Your browser does not support JavaScript!

Home    Online social networks from a malicious perspective : novel attack techniques and defense mechanisms  

Results - Details

Add to Basket
[Add to Basket]
Identifier 000383494
Title Online social networks from a malicious perspective : novel attack techniques and defense mechanisms
Alternative Title Υπηρεσίες κοινωνικής δικτύωσης από τη σκοπιά του επιτιθέμενου: καινοτόμες τεχνικές επιθέσεων και αμυντικοί μηχανισμοί
Creator Πολάκης, Ιάσων-Στυλιανός Γεωργίου
Thesis advisor Μαρκάτος, Ευάγγελος
Abstract Social networking services have become the most popular digital services, occupying the majority of the time users spend online. These services have greatly evolved from the first generation of social networks, and offer an expansive set of functionality ranging from user interaction and content sharing, to online gaming and single sign-on services. These services have inadvertently and irrevocably affected the World Wide Web, and forever altered the notion of privacy in the digital era. A natural consequence of their popularity was to also draw the attention of the Internet miscreants that target users for profit.. The vast amounts of personal information and interests that users divulge in these services, along with the high amount of trust users implicitly show to communication received within such networks, has rendered online social networks the ideal springboard for deploying highly profitable personalized attacks. Attacks in social networks can build upon the expertise of more traditional attack vectors (e.g., email spam) and also incorporate novel techniques for creating complex and intricate attacks. The ever-evolving nature of these networks and the continuous incorporation of novel functionality introduces new design vulnerabilities which can be exploited by adversaries. Security research in social networks mandates that researchers assume the role of the adversary when exploring the security aspects of these services. Their proprietary nature restricts their deployment in the controlled environment of a laboratory, and may require a black-box testing approach as their internal mechanisms are often unknown. As such, researchers must interact with the actual services and their users. Only then will they be able to anticipate" techniques that adversaries may employ in the future, and develop effective defense mechanisms that will hinder the actual attacks. The dissertation demonstrates that by misusing functionality found in various online services and social networks, one can build and deploy effective novel attacks. The results of the practical experiments reveal the vulnerable design of existing defense mechanisms employed by social networks and their inability to protect their assets from adversaries. The characteristics of the attack techniques and the outcome of the experiments guide the design and implementation of new defense mechanisms. Specifically, we identify the following resources as the assets" of social networking services, which should be protected against adversaries: (i) user information, (ii) user accounts and (iii) user actions. We assume the role of the attacker and deploy attacks that bypass any mechanisms (if any) designed to protect each type of asset. First, we explore various techniques for harvesting and correlating (personal) user information that can be used for crafting personalized attacks. Next, we demonstrate the effectiveness of automated attacks again photo-based authentication mechanisms designed to hinder adversaries from compromising user accounts. Finally, we conduct extensive experiments to explore the defense mechanisms deployed by social networks to detect and remove actions by malicious users in regards to location-based functionality. In each case, based on the insight gained from the experiments we design mechanisms for mitigating or (if possible) preventing these novel attacks.
Language English
Subject Security
Ασφάλεια
Ιστοσελίδες κοινωνικής δικτύωσης
Issue date 2014-03-06
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Doctoral theses
  Type of Work--Doctoral theses
Views 570

Digital Documents
No preview available

Download document
View document
Views : 23