Hybrid method on clickjacking detection and prevention in modern advertisements

In modern advertisements, clickjacking attacks can be delivered through a vulnerability in web application. To overcome this, web application security is required that will prevent malvertisement. In this study, prevention of clickjacking in the modern web advertisements are implemented. Vulnerability checks on the potentially malicious website were conducted. Implementation of hybrid prevention method of clickjacking into new developed website were carried out. Among top 500 websites, 50 websites were chosen as a dataset in this study out of which 4 case studies were selected. Website with server privileges were required to implement the hybrid prevention method, consisting opacity, Z-Index and X-Frame option policy. A new website was developed to satisfy the requirements for the method implementation. The results show, among 50 selected websites, about 19 websites were vulnerable to clickjacking. When the hybrid prevention method were implemented in the developed website, it increases the security by mitigating the vulnerability of web application to clickjacking attack

Malware Propagation in Online Social Networks: Modeling, Analysis and Real-world Implementations

The popularity and wide spread usage of online social networks (OSNs) have attracted hackers and cyber criminals to use OSNs as an attack platform to spread malware. Over the last few years, Facebook users have experienced hundreds of malware attacks. A successful attack can lead to tens of millions of OSN accounts being compromised and computers being infected. Cyber criminals can mount massive denial of service attacks against Internet infrastructures or systems using compromised accounts and computers. Malware infecting a user's computer have the ability to steal login credentials and other confidential information stored on the computer, install ransomware and infect other computers on the same network. Therefore, it is important to understand propagation dynamics of malware in OSNs in order to detect, contain and remove them as early as possible. The objective of this dissertation is thus to model and study propagation dynamics of various types of malware in social networks such as Facebook, LinkedIn and Orkut. In particular, - we propose analytical models that characterize propagation dynamics of cross-site scripting and Trojan malware, the two major types of malware propagating in OSNs. Our models assume the topological characteristics of real-world social networks, namely, low average shortest distance, power-law distribution of node degrees and high clustering coefficient. The proposed models were validated using a real-world social network graph. - we present the design and implementation of a cellular botnet named SoCellBot that uses the OSN platform as a means to recruit and control cellular bots on smartphones. SoCellBot utilizes OSN messaging systems as communication channels between bots. We then present a simulation-based analysis of the botnet's strategies to maximize the number of infected victims within a short amount of time and, at the same time, minimize the risk of being detected. - we describe and analyze emerging malware threats in OSNs, namely, clickjacking, extension-based and Magnet malware. We discuss their implementations and working mechanics, and analyze their propagation dynamics via simulations. - we evaluate the performance of several selective monitoring schemes used for malware detection in OSNs. With selective monitoring, we select a set of important users in the network and monitor their and their friends activities and posts for malware threats. These schemes differ in how the set of important users is selected. We evaluate and compare the effectiveness of several selective monitoring schemes in terms of malware detection in OSNs

Cyber Security Concerns in Social Networking Service

Today’s world is unimaginable without online social networks. Nowadays, millions of people connect with their friends and families by sharing their personal information with the help of different forms of social media. Sometimes, individuals face different types of issues while maintaining the multimedia contents like, audios, videos, photos because it is difficult to maintain the security and privacy of these multimedia contents uploaded on a daily basis. In fact, sometimes personal or sensitive information could get viral if that leaks out even unintentionally. Any leaked out content can be shared and made a topic of popular talk all over the world within few seconds with the help of the social networking sites. In the setting of Internet of Things (IoT) that would connect millions of devices, such contents could be shared from anywhere anytime. Considering such a setting, in this work, we investigate the key security and privacy concerns faced by individuals who use different social networking sites differently for different reasons. We also discuss the current state-of-the-art defense mechanisms that can bring somewhat long-term solutions to tackling these threats

A Survey of Social Network Forensics

Social networks in any form, specifically online social networks (OSNs), are becoming a part of our everyday life in this new millennium especially with the advanced and simple communication technologies through easily accessible devices such as smartphones and tablets. The data generated through the use of these technologies need to be analyzed for forensic purposes when criminal and terrorist activities are involved. In order to deal with the forensic implications of social networks, current research on both digital forensics and social networks need to be incorporated and understood. This will help digital forensics investigators to predict, detect and even prevent any criminal activities in different forms. It will also help researchers to develop new models / techniques in the future. This paper provides literature review of the social network forensics methods, models, and techniques in order to provide an overview to the researchers for their future works as well as the law enforcement investigators for their investigations when crimes are committed in the cyber space. It also provides awareness and defense methods for OSN users in order to protect them against to social attacks

Three Essays on Individuals’ Vulnerability to Security Attacks in Online Social Networks: Factors and Behaviors

