Abstract
In the last few years we have witnessed an incredible development of online social networks (OSNs), which unfortunately causes new security threats, e.g., OSN worms. Different from traditional worms relying on software vulnerabilities, these new worms are able to exploit trust between friends in OSNs. In this paper, a new worm propagation model was proposed, named EP-Model, to find out the common characteristics of OSN worms including XSS-based JavaScript worms and Social-Engineering-based Executable worms. And then we designed OSNGuard, a client-side defense mechanism which could prevent the propagation of OSN worms conforming to the EP-Model. Particularly, starting from tracing relevant user interactions with client processes visiting OSNs, our system could identify and block malicious payload-submissions from worms by analyzing these traced user activities. To prove the effectiveness of OSNGuard, we presented a prototype implementation for Microsoft Windows platform and evaluated it on a small-scale OSN website. The system evaluations showed that OSNGuard could sufficiently protect users against OSN worms in a real-time manner and the performance tests also revealed that our system introduced less than 2.5% memory overhead when simultaneously monitoring up to 10 processes.
Chapter PDF
Similar content being viewed by others
References
Cross-site scripting worms and viruses, https://www.whitehatsec.com/resource/whitepapers/XSS_cross_site_scripting.html
Schechter, S.E., Jung, J., Berger, A.W.: Fast Detection of Scanning Worm Infections. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 59–81. Springer, Heidelberg (2004)
Weaver, N., Staniford, S., Paxson, V.: Very Fast Containment of Scanning Worms. In: Proceedings of 13th USENIX Security Symposium, pp. 29–44 (2004)
Wang, K., Cretu, G.F., Stolfo, S.J.: Anomalous Payload-Based Worm Detection and Signature Generation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 227–246. Springer, Heidelberg (2006)
Ellis, D.R., Aiken, J.G., Attwood, K.S., Tenaglia, S.D.: A Behavioral Approach to Worm Detection. In: Proceedings of the 2nd ACM workshop on Rapid Malcode (WORM), pp. 43–53 (2004)
Cao, Y., Yegneswaran, V., Porras, P., Chen, Y.: PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS (2012)
Livshits, B., Cui, W.: Spectator: Detection and Containment of JavaScript Worms. In: Proceedings of the USENIX Annual Technical Conference, pp. 335–348 (2008)
Sun, F., Xu, L., Su, Z.: Client-Side Detection of XSS Worms by Monitoring Payload Propagation. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 539–554. Springer, Heidelberg (2009)
Xu, W., Zhang, F., Zhu, S.: Toward Worm Detection in Online Social Networks. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), pp. 11–20 (2010)
Elgg, http://www.elgg.org
Lu, L., Yegneswaran, V., Porras, P., Lee, W.: BLADE: An Attack-Agnostic Approach for Preventing Drive-by Malware Infections. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pp. 440–450 (2010)
Technical explanation of The MySpace Worm, http://namb.la/popular/tech.html
Rahman, M.S., Huang, T., Madhyastha, H.V., Faloutsos, M.: Efficient and Scalable Socware Detection in Online Social Networks. In: USENIX Security Symposium, pp. 663–678 (2012)
Cross-site scripting, http://en.wikipedia.org/wiki/Cross-site_scripting
Clickjacking, http://en.wikipedia.org/wiki/Clickjacking
Monrose, F., Rubin, A.D.: Keystroke Dynamics as A Biometric for Authentication. Future Generation Computer Systems 16, 351–359 (2000)
Jorgensen, Z., Yu, T.: On Mouse Dynamics as A behavioral Biometric for Authentication. In: Proceedings of the 6the ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 476–482 (2011)
Xu, K., Yao, D., Ma, Q., Crowell, A.: Detecting Infection Onset with Behavior-based Policies. In: Proceedings of the 5th International Conference on Network and System Security (NSS), pp. 57–64 (2011)
Wilson, C., Boe, B., Sala, A., Puttaswamy, K.P.N., Zhao, B.Y.: User Interactions in Social Networks and Their Implications. In: Proceedings of the 4th ACM European Conference on Computer Systems (EuroSys), pp. 205–218 (2009)
Benevenuto, F., Rodrigues, T., Cha, M., Almeida, V.: Characterizing User Behavior in Online Social Networks. In: Proceedings of the 9th Internet Measurement Conference (IMC), pp. 49–62 (2009)
Jiang, J., Wilson, C., Wang, X., Huang, P., Sha, W., Dai, Y., Zhao, B.Y.: Understanding Latent Interactions in Online Social Networks. In: Proceedings of the 10th Internet Measurement Conference (IMC), pp. 369–382 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
He, L. et al. (2013). OSNGuard: Detecting Worms with User Interaction Traces in Online Social Networks. In: Qing, S., Zhou, J., Liu, D. (eds) Information and Communications Security. ICICS 2013. Lecture Notes in Computer Science, vol 8233. Springer, Cham. https://doi.org/10.1007/978-3-319-02726-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-02726-5_5
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-02725-8
Online ISBN: 978-3-319-02726-5
eBook Packages: Computer ScienceComputer Science (R0)