Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zifei Shan, Haowen Cao, Jason Lv, Cong Yan, Annie Liu Peking University, China 1.

Similar presentations


Presentation on theme: "Zifei Shan, Haowen Cao, Jason Lv, Cong Yan, Annie Liu Peking University, China 1."— Presentation transcript:

1 Zifei Shan, Haowen Cao, Jason Lv, Cong Yan, Annie Liu Peking University, China 1

2  Motivation  Background: Cloning Attack  An enhanced attack pattern  Experiment: Attacking Renren  Detecting Cloning Attacks  Conclusion 2

3  Online Social Networks ◦ Security Problems!  Cloning Attack 3 Jack Clone “Jack” Clone profile Friend request Jack’s Friends

4 4 Jack Jack’s Partial Friend list Attacker Clone “Jack” Peek, get a partial friend list Create Clone profile Friend request: I am another ID of Jack! Cheated, add back

5 5 Jack Jack’s Friends Attacker Clone “Jack” Other Friends In the community Friend request: I am another ID of Jack! Common friends Easier to get cheated

6 6 Jack Jack’s Friends Attacker Clone “Jack” Create Other users in the community Friend request Clone “Alice” Clone “Bob” AliceBob Clone profile of Jack’s friends

7  Renren: Chinese largest online social network  We conduct a series of experiments to test the threat of traditional sybil attacks, original cloning attacks, and improved cloning attacks. 7 Experiment different attack patterns

8 StatisticsTraditiona l Sybil Attack Basic Cloning AttackCloning + Snowball Sampling Profile similarity N/ALowMediumHighLow Accepted requests (avg.) (%) 11.3%26.3%47.1%45.8%52.1% 8 1.Cloning attack is much powerful than traditional sybil attacks 2.Snowball sampling makes cloning attack stronger 3.Higher profile similarity leads to more successful attacks

9  Real-time, server-side, lightweight detector to be deployed into real OSNs.  Initial Filter: (Called on friend requests) ◦ Same name ◦ >5 common friends (requests) ◦ High profile similarity  school, city…  tweets, blogs…  Judging Condition --- Login IP Sequence ◦ Login IP Sequence of two IDs  Joint: another real account  Disjoint: cloning account 9

10 10 Jack Jack’s Friend Another “Jack” Friend request: I am another ID of Jack! Check: 1. High profile similarity with Jack? 2. Disjoint login IP sequence with Jack? Check: 1. High profile similarity with Jack? 2. Disjoint login IP sequence with Jack? Ban this ID! 83.24.*.* 167.31.*.* 162.105.*.* 90.25.*.* 87.200.*.* Birthday: 10/20/1990, EECS, Peking University Birthday: 10/20/1990, EECS, Peking University

11  Strengths: ◦ Real-time: called on friend requests ◦ low cost:  Storage: need login IP sequence for users  Time: O(d) for each incoming request, d is social degree  Weaknesses: ◦ Vulnerable against IP spoofing 11

12  “All your contacts are belong to us: automated identity theft attacks on social networks”, Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda, in Proceedings of the 18th international conference on World wide web (WWW ‘09) 12 Define the cloning attack pattern Test attack feasibility in a real system (Facebook) Enhance the cloning attack pattern by Snowball sampling and Iteration attacks Experiments of improved cloning attacks in real OSN (Renren) Provide effective defense methods to detect cloning attacks Our Contribution Previous Work

13  Deploy into real systems  Measure detected users ◦ Action patterns ◦ Malicious activities  Further detecting methods ◦ Content-free: User action logs, Click-patterns, Action Time ◦ Content-related: semantics analysis 13

14 Contact: Zifei Shan Peking University, China shanzifei@pku.edu.cn http://www.zifeishan.org 14


Download ppt "Zifei Shan, Haowen Cao, Jason Lv, Cong Yan, Annie Liu Peking University, China 1."

Similar presentations


Ads by Google