Doctoral theses
Current Record: 70 of 125
|
Identifier |
000383494 |
Title |
Online social networks from a malicious perspective : novel attack techniques and defense mechanisms |
Alternative Title |
Υπηρεσίες κοινωνικής δικτύωσης από τη σκοπιά του επιτιθέμενου: καινοτόμες τεχνικές επιθέσεων και αμυντικοί μηχανισμοί |
Creator |
Πολάκης, Ιάσων-Στυλιανός Γεωργίου
|
Thesis advisor
|
Μαρκάτος, Ευάγγελος
|
Abstract |
Social networking services have become the most popular digital services, occupying the
majority of the time users spend online. These services have greatly evolved from the first
generation of social networks, and offer an expansive set of functionality ranging from user
interaction and content sharing, to online gaming and single sign-on services. These services
have inadvertently and irrevocably affected the World Wide Web, and forever altered the
notion of privacy in the digital era. A natural consequence of their popularity was to also
draw the attention of the Internet miscreants that target users for profit..
The vast amounts of personal information and interests that users divulge in these services,
along with the high amount of trust users implicitly show to communication received within
such networks, has rendered online social networks the ideal springboard for deploying highly profitable personalized attacks. Attacks in social networks can build upon the expertise of
more traditional attack vectors (e.g., email spam) and also incorporate novel techniques for
creating complex and intricate attacks. The ever-evolving nature of these networks and the
continuous incorporation of novel functionality introduces new design vulnerabilities which
can be exploited by adversaries.
Security research in social networks mandates that researchers assume the role of the
adversary when exploring the security aspects of these services. Their proprietary nature
restricts their deployment in the controlled environment of a laboratory, and may require
a black-box testing approach as their internal mechanisms are often unknown. As such,
researchers must interact with the actual services and their users. Only then will they be able
to anticipate" techniques that adversaries may employ in the future, and develop effective
defense mechanisms that will hinder the actual attacks.
The dissertation demonstrates that by misusing functionality found in various online
services and social networks, one can build and deploy effective novel attacks. The results
of the practical experiments reveal the vulnerable design of existing defense mechanisms
employed by social networks and their inability to protect their assets from adversaries. The
characteristics of the attack techniques and the outcome of the experiments guide the design
and implementation of new defense mechanisms.
Specifically, we identify the following resources as the assets" of social networking services,
which should be protected against adversaries: (i) user information, (ii) user accounts and
(iii) user actions. We assume the role of the attacker and deploy attacks that bypass any
mechanisms (if any) designed to protect each type of asset. First, we explore various techniques
for harvesting and correlating (personal) user information that can be used for crafting
personalized attacks. Next, we demonstrate the effectiveness of automated attacks again
photo-based authentication mechanisms designed to hinder adversaries from compromising
user accounts. Finally, we conduct extensive experiments to explore the defense mechanisms
deployed by social networks to detect and remove actions by malicious users in regards to
location-based functionality. In each case, based on the insight gained from the experiments
we design mechanisms for mitigating or (if possible) preventing these novel attacks.
|
Language |
English |
Subject |
Security |
|
Ασφάλεια |
|
Ιστοσελίδες κοινωνικής δικτύωσης |
Issue date |
2014-03-06 |
Collection
|
School/Department--School of Sciences and Engineering--Department of Computer Science--Doctoral theses
|
|
Type of Work--Doctoral theses
|
Permanent Link |
https://elocus.lib.uoc.gr//dlib/9/e/4/metadata-dlib-1396953840-711729-21579.tkl
|
Views |
604 |