Abstract
A list of well-known Online Social Networks extend to hundreds of available sites with hundreds of thousands, millions, and even billions of registered accounts; for instance, Facebook as of April 2016 has around two billion active users. Online Social Networks made a difference in many people’s lives and helped in opening avenues that were not possible before. However, as in any success story there is a downside. Cyber-attacks that used to have a small or limited effect can now have a huge distributed effect through utilizing those social network sites. Some attacks are more apparent than others in this context; hence this chapter discusses how serious attacks are possible in online social networks and what has been done to encounter them. It will discuss privacy, Sybil attacks, social engineering, spam, malware, botnet attacks, and the trade-off between services, security, and users’ rights.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adusumalli SK, Vatsavayi VK, Vadisala J (2014) A study of privacy attacks on social network data. J Glob Res Comput Sci 5(7):12–18
Ahmed F, Abulaish M (2012) An mcl-based approach for spam profile detection in online social networks. In: 11th International conference on trust, security and privacy in computing and communications (TrustCom), 2012. IEEE, pp 602–608
Alqatawna J (2015) An adaptive multimodal biometric framework for intrusion detection in online social networks. IJCSNS Int J Comput Sci Netw Secur 15(4):19–25
Alqatawna J, Faris H, Jaradat K, Al-Zewairi M, Adwan O (2015) Improving knowledge based spam detection methods: the effect of malicious related features in imbalance data distribution. Int J Commun Netw Syst Sci 8:118–129
Alvisi L, Clement A, Epasto A, Lattanzi S, Panconesi A (2013) Sok: the evolution of sybil defense via social networks. In: 2013 IEEE Symposium on security and privacy (SP), pp 382–396
Athanasopoulos E, Makridakis A, Antonatos S, Antoniades D, Ioannidis S, Anagnostakis KG, Markatos EP (2008) Antisocial networks: turning a social network into a botnet. In: Information security. Springer, New york, pp 146–160
Backstrom L, Dwork C, Kleinberg J (2007) Wherefore art thou r3579x?: anonymized social net- works, hidden patterns, and structural steganography. In: Proceedings of the 16th international conference on World Wide Web. ACM, pp 181–190
Backstrom L, Leskovec J (2011) Supervised random walks: predicting and recommending links in social networks. In: Proceedings of the fourth ACM international conference on web search and data mining, WSDM’11. ACM, New York, NY, USA, pp 635–644
Baden R, Bender A, Spring N, Bhattacharjee B, Starin D (2009) Persona: an online social net- work with user-defined privacy. SIGCOMM Comput Commun Rev 39(4):135–146
Beach A, Gartrell M, Han R (2009) Solutions to security and privacy issues in mobile social networking. In: Computational science and engineering, 2009, CSE’09, vol. 4, pp 1036–1042
Benevenuto F, Rodrigues T, Cha M, Almeida V (2012) Characterizing user navigation and in- teractions in online social networks. Inf Sci 195:1–24
Beutel A, Xu W, Guruswami V, Palow C, Faloutsos C (2013) Copycatch: stopping group attacks by spotting lockstep behavior in social networks. In: Proceedings of the 22nd interna- tional conference on World Wide Web international World Wide Web conferences steering committee, pp 119–130
Bilge L, Strufe T, Balzarotti D, Kirda E (2009) All your contacts are belong to us: automated identity theft attacks on social networks. In: Proceedings of the 18th international conference on World Wide Web, WWW’09. ACM, New York, NY, USA, pp 551–560
Biskup J (2009) Security in computing systems: challenges, approaches and solutions, anonymization. Springer, Heidelberg, pp 513–525
Bodriagov O, Buchegger S (2011) Encryption for peer-to-peer social networks. In: Third inernational conference on privacy, security, risk and trust (PASSAT) and social computing (socialcom), 2011. IEEE, pp 1302–1309
Bonneau J, Preibusch S (2010) Economics of information security and privacy. the privacy jungle:on the market for data protection in social networks. Springer, Boston, pp 121–167
Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social botnet. Comput Netw 57(2):556–578
Chakraborty M, Pal S, Pramanik R, Chowdary CR (2016) Recent developments in social spam detection and combating techniques: a survey. Inf Process Manag
Cheng SM, Ao WC, Chen PY, Chen KC (2011) On modeling malware propagation in generalized social networks. IEEE Commun Lett 15(1):25–27
Chester S, Srivastava G (2011) Social network privacy for attribute disclosure attacks. In: 2011 International conference on advances in social networks analysis and mining (ASONAM). IEEE, pp 445–449
Cutillo LA, Molva R, Strufe T (2009) Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun Mag 47(12):94–101
Danezis G, Mittal P (2009) Sybilinfer: detecting sybil nodes using social networks. In: NDSS. San Diego, CA
Farina P, Cambiaso E, Papaleo G, Aiello M (2016) Are mobile botnets a possible threat? the case of slowbot net. Comput Secur 58:268–283
Fernandes DAB, Soares LFB, Gomes JV, Freire MM, Inácio PRM (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170
Fire M, Tenenboim L, Lesser O, Puzis R, Rokach L, Elovici Y (2011) Link prediction in social networks using computationally efficient topological features. In: Third inernational conference on privacy, security, risk and trust (PASSAT) and social computing (SocialCom), 2011 IEEE, pp 73–80
