Mitigating Colluding Attacks in Online Social Networks and Crowdsourcing Platforms

Online Social Networks (OSNs) have created new ways for people to communicate, and for companies to engage their customers -- with these new avenues for communication come new vulnerabilities that can be exploited by attackers. This dissertation aims to investigate two attack models: Identity Clone Attacks (ICA) and Reconnaissance Attacks (RA). During an ICA, attackers impersonate users in a network and attempt to infiltrate social circles and extract confidential information. In an RA, attackers gather information on a target\u27s resources, employees, and relationships with other entities over public venues such as OSNs and company websites. This was made easier for the RA to be efficient because well-known social networks, such as Facebook, have a policy to force people to use their real identities for their accounts. The goal of our research is to provide mechanisms to defend against colluding attackers in the presence of ICA and RA collusion attacks. In this work, we consider a scenario not addressed by previous works, wherein multiple attackers collude against the network, and propose defense mechanisms for such an attack. We take into account the asymmetric nature of social networks and include the case where colluders could add or modify some attributes of their clones. We also consider the case where attackers send few friend requests to uncover their targets. To detect fake reviews and uncovering colluders in crowdsourcing, we propose a semantic similarity measurement between reviews and a community detection algorithm to overcome the non-adversarial attack. ICA in a colluding attack may become stronger and more sophisticated than in a single attack. We introduce a token-based comparison and a friend list structure-matching approach, resulting in stronger identifiers even in the presence of attackers who could add or modify some attributes on the clone. We also propose a stronger RA collusion mechanism in which colluders build their own legitimacy by considering asymmetric relationships among users and, while having partial information of the networks, avoid recreating social circles around their targets. Finally, we propose a defense mechanism against colluding RA which uses the weakest person (e.g., the potential victim willing to accept friend requests) to reach their target

The zombies strike back: Towards client-side beef detection

A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis

Distribuirani obrambeni mehanizmi za clone napade temeljeni na algoritmu za istraživanje gravitacije (GSA) u WSN

Wireless Sensor Networks (WSN) are often deployed in hostile environment and are vulnerable to attacks because of the resource constrained nature of the sensors. Clone attack in WSN is one of the major issues where the messages are eavesdropped, the captured node is cloned, and multiple nodes with same identity are produced by attacker. In order to overcome these issues, in this paper, a Distributed Defense Mechanism for Clone Attacks based on Gravitational Search Algorithm (GSA) in WSN is proposed. For efficiently detecting the suspect nodes, the nodes in the channel can be divided into witness node and the claimer node. The witness nodes are responsible for the suspect nodes detection, whereas the claimer nodes should provide their identities for the detection process. For the witness nodes selection, we utilize the GSA to pick out the best witness nodes set. After selecting the witness nodes, clone attack detection is performed by observing the behavior of the neighbor nodes. On detecting the clone attack, revocation procedure is triggered to revoke the clone attack in the witness nodes. By simulation results, it can be concluded that the proposed algorithm provides better protection to clone attacks by reducing the packet drop and increasing the packet delivery ratio.Bežične senzorske mreže (WSN) često su raspoređene u neprijateljskom okruženju i ranjive su na napade zbog prirode senzora koji su tehnološki ograničeni. Clone napad u WSN jedan je od glavnih problema gdje se poruke prisluškuju, zarobljeni čvor se klonira te napadač proizvede višestruke čvorove istog identiteta. Kako bi nadvladali te probleme, ovaj rad predlaže distribuirani obrambeni mehanizam za clone napade temeljen na algoritmu za istraživanje gravitacije (GSA) u WSN. Kako bi se sumnjivi čvorovi efikasno detektirali, čvorovi u kanalu mogu se podijeliti u čvorove svjedoke i tražene čvorove. Čvorovi svjedoci odgovorni su za otkrivanje sumnjivih čvorova, dok traženi čvorovi trebaju za potrebe procesa detekcije navesti svoj identitet. Za izbor čvorova svjedoka, koristi se GSA kako bi se izabrala grupa čvorova koji su najprikladniji. Nakon izbora čvorova svjedoka, otkivanje clone napada vrši se promatranjem ponašanja susjednih čvorova. Otkrivanjem clone napada aktivira se proces opoziva kako bi se opozvao clone napad u čvorovima svjedocima. Prema rezultatima dobivenim iz simulacije može se zaključiti