On the evolution of user interaction in Facebook
Proceedings of the 2nd ACM workshop on Online social networks
Short paper: can your phone trust your friend selection?
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Design and analysis of a social botnet
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Online Social Networks (OSNs) such as Facebook have become ubiquitous in the past few years, counting hundreds of millions of people as members. OSNs allow users to form friendship relationships, join groups, communicate and share information with friends. The tremendous popularity of OSNs has naturally made them an appealing target for privacy compromising attacks. In this abstract we propose a novel attack against tightly knit OSN communities. Such (artificial) communities consist of users that know well each other and that are reluctant to accept other users as friends. Becoming a member of such a community may be only a first milestone for the attacker. Harvesting private information of members of such communities and following up with offline attacks may be the longer term benefit. In a naive approach, the attacker sends random friend invitations to users in the target community hoping that some of them will accept the request. However, by definition such communities are difficult to infiltrate using a direct invitation based approach. The attack we propose relies on a novel technique, which makes use of 3-cliques to find the most vulnerable member of a targeted community. The attacker then sends invitations to all the friends of this member. After befriending its friends, the attacker's chances of befriending the weakest community member increase. Then, the attacker not only gains initial access to the community, but also increases its chances of befriending other, less accessible members. Our experiments, performed on a real-world social network, show that our attack can be 75% more efficient than the naive attack. Using real social network data, we also propose and evaluate a solution that mitigates the problem.