№2, 2016

SECURITY ISSUES IN SOCIAL NETWORKS
Ramiz H. Shikhaliyev

Nowadays, a large number of social networks exist in the Internet. These social networks are very popular and play a prominent role in people’s life. Alongside, the social networks have also caused the occurrence of new threats in the field of information security. Such threats are related to the distribution of malicious software and spams, attacks on social engineering and social network accounts, tracking, fraud and etc. This article is dedicated to the analysis of existing threats in social networks and the protection issues against them (pp.74-81).

Keywords:social network, malicious software, spam, phishing, fake account.
References
  • Stern J., Introduction to web 2.0 technologies, http://www.wlac.edu
  • Imamverdiyev Y. Social media and security issues / II Republican scientific-practical conference on multidisciplinary problems of Information security dedicated to 150 years’ anniversary of International Telecommunications Union, 2015, pp. 189-192.
  • http://www.statista.com/topics/1164/social-networks/
  • Stringhini G., Kruegel C., Vigna G., Detecting spammers on social networks / Proc. of the 26th annual computer security applications conference, 2010, pp. 1-9.
  • Jacoby D., Facebook security phishing attack in the wild, https://securelist.com/blog/events/31951/facebook-security-phishing-attack-in-the-wild-14
  • https://en.wikipedia.org/wiki/Malware
  • https://en.wikipedia.org/wiki/Spamming/
  • https://en.wikipedia.org/wiki/Phishing
  • Baltazar J., Costoya J., Flores R., The real face of koobface: The largest web 2.0 botnet explained, Trend Micro Res., 2009, vol. 5, no. 9, 10 p.
  • Amin T., Okhiria O., Lu J., An J., Facebook: A comprehensive analysis of phishing on a social system, EECE 412 Term Project Report, 2010, 6 p., http://www.courses.ece.ubc.ca/412/term_project/reports/ 2010/facebook.pdf
  • Cavit D. Microsoft security intelligence report, 2010, vol. 10, 89 p. http://www.microsoft.com/en-us/download/details.aspx?id=17030
  • Fire M., Katz G., and Elovici Y., Strangers intrusion detection-detecting spammers and fake profiles in social networks based on topology anomalies / ASE human journal, 2012, vol. 1, no. 1, pp. 26-39.
  • Lundeen R., Ou J., Rhodes T., New ways I’m going to hack your web app // Proc. of the Blackhat AD, 2011, pp. 1-11.
  • McMillan R., Researchers make wormy twitter attack / PCWorld, 2009, http://www.pcworld.idg.com.au/article/296382/researchers_make_wormy_twitter_attack/
  • Krishnamurthy B., Wills C. E., On the leakage of personally identifiable information via online social networks // Proc. of the 2nd ACM workshop on online social networks,
    2009, pp. 7-12.
  • Wondracek G., Holz T., Kirda E., and Kruegel C., A practical attack to de-anonymize social network users // Proc. of the security and privacy IEEE symposium, 2010, pp. 223-238.
  • Peled O., Fire M., Rokach L., Elovici Y. Entity matching in online social networks // Proc. of the international conference on social computing, 2013, pp. 339-344.
  • Facebook, Form 10-k (Annual Report)—Filed 02/01/13 for the Period Ending 12/31/12, 2013, 139 p., http://files.shareholder.com/downloads/AMDA-NJ5DZ/2301311196x0 xS1326801-13-3/1326801/1326801-13-3.pdf
  • The Faces of Facebook, http://www.app.thefacesoffacebook.com/
  • Douceur J. R., The sybil attack // Proc. of the 1st international workshop on peer-to-peer systems, 2002, pp. 251-260, http://www.dl.acm.org/citation.cfm?id=646334.687813
  • Gao H. Detecting and characterizing social spam campaigns // Proc. of the 10th ACM SIGCOMM conference on Internet measurement, 2010, pp. 35-47.
  • Boshmaf Y., Muslukhov I., Beznosov K., and Ripeanu M., The socialbot network: When bots socialize for fame and money // Proc. of the 27th annual computer security applications conference, 2011, pp. 93-102.
  • Jeffries A., Facebook’s security check asks users to identify photos of friends’ dogs, Gummi Bears [UPDATED], 2010, http://readwrite.com/2010/08/04/facebooks_security_check_asks_users_to_identify_ph
  • Song A., Introducing login approvals, 2011, https://www.facebook.com/note.php?note_id=10150172618258920
  • Liu Y., Gummadi K., Krishnamurthy B., and Mislove A., Analyzing Facebook privacy settings: User expectations vs. reality // Proc. of the ACM SIGCOMM conference on Internet measurement conference, 2011, pp. 61-70.
  • Mahmood S., Desmedt Y., Poster: Preliminary analysis of google+’s privacy // Proc. of the 18th ACM conference on Computer and communications security, 2011, pp. 809-812.
