Other Security Solutions Against OSN Attacks

In this section, we discuss an overview of different defensive solutions that are developed by different researchers for providing security to OSN users.

• • DeepScan: It is a fake account detection approach proposed by the author in Gong et al. (2018) by analysing users’ location-based content using long short-term memory on neural network platform. Certain profile-based features are extracted from various users’ account. Later, the authors used various supervised machine learning algorithm to detect fake accounts.
• • Detection of money laundering accounts: It is intended by the author in Gong et al. (2018) implemented in QQ OSN environment by analysing various profiles features related of different users. They use various profile content features like account viability, transaction details, and spatial correlation between different accounts. This behavioural analysis leads to high true-positive rate with low falsepositive rate.
• • Crowd retweeting-based spammer detection: It is a spammer detection approach proposed by Liu et al. (2018) for analysing spammer tweets in Sina Weibo social network platforms. The tweets are analysed through its content-based features, profile features, social interaction, and the retweet content shared by users. Based on the information gathered from different accounts, the authors use link- based ranking algorithm to identify malicious account.

• • COLOR+: It is a spammer account detection method in mobile social network using fog computing proposed by the author in Zhang, Li, Wang, Feng, and Guo (2018). This method is lightweight and a fast response method for mobile devices as compared to other methods to detect spammers. It uses interaction content shared over social platforms by various users. The method takes less response time in machine learning and more time to analyse in graph-based approach. This approach can only fit mobile devices.
• • DRIP: It is used for the detection of malicious account based on the dynamic reputation information propagation proposed by the author in Kefi and Perez (2018). To achieve better detection, rate the author uses request generate by the use for analysis. Each user carries some personal information and sends to various friends who are in contact. At receiver site, the user calculates its comprehensive reputation by combining both direct and indirect contents from sender and their contacts to detect malicious accounts.
• • Detection of human bot, legitimate hot and malicious bot in OSNs based on wavelet: The author proposed a bot detection method in Aslan, Saglam, and Li (2018). This method uses an algorithm based on discrete wavelength transformation to obtain a pattern of the information shared by various users as posts. Then, the content is classified using various machine learning algorithms to detect bot account.
• • P2P-based key agreement and batch authentication approach: It is proposed by the author in Amir, Srinivasan, and Khan (2018) for improving effectiveness and security of peer-to-peer-based OSNs using multiple user authentications simultaneously. The authors demonstrate that the protocols are protected against passive adversaries and impersonator attacks. After examining communicational and computational cost, it supports implicit key validation principle. The principle also supported mutual certification, login to a reputation, community authenticity; non-repudiation, flexibility and access control mechanism.
• • Privacy-preserving friend recommendation scheme: It is an approached by the author in Guo, Zhang, and Fang (2015). The authors provide various user protection schemes in OSN environment, which includes identity theft, inference attack on online social relationship and fake profile attacks. The proposed method uses friend recommendation system to develop trust relationship and social interaction. It uses multi-hop trust chain for establishing communication in place of single-hop trust relationship. Moreover, this technique creates a privacy-preserving recommendation mechanism for social networks to establish a trust relationship between users.

• • Temple-based spam detector in OSN (Tangram): It is proposed by the author in Zhu et al. (2016), for the detection of spammer by filtering non-spammer content in OSNs. It analyses all the generated contents through machine learning platform. For detecting spammer, tangram takes out the template of spammer and compares it with all the generated contents towards precise and quick spam filtering excluding various training phases.
• • A secure and personal auction approach for DOSN: It is designed by the author in Thapa, Liao, Li, Li, and Sun (2016). This approach helps the user to find malicious accounts by examining intermediate computation in the protocol. This approach protects private as well as user-generated personal information, privacy in e-commerce environment, authenticity and non-repudiation.
• • Secure information hiding via short text: It is developed by the author in Ren, Liu, and Zhao (2012). This scheme used for hiding personal and profile information in OSNs using text steganography. This scheme protects user content information when users share and posts information publicly on the social network platforms. By this process, the shared content information can be protected against unauthorised person who tries to access and gather users’ personal information.
• • MPAC (multiparty access control): It is an approach proposed by the author in Hu, Ahn, and Jorgensen (2013). This approach hides personal identity that is shared among various users on different social networks such as date of birth, phone number, gender, personal address, and bank details publicly. By this process, it protects the user information by capturing authorisation principle. Also this approach applies collaborative management of shared data along with a multiparty policy specification scheme and corresponding policy evaluation mechanism (Bahwaireth, Tawalbeh, Benkhelifa, Jararweh, & Tawalbeh, 2016).
• • Hybrid trust evaluation approach (HT-TRUST): This approach proposed by the author in Zhang, Yong, Li, Pan, and Huang (2017). This approach used factor enhancement-based hybrid trust approach for trust measurement in e-commerce social networks. Sometimes it is hard to identify trusted user in spite of users’ good reputation and high-profile rating. This approach furnishes an authentic and secure social platform for e-commerce management to generate trust between the users in OSNs platform.
• • Secure data sharing scheme (CP-ABPRE): It is proposed by the author in Qinlong, Zhaofeng Yixian, Xinxin, and Jingyi (2014). This is used to protect OSN users’ information and private information.

