Networks Gianluca Stringhini, Christopher Kruegel, Giovanni Vigna (University of California) Annual Computer Security Applications.
Social Networking and On-Line Communities: Classification and Research Trends Maria Ioannidou, Eugenia Raptotasiou, Ioannis Anagnostopoulos.
Optimizing Traditional and Advocating New Prevention Methods Mark Jenne Tatiana Alexenko Cross-Site-Request-Forgery.
An Agent-based Bayesian Forecasting Model for Enhancing Network Security J. PIKOULAS, W.J. BUCHANAN, Napier University, Edinburgh, UK. M. MANNION, Glasgow.
Understanding Cross-site Linking in Online Social Networks Yang Chen 1, Chenfan Zhuang 2, Qiang Cao 1, Pan Hui 3 1 Duke University 2 Tsinghua University.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.
Man vs. Machine: Adversarial Detection of Malicious Crowdsourcing Workers Gang Wang, Tianyi Wang, Haitao Zheng, Ben Y. Zhao, UC Santa Barbara, Usenix Security.
 Why is this important to you?  How do digital footprints connect with digital citizenship?  Does everyone have a digital footprint?
Uncovering Social Network Sybils in the Wild Zhi YangChristo WilsonXiao Wang Peking UniversityUC Santa BarbaraPeking University Tingting GaoBen Y. ZhaoYafei.
Web Attacks— Offense… The Whole Story Yuri & The Cheeseheads Mark Glubisz, Jason Kemble, Yuri Serdyuk, Kandyce Giordano.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.
Privacy Framework for RDF Data Mining Master’s Thesis Project Proposal By: Yotam Aron.
By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.
Social networking. Social networking services A Social networking services : is online community used between people who share the same interests, so.
Security/Privacy Model for Social Computing By Chi Ben Department of Computer and Information Sciences, Florida A&M University 1333 Wahnish Way 308-A Banneker.
Computer Science Department, Peking University
POP-SNAQ: Privacy-preserving Open Platform for Social Network Application Queries Brian Thompson Huijun Xiong.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
Yuchen Zhou and David Evans Presented by Simon du Preez Compsci 726 SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities.
Presented by Sharan Dhanala
The Koobface Botnet and the Rise of Social Malware Kurt Thomas David M. Nicol
Reverse Social Engineering Attacks in Online Social Networks Submitted to - Dr. Sapna Gambhir Submitted by - Raghu Sharma MNW-892-2k11.
Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.
Authors: Yazan Boshmaf, Lldar Muslukhov, Konstantin Beznosov, Matei Ripeanu University of British Columbia Annual Computer Security Applications Conference.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Social Turing Tests: Crowdsourcing Sybil Detection Gang Wang, Manish Mohanlal, Christo Wilson, Xiao Wang Miriam Metzger, Haitao Zheng and Ben Y. Zhao Computer.
Durban, South Africa, 8 July 2013 Automated Targeted Attacks Alexandru Catalin Cosoi, Chief Security Strategist, Bitdefender ITU.
Sybil Attacks VS Identity Clone Attacks in Online Social Networks Lei Jin, Xuelian Long, Hassan Takabi, James B.D. Joshi School of Information Sciences.
Uncovering Social Network Sybils in the Wild Zhi YangChristo WilsonXiao Wang Peking UniversityUC Santa BarbaraPeking University Tingting GaoBen Y. ZhaoYafei.
Amy Randolph-Chernis. Blogging Facebook LinkedIn Twitter YouTube Social Networking!
A Listener Among the Static: Christian Prescott Gabriel Fair Security and Voice over IP.
Some Great Open Source Intrusion Detection Systems (IDSs)
On the State of OSN-based Sybil Defenses David Koll*, Jun Li^, Joshua Stein^ and Xiaoming Fu* *University of Göttingen, Germany ^University of Oregon,
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Online Social Network: Threats &
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities Yuchen Zhou, and David Evans 23rd USENIX Security Symposium, August,
Personalized Privacy Protection in Social Networks
Lab for Internet and Security Technology Yan Chen
Dieudo Mulamba November 2017
Personalized Privacy Protection in Social Networks
Binghui Wang, Le Zhang, Neil Zhenqiang Gong
Cybersecurity Simplified: Phishing
Presentation transcript:

Zifei Shan, Haowen Cao, Jason Lv, Cong Yan, Annie Liu Peking University, China 1

 Motivation  Background: Cloning Attack  An enhanced attack pattern  Experiment: Attacking Renren  Detecting Cloning Attacks  Conclusion 2

 Online Social Networks ◦ Security Problems!  Cloning Attack 3 Jack Clone “Jack” Clone profile Friend request Jack’s Friends

4 Jack Jack’s Partial Friend list Attacker Clone “Jack” Peek, get a partial friend list Create Clone profile Friend request: I am another ID of Jack! Cheated, add back

5 Jack Jack’s Friends Attacker Clone “Jack” Other Friends In the community Friend request: I am another ID of Jack! Common friends Easier to get cheated

6 Jack Jack’s Friends Attacker Clone “Jack” Create Other users in the community Friend request Clone “Alice” Clone “Bob” AliceBob Clone profile of Jack’s friends

 Renren: Chinese largest online social network  We conduct a series of experiments to test the threat of traditional sybil attacks, original cloning attacks, and improved cloning attacks. 7 Experiment different attack patterns

StatisticsTraditiona l Sybil Attack Basic Cloning AttackCloning + Snowball Sampling Profile similarity N/ALowMediumHighLow Accepted requests (avg.) (%) 11.3%26.3%47.1%45.8%52.1% 8 1.Cloning attack is much powerful than traditional sybil attacks 2.Snowball sampling makes cloning attack stronger 3.Higher profile similarity leads to more successful attacks

 Real-time, server-side, lightweight detector to be deployed into real OSNs.  Initial Filter: (Called on friend requests) ◦ Same name ◦ >5 common friends (requests) ◦ High profile similarity  school, city…  tweets, blogs…  Judging Condition --- Login IP Sequence ◦ Login IP Sequence of two IDs  Joint: another real account  Disjoint: cloning account 9

10 Jack Jack’s Friend Another “Jack” Friend request: I am another ID of Jack! Check: 1. High profile similarity with Jack? 2. Disjoint login IP sequence with Jack? Check: 1. High profile similarity with Jack? 2. Disjoint login IP sequence with Jack? Ban this ID! *.* *.* *.* *.* *.* Birthday: 10/20/1990, EECS, Peking University Birthday: 10/20/1990, EECS, Peking University

 Strengths: ◦ Real-time: called on friend requests ◦ low cost:  Storage: need login IP sequence for users  Time: O(d) for each incoming request, d is social degree  Weaknesses: ◦ Vulnerable against IP spoofing 11

 “All your contacts are belong to us: automated identity theft attacks on social networks”, Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda, in Proceedings of the 18th international conference on World wide web (WWW ‘09) 12 Define the cloning attack pattern Test attack feasibility in a real system (Facebook) Enhance the cloning attack pattern by Snowball sampling and Iteration attacks Experiments of improved cloning attacks in real OSN (Renren) Provide effective defense methods to detect cloning attacks Our Contribution Previous Work

 Deploy into real systems  Measure detected users ◦ Action patterns ◦ Malicious activities  Further detecting methods ◦ Content-free: User action logs, Click-patterns, Action Time ◦ Content-related: semantics analysis 13

Contact: Zifei Shan Peking University, China 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.