With increasing reliance on the Internet, the use of online social networks (OSNs) for communication has grown rapidly. OSN platforms are used to share information and communicate with friends and family. However, these platforms can pose serious security threats to users. In spite of the extent of such security threats and resulting damages, little is known about factors associated with individuals’ vulnerability to online security attacks. We address this gap in the following three essays. Essay 1 draws on a synthesis of the epidemic theory in infectious disease epidemiology with the social capital theory to conceptualize factors that contribute to an individual’s role in security threat propagation in OSN. To test the model, we collected data and created a network of hacked individuals over three months from Twitter. The final hacked network consists of over 8000 individual users. Using this data set, we derived individual’s factors measuring threat propagation efficacy and threat vulnerability. The dependent variables were defined based on the concept of epidemic theory in disease propagation. The independent variables are measured based on the social capital theory. We use the regression method for data analysis. The results of this study uncover factors that have significant impact on threat propagation efficacy and threat vulnerability. We discuss the novel theoretical and managerial contributions of this work. Essay 2 explores the role of individuals’ interests in their threat vulnerability in OSNs. In OSNs, individuals follow social pages and post contents that can easily reveal their topics of interest. Prior studies show high exposure of individuals to topics of interest can decrease individuals’ ability to evaluate the risks associated with their interests. This gives attackers a chance to target people based on what they are interested in. However, interest-based vulnerability is not just a risk factor for individuals themselves. Research has reported that similar interests lead to friendship and individuals share similar interests with their friends. This similarity can increase trust among friends and makes individuals more vulnerable to security threat coming from their friends’ behaviors. Despite the potential importance of interest in the propagation of online security attacks online, the literature on this topic is scarce. To address this gap, we capture individuals’ interests in OSN and identify the association between individuals’ interests and their vulnerability to online security threats. The theoretical foundation of this work is a synthesis of dual-system theory and the theory of homophily. Communities of interest in OSN were detected using a known algorithm. We test our model using the data set and social network of hacked individuals from Essay 1. We used this network to collect additional data about individuals’ interests in OSN. The results determine communities of interests which were associated with individuals’ online threat vulnerability. Moreover, our findings reveal that similarities of interest among individuals and their friends play a role in individuals’ threat vulnerability in OSN. We discuss the novel theoretical and empirical contributions of this work. Essay 3 examines the role addiction to OSNs plays in individuals’ security perceptions and behaviors. Despite the prevalence of problematic use of OSNs and the possibility of addiction to these platforms, little is known about the functionalities of brain systems of users who suffer from OSN addiction and their online security perception and behaviors. In addressing these gaps, we have developed the Online addiction & security behaviors (OASB) theory by synthesizing dual-system theory and extended protection motivation theory (PMT). We collected data through an online survey. The results indicate that OSN addiction is rooted in the individual’s brain systems. For the OSN addicted, there is a strong cognitive-emotional preoccupation with using OSN. Our findings also reveal the positive and significant impact of OSN addiction on perceived susceptibility to and severity of online security threats. Moreover, our results show the negative association between OSN addiction and perceived self-efficacy. We discuss the theoretical and practical implications of this work

Towards assessing information privacy in microblogging online social networks. The IPAM framework

Les xarxes socials en línia incorporen diferents formes de comunicació interactiva com serveis de microblogs, compartició de fitxers multimèdia o xarxes de contactes professionals. En els últims anys han augmentat els escàndols públics en relació amb pràctiques qüestionables de la indústria de les xarxes socials pel que fa a la privacitat. Així, doncs, cal una avaluació efectiva i eficient del nivell de privacitat en les xarxes socials en línia. El focus de la present tesi és la construcció d'un esquema (IPAM) per a identificar i avaluar el nivell de privacitat proporcionat per les xarxes socials en línia, en particular per als serveis de microblogs. L'objectiu d'IPAM és ajudar els usuaris a identificar els riscos relacionats amb les seves dades. L'esquema també permet comparar el nivell de protecció de la privacitat entre diferents sistemes analitzats, de manera que pugui ser també utilitzat per proveïdors de servei i desenvolupadors per a provar i avaluar els seus sistemes i si les tècniques de privacitat usades són eficaces i suficients.Las redes sociales en línea incorporan diferentes formas de comunicación interactiva como servicios de microblogueo, compartición de ficheros multimedia o redes de contactos profesionales. En los últimos años han aumentado los escándalos públicos relacionados con prácticas cuestionables de la industria de las redes sociales en relación con la privacidad. Así pues, es necesaria una evaluación efectiva y eficiente del nivel de privacidad en las redes sociales en línea. El foco de la presente tesis es la construcción de un esquema (IPAM) para identificar y evaluar el nivel de privacidad proporcionado por las redes sociales en línea, en particular para los servicios de microblogueo. El objetivo de IPAM es ayudar a los usuarios a identificar los riesgos relacionados con sus datos. El esquema también permite comparar el nivel de protección de la privacidad entre diferentes sistemas analizados, de modo que pueda ser también utilizado por proveedores de servicio y desarrolladores para probar y evaluar sus sistemas y si las técnicas de privacidad usadas son eficaces y suficientes.Online social networks (OSNs) incorporate different forms of interactive communication, including microblogging services, multimedia sharing and business networking, among others. In recent years there has been an increase in the number of privacy-related public scandals involving questionable data handling practices in OSNs. This situation calls for an effective and efficient evaluation of the privacy level provided by such services. In this thesis, we take initial steps towards developing an information privacy assessment framework (IPAM framework) to compute privacy scores for online social networks in general, and microblogging OSNs in particular. The aim of the proposed framework is to help users identify personal data-related risks and how their privacy is protected when using one OSN or another. The IPAM framework also allows for a comparison between different systems' privacy protection level. This gives system providers, not only an idea of how they are positioned in the market vis-à-vis their competitors, but also recommendations on how to enhance their services

The Internet of Everything

In the era before IoT, the world wide web, internet, web 2.0 and social media made people’s lives comfortable by providing web services and enabling access personal data irrespective of their location. Further, to save time and improve efficiency, there is a need for machine to machine communication, automation, smart computing and ubiquitous access to personal devices. This need gave birth to the phenomenon of Internet of Things (IoT) and further to the concept of Internet of Everything (IoE)

The Internet of Everything

In the era before IoT, the world wide web, internet, web 2.0 and social media made people’s lives comfortable by providing web services and enabling access personal data irrespective of their location. Further, to save time and improve efficiency, there is a need for machine to machine communication, automation, smart computing and ubiquitous access to personal devices. This need gave birth to the phenomenon of Internet of Things (IoT) and further to the concept of Internet of Everything (IoE)