By accessing the customised access policy data, it outsources coded data to various OSNs. By using symmetric key encryption algorithm, the authors encoded the data with the help of random key. Then the authors applied different access policy principles.

• • Friend or foes: The authors proposed one distributed randomised algorithm in Li and Lui (2014). For finding a dishonest recommendation on OSN, the authors provide various algorithms. This proposed randomised algorithm identifies such dishonest friend requests from various users on the same or different networks to protect sensitive and valuable information. To identify various dishonest accounts, the proposed algorithm implemented in various social network platforms.
• • The U-control approach: This approach presented by the author in Shin, Lopes, Claycomb, and Ahn (2009). It allows social network users to deal with the allocation of their personal information and to maintain a level of their secrecy on social network platforms. It provides digital persona and privacy management. By this approach, legitimate users cannot assure their privacy. Furthermore, this approach is based on OSN service provider’s existence. Using various encryption techniques, it hides the user’s personal information and communication against another party on OSN.
• • The fly By Night architecture: It is proposed by the author in Lucas and Borisov (2008). It is designed to care for the privacy of users’ personal information shared among registered Facebook users. In this, OSN users encrypt their confidential information using client- side JavaScript. So, confidential information cannot be ascertained by the OSN servers. For encoding the content, public-key encryption algorithm is used. Furthermore, the operator provides various protection mechanisms because the entire cryptographic algorithm is done inside users’ home page with client-side JavaScript code. For management of key attributes, the flyByNight Architecture used at server ends. It is flexible to normal user and OSN dependent (can be used only for Facebook).
• • FaceCloak architecture (Luo, Xie, & Hengartner, 2009): By this architecture, it is planned to hide private information of OSN users without using any additional configuration or installation of software by the user. It provides security to social network users by protecting confidential data. It also encrypting these data with the help of symmetric key encryption. By this architecture, confidential data are replaced by fake ones, while the encrypted content is maintained on a third-party server. The user, who has the required the key, can decipher the ciphered data stored on the third-party server. This architecture depends on existing social network service provider for implementation.
• • Secret Interest Groups (SIGs): This approach proposed by the author in Sorniotti and Molva (2010) to extenuate the users’ communication privacy in various OSNs. However, for the protection of users’ public information, it does not provide a direct solution, but it gives a platform for attaining self-managed groups (about private, sensitive, or secret topics) and for managing the members of these groups. Moreover, by using this approach, each user is totally free to decide who can access their private information. It does not demand a centralised feature but it functions in a circulated fashion.
• • Virtual private social network (VPSN) (Conti, Hasani, & Crispo, 2011): It is used for the protection of user content in OSNs. VSPN is completely based on the concept of virtual private network. It uses existing social network infrastructure and their users. It operates through creating a private link in between VPSN members to share secret information. Other users of the underlying OSN and the OSN administrator also are not able to access the same information. It can be viewed as an artillery to defeat users’ privacy threats in various OSNs and a privacy-conscious OSNs without the prerequisite of handling OSN infrastructure.
• • Decision recommendation system for sharing image (Hu, Chen, Wu, & Zhao, 2017): It is an approach for calculating the privacy level of a digital image in the profile, based on perceptual hashing and semantic privacy rules. Some of the threats download the profile photo of the user and use the same to create different accounts in the same platform or different platforms. By this way. the people can gather personal information of the users, including the profile pictures to spread malicious content on the web.
• • ReDS (a back-propagation technique): It is an approach used to enhance the safety of data in P2P-based network. This approach does not need much user participation for operation. It operates directly on the network based on the principles and features. Using authentication and encryption mechanism, it protects the personal information of the user and confidential data also. This technique does not provide the backup facility to the user and also to the users’ accounts (Keretna, Hossny, & Creighton, 2013).
• • RDF (resource description approach): The RDF approach does not require much participation from the user, it executes at the server end and operates at operator site. The service provider uses this approach to separate the data into different subsets and implements certain encryption techniques to protect the user data and confidential information. The approach uses the principle of encryption and decryption technique to protect the user data from unauthorised access (Carminati, Ferrari, Heatherly, Kantarcioglu, & Thurainsingham, 2009).