Gao H, Hu J, Huang T, Wang J, Chen Y (2011) Security issues in online social networks. IEEE Int Comput 15(4):56–63
Goolsby R, Shanley L, Lovell A (2013) On cybersecurity, crowdsourcing, and social cyber-attack. Technical. Report, DTIC document
Graffi K, Mukherjee P, Menges B, Hartung D, Kovacevic A, Steinmetz R (2009) Practical security in p 2p-based social networks. In: 34th Conference on local computer networks, 2009, LCN 2009. IEEE, pp 269–272
Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES’05. ACM, New York, NY, USA, pp 71–80
Heatherly R, Kantarcioglu M, Thuraisingham B (2013) Preventing private information inference attacks on social networks. IEEE Trans Knowl Data Eng 25(8):1849–1862
Irani D, Balduzzi M, Balzarotti D, Kirda E, Pu C (2011) Reverse social engineering attacks in online social networks. In: Detection of intrusions and malware, and vulnerability assessment. Springer, New York, pp 55–74
Jahid S, Nilizadeh S, Mittal P, Borisov N, Kapadia A (2012) Decent: a decentralized architecture for enforcing privacy in online social networks. In: International conference on pervasive computing and communications workshops (PERCOM workshops), 2012. IEEE, pp 326–332
Jin L, Chen Y, Wang T, Hui P, Vasilakos AV (2013) Understanding user behavior in online social networks: a survey. IEEE Commun Mag 51(9):144–150
Jin L, Joshi JB, Anwar M (2013) Mutual-friend based attacks in social network systems. Comput secur 37:15–30
Kartaltepe EJ, Morales JA, Xu S, Sandhu R (2010) Applied cryptography and network security In: 8th International conference, ACNS 2010, Beijing, China, June 22--25, 2010. Proceedings, social network-based botnet command-and-control: emerging threats and countermeasures. Springer, Heidelberg, pp 511–528
Kaur R, Singh S (2015) A survey of data mining and social network analysis based anomaly detection techniques. Egypt Inf J
Krishnamurthy B, Wills CE (2009) On the leakage of personally identifiable information via online social networks. In: Proceedings of the 2nd ACM workshop on online social networks, WOSN’09. ACM, New York, NY, USA, pp 7–12
Krombholz K, Hobel H, Huber M, Weippl E (2015) Advanced social engineering attacks. J Inf Secur Appl 22:113–122
Mouton F, Leenen L, Venter H (2016) Social engineering attack examples, templates and scenarios. Comput Secur 59:186–209
Narayanan A, Shmatikov V (2009) De-anonymizing social networks. In: 30th IEEE Symposium on security and privacy, 2009. IEEE, pp 173–187
Puneeth M, Farha JS, Yamini M, Sandhya N (2015) Social engineering on social networking sites. Int J Adv Eng Res Sci (IJAERS) 2(6):58–60
Rosenblum D (2007) What anyone can know: the privacy risks of social networking sites. IEEE Secur Priv 5(3):40–49
Truta TM, Campan A, Gasmi A, Cooper N, Elstun A (2011) Centrality preservation in anonymized social networks. In: Proceedings of the international conference on data mining (DMIN11)
Tufekci Z (2008) Can you see me now? audience and disclosure regulation in online social network sites. Bull Sci Technol Soc 28(1):20–36
Weber RH, Heinrich UI (2012) Anonymization, limitations of anonymization. Springer, London, pp 45–71
Wei W, Xu F, Tan CC, Li Q (2013) Sybildefender: a defense mechanism for sybil attacks in large social networks. IEEE Trans Parall Distrib Syst 24(12):2492–2502
Weir GR, Toolan F, Smeed D (2011) The threats of social networking: old wine in new bottles? Information Security Technical Report. Soc Netw Threats 16(2):38–43
Williams J (2010) Social networking applications in health care: threats to the privacy and security of health information. In: Proceedings of the 2010 ICSE workshop on software engineering in health care, SEHC’10. ACM, New York, NY, USA, pp 39–49
Wondracek G, Holz T, Kirda E, Kruegel C (2010) A practical attack to de-anonymize social network users. In: IEEE Symposium on security and privacy (SP), 2010, IEEE, pp 223–238
Wu F, Shu J, Huang Y, Yuan Z (2016) Co-detecting social spammers and spam messages in microblogging via exploiting social contexts. Neurocomputing (2016)
Yan, G.: Peri-watchdog: hunting for hidden botnets in the periphery of online social networks. Comput Netw 57(2):540–555 (2013)
Yang Z, Wilson C, Wang X, Gao T, Zhao BY, Dai Y (2011) Uncovering social network sybils in the wild. In: Proceedings of the 2011 ACM SIGCOMM conference on internet measurement conference, IMC’11. ACM, New York, NY, USA, pp 259–268
Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Comput Commun Rev 36(4):267–278
Zhao Z, Feng S, Wang Q, Huang JZ, Williams GJ, Fan J (2012) Topic oriented community detection through social objects and link analysis in social networks. Knowl Based Syst 26:164–173
Zheleva E, Getoor L (2009) To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th International Conference on World Wide Web, WWW’09. ACM, New York, NY, USA, pp 531–540
Zhu T, Wang S, Li X, Zhou Z, Zhang R (2013) Structural attack to anonymous graph of social networks. Math Probl Eng 2013
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Alqatawna, J., Madain, A., Al-Zoubi, A.M., Al-Sayyed, R. (2017). Online Social Networks Security: Threats, Attacks, and Future Directions. In: Taha, N., Al-Sayyed, R., Alqatawna, J., Rodan, A. (eds) Social Media Shaping e-Publishing and Academia. Springer, Cham. https://doi.org/10.1007/978-3-319-55354-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-55354-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55353-5
Online ISBN: 978-3-319-55354-2
eBook Packages: Literature, Cultural and Media StudiesLiterature, Cultural and Media Studies (R0)