  • Facebook, Facebook Help Center: Privacy, http://www.facebook.com/help/privacy
  • Axten S., Staying in control of your facebook logins, https://www.facebook.com/notes/facebook/staying-in-control-of-your-facebook-logins/389991097130
  • Fire M., Kagan D., Elyashar A., and Elovici Y., Friend or foe? Fake profile identification in online social networks / Springer journal of social network analysis and mining, 2014, vol.4 no.1, pp. 194-216.
  • Chowdhury A., State of twitter spam, 2010, https://blog.twitter.com/2010/state-twitter-spam
  • Stein T., Chen E., and Mangla K., Facebook immune system // Proc. of the 4th workshop on social network systems, 2011, pp. 1–8.
  • Facebook, Report abuse or policy violations, https://www.facebook.com/report
  • Axon S., Facebook Will Add a Panic Button for U.K. Teens, Jul. 2010., http://www.mashable.com/2010/07/11/facebook-panic-button-ceop
  • AVG, Avg Privacyfix: http://www.privacyfix.com
  • Symantec, Norton Safe Web: https://www.facebook.com/appcenter/nortonsafeweb
  • McAfee, Mcafee Social Protection Beta: https://www.protectmediaonline.com
  • Lipford H. R., Besmer A., Watson J., Understanding privacy settings in facebook with an audience view // Proc. of the 1st conference on usability, psychology, and security, 2008, pp. 21-28.
  • Luo W., Xie Q, Hengartner U, FaceCloak: An architecture for user privacy on social networking sites, // Proc. of the international conference on computational science and engineering, 2009, vol. 3, pp. 26-33.
  • Fang L., LeFevre K., Privacy wizards for social networking sites // Proc. of the 19th international conference on world wide web, 2010, pp. 351-360.
  • Garera S., Provos N., Chew M., Rubin A. D., A framework for detection and measurement of phishing attacks // Proc. of the ACM workshop on recurring malcode, 2007, pp. 1-8.
  • Ma J., L. Saul K., Savage S., Voelker G. M., Beyond blacklists: Learning to detect malicious web sites from suspicious urls // Proc. of the 15th ACM SIGKDD international conference on knowledge discovery and data mining, 2009, pp. 1245-1254.
  • Xiang G., Hong J., Rose C. P., Cranor L., CANTINA+ A feature-rich machine learning framework for detecting phishing web sites / A ACM transactions on information and system security 2011, vol. 14, no. 2, pp. 1-28.
  • Lee S., Kim J., Warningbird: Detecting suspicious urls in twitter stream // Proc. Of the 19th Annual Network & Distributed System Security Symposium, 2012, pp. 1-13.
  •  Benevenuto F., Rodrigues T., Almeida V., Almeida J., Gonzalves M., Detecting spammers and content promoters in online video social networks // Proc. of the 32nd international ACM SIGIR conference on research and development in information retrieval, 2009, pp. 620-627.
  • Wang A., Don’t follow me: Spam detection in twitter // Proc. of the international conference on security and cryptography, 2010, pp. 1-10.
  • Aggarwal A., Almeida J., Kumaraguru P., Detection of spam tipping behavior on foursquare // Proc. of the. 22nd international conference on World Wide Web, 2013, pp. 641-648.
  • Kontaxis G., Polakis I., Ioannidis S., Markatos E., Detecting social network profile cloning // Proc. of the IEEE international conference on pervasive computing and communications workshops, 2011, pp. 295-300.
  • Shan Z., Cao H., Lv J., Yan C., and Liu A., Enhancing and identifying cloning attacks in online social networks // Proc. of the 7th international conference on ubiquitous information management and communication, 2013, pp. 17-19.
  • Koll D., Jun Li, Stein, J., Xiaoming Fu, On the state of OSN-based Sybil defenses // Proc. of the IFIP networking conference, 2014, pp. 1-9.
  • Yu H., Kaminsky M., Gibbons P., and Flaxman A., Sybilguard: Defending against sybil attacks via social networks // Proc. of the conference on applications, technologies, architectures, and protocols for computer communications, 2006, vol. 36, no. 4, pp. 267-278.
  • Yu H., Gibbons P. B., Kaminsky M., and Xiao F., Sybillimit: A nearoptimal social network defense against sybil attacks / IEEE/ACM transactions on networking, 2010, vol. 18, no. 3, pp. 885-898.
  • Danezis G. and Mittal P., Sybilinfer: Detecting sybil nodes using social networks // Proc. of the 16th annual network & distributed system security symposium, 2009, 16 p.
  • Cao Q., Sirivianos M., Yang X., Pregueiro T., Aiding the detection of fake accounts in large scale social online services // Proc. of the 9th USENIX conference on networked systems design and implementation, 2012, p. 15.