• • Mechanism based on re-socialising: This technique is based on the principle of coupling and out-of-bound invitation for designing multi-domain OSNs. The concept of re-socialising in OSN platforms is for communication purposes between different users in the same network. The service providers provide the authentication principles for better protection of the user content at their end. The different encryption techniques and methods are also implemented by the service provider to protect the valuable information.
• • Virtual personal server: It (Caceres, Cox, Lim, Shakimov, & Varshavsky, 2009) is a virtual machine installed at the user computer to protect the data against the different attacks. The virtual machine installed at the user site creates a copy of the entire OSN sites. The user can install the third-party applications and services also using this virtual machine. After creating the copy of the OSN, it can operate the account by any means without getting affected by the attackers. To better protect accounts, the user itself can manage the platform and set up their configuration for suitable operations.
• • Persona (Starin, Baden, Bender, Spring, & Bhattacharjee, 2009): To provide data access control policy on OSN platform, researchers have designed an effective way of generating application for the OSN users. To protect the personal data of the user, it uses access control policy called attribute-based encryption techniques. The approach works like an API in Facebook platform to protect the user from unauthorised access. The API is implemented with the help of Firefox extension for compilation of markup languages. The approach or API can be easily installed in the computer of Facebook users and also uninstalled easily.
• • Machine learning-based fake account detector (Xiao, Freeman, & Hwa, 2015): In this approach, it uses some machine learning pipeline approach for detecting fake accounts on OSN like Facebook, Linkedln, etc. The actor-based classification of accounts is grouped into different clusters so that the identification of the fake account can be easier by analysing clusters. The basic objective of the approach is to identify the actor of the individual cluster to know if the account is from the same actor or from different.
• • Facebook Inspector (FBI): This approach is used to provide the real-time solution for identifying malicious content on Facebook platform. The approach analyses the different characteristics of the Facebook profile and categorised the content into two different groups based on their behaviour and activities. It processes a pre-trained approach on different characteristics to know the exact behaviour of the system. It detects the malicious content available on the user profile by analysing post, blog, message, and chat rooms.
• • Audit and analysis of imposters: It is an experimental approach for detecting fake accounts in OSN. The approach is implemented on the individual profiles by analysing the friends and mutual friends of the account holder. The approach is only applicable to the Facebook profiles. The approach classifies the profile information on the basis of public data available and process through machine learning algorithm with different classification techniques.
• • COMPA: A behavioural feature-based analysis (Egele, Stringhini, Kruegel, & Vigna, 2013): COMPA is a tool-based detection technique of fake profiles on different OSN platforms. It can be installed at the users’ computer, and when the user uses the social networking sites, it is automatically incorporated with the user profile and analyses the features associated w'ith the account.
• • Fake Spotter: It (Freeman, 2017) is an approach for finding fake accounts in OSN platforms by sending certain feedback-related question to different users who are in their friend list. All the feedbacks are collected and stored in the database and certain analysis principles on those feedbacks are used to get the information about the user. The approach set an index level based on the feedback question. When all the feedbacks pass that approach, it creates a similarity index for finding legitimate or fake profile activities. The approach is only implemented on the Linkedln platform.
• • Friend in the middle (FIM) (Beato et al., 2013): It is a technique to resilient de-anonymisation technique on OSN platform. It provides a gateway to connect two different accounts in the same platform to avoid the attacks from different profiles. The approach creates a path between two users after verifying the content of the users and the activities done by the users on its profile.
• • FRAppE-based malicious App detector (Gurumurthy, Sushama, Ramu, & Nikhitha, 2019): For detecting malicious content on the Facebook platform, Rahman et al. proposed a solution called FRAppE tool, which is focused on detecting malicious application and in-built with Facebook profiles. The observation of the account can be done by collecting the information from different accounts. The different apps that are found in different profiles are combined in a particular location and based on certain parameters like activity, user interaction; however, the applications are segregated into two different categories called benign and fake applications.
• • Actor approach-based fraud detector. Kelvin et al. proposed an approach for detecting fraud on OSNs based on graph-based approach. The approach analyses the different actor and their characteristics in the network platform for detecting fraudulent content. The approach identifies the number of links available in the profile and then analyses the content by the help of machine learning principles to detect malicious content attached to that link.