Security Challenges in Social Networking: Taxonomy, Statistics, and Opportunities

2

This chapter elaborates an overview of online social networks (OSNs) threats, including its various defensive approaches. This chapter also discusses various threats that affect the user’s credentials through various ways, including how it propagates through various media. Furthermore, this chapter sheds some light on how the information flows among different parties in OSNs and provides the information related to the usage of OSNs with respect to different regions. Moreover, it discusses the plethora of security attacks on the OSN platform and examines various approaches proposed by different researchers to defend against these attacks.

The Dark Side of Online Social Networks and Media

The OSNs bring different people into a single platform for sharing information for good, but it also invites supporters of terror, extremism, and hatred (Gupta & Gugulothu, 2018; Gupta, Gupta, & Chaudhary. 2019; Zhang et al.,

2019; Zheng, He, Zhang, Wu, & Ji, 2019). There are numerous examples where online narratives have incited users to commit various violent acts on a social network platform, for example, one of the posts shared by VKontakte on a social network group supporting terrorism activities. And later this led a big impact on preparing to attack the city of Karbala in Iraq.

Mistakes and Wrong Responses by the People

Sometimes people require some suggestion from different experts regarding their doubts. When the users post some questions in social networks, they may get suitable answers from them. But, sometimes he/she may get some w'rong idea that creates a big negative impact on their works. It also may lead to serious danger in their social life. The negative responses are recorded by various attackers who are trying to get some credentials from different users and also attract social network users towards their account.

Once It's Out: It's Out

The statement ‘Once it’s Out: It’s Out’ is best suitable for social media platform because of their accessibility and connectivity. Once a user of any social media platforms posts, tweets, or shares any content, at the same moment that is updated in many accounts over network - also, in some cases that content also shared by other users. That information may mislead various users over the network. Sometimes, intentionally intruders spread the original content with some malicious information to degrade the reputation of the user.

Various Opportunities in OSNs

The social network users get many opportunities w'hen they use social network platforms such as Facebook, Twitter, and Instagram. All these opportunities include research-oriented contents, problem-solving, marketing, reputation, management, and recommendation systems. The interaction of the user creates a lot of information in the network. That information is used for diverse research works by different researchers. Also, social networks like Linkedln provide the user various geographic/demographic information about different users. Furthermore, social network platforms provide a convenient way to get social matters to work and communicate collectively on various kinds of issues. By this process, the scientific publication can speed up the venting process a lot.

Taxonomy of OSN-Based Attacks

The various OSN platforms are communication-based software that provides the facility to the registered users to share their thoughts with their friends and others in the same or different networks. All these communications develop large volumes of information which is shared by various social networks users. As users share private and public information on OSNs, therefore, OSN platforms are vulnerable to numerous cyberattacks (Dewan, 2017). Various threats have been discussed in following sections and also depicted in Figure 2.1.

Advanced Persistent Threats

It is a type of threat by which an intruder, or group of intruders, establishes an illicit, long-term presence on a social network in order to steal sensitive information (Siddiqui, Brill, Davis, & Olmsted, 2016). It includes the following types of attack:

  • Spear phishing attack: In spear phishing attack, the attackers attempt to steal personal information such as account credentials or financial information from a specific victim for malicious reasons (P & T, 2011). This is achieved by accumulating personal details on the victim such as friends, location, and other details.
  • Whaling attack: This attack targeted to steal personal information from a company such as fiscal content or employee’s personal details for malicious reasons (Sadhya & Singh, 2017). This type of attack specifically targets CEO, CFO, CTO, or other executive personals who have complete access to sensitive data and hold position and power in companies. It is called ‘whaling’ because of the size of the targets relative to those of typical phishing attacks (Al-Zoubi,
Taxonomy of various attacks in OSNs based on their behaviour

FIGURE 2.1 Taxonomy of various attacks in OSNs based on their behaviour.

Alqatawna, & Faris, 2017). However, this attack is similar to phishing attack.

Fake profile attack: To collect information from unknown users, attackers create a fake profile by collecting some basic information about the user. Also, the adversary creates multiple accounts in different networks. The attack on the basis of fake profile (Sahoo & Gupta, n.d.) is alike to Sybil or social network bots attack (Koll,

Schwarzmaier, Li, Li, & Fu, 2017). The social bot and fake profile user collect private information of the user by requesting other accounts who reply frequently.

  • DDoS attack: In this attack, the attackers overtake other users’ resources by blocking legitimate customers. By this process, attackers use social network platforms to exploit someone conducting powerful DDoS attack. As an example, social networks like Facebook allow users to add tags. When the user uploads image, Facebook crawls images from various external sources and caches it. By using dynamic parameter, Facebook user includes any images repeatedly with dynamic parameters. Later, all these contents are downloaded by Facebook by forced multiple times in single server.
  • Graph-based attack: Graphical representation of various users in a common platform is treated as social network or OSN. When the contact list of the user increases by storing other users’ details, the size of the network structure is enlarged. To search various data content and subject matter on OSN, graph-based search helps the user a lot. The process of searching in graph structure increases the security and privacy issues (Jorquera Valero et ah, 2018).
  • Speculation attack: To protect the identity from unauthorized access, OSN users use anonymisation method. Speculation attack uses various machine learning approaches to gather personal information that are available publicly like intimate preference and religious association (Sahoo & Gupta, 2019b).
  • Online chat risk: For communication and information sharing with others, OSNs provide online chat feature option. Apart from this service, most of the OSNs provide the facility to communicate with other users through online chat. In addition, other chat services such as Internet Relay Chat, MSN, and ICQ are used by OSN users for direct interaction and information sharing (Palmieri, Fiore, & Castiglione, 2011). During this process, they share their personal information without the fear of information abuse. Taking this advantage, any hackers or attackers access personal information and misuse for malicious purposes.
  • Vicinity attack: Sharing of information is the main factor for using OSNs. The information may contain some personal credentials like bank account number, which is sensitive to any individual. To protect the data, anonymisation technique is required before making the data available publicly. If attackers have certain information about victim, they can easily collect the information from neighbours, the victim may be re-iden- tified from the social network if anonymisation technique is used by the victim (Zhang, Zheng, Li, Du, & Zhu, 2014).
  • De-anonymisation attack: Hiding the personal information by using cryptology techniques to protest against unauthorised access is called anonymisation. In this technique (Ding, Zhang, Wan, & Gu, 2010), attackers identify the network topology using packet tracer tools, user group membership and access cookies to theft user personal information.
  • Sybil attack: The author describes Sybil attack in Sarode and Mishra (2015). It works mainly on multi-hop systems and distributed environments. By this process, attackers create many fake accounts to collect public and private information of the user. The main reason behind this is to blame other users. This process also reduces user reputation online (Koll et al., 2017). Moreover, by this process, attack promotes their account by voting for it (Campos, Tavares, Igawa, Guido, & R. C„ 2018).
  • Illation attacks: The illation attack described by the author in Mislove, Viswanath, Gummadi, and Druschel (2010). By this attack, the adversary guesses the personal information of the user that is not available publicly. These attacks can be analysed through network structure and friends of targeted users.
  • Plug-in attack: OSNs permit certain plug-in like flash and silver- light through browsing environment. When the users log in to those specific sites, they automatically redirect the page to some different sites and downloaded malicious content. Due to such plug-ins, it can broadcast or get directed to other sites with various malicious links and invite attacks to conduct some malfunctions on the social networks (Narain, Kumar, & Gupta, 2012).
 
Source
< Prev   CONTENTS   Source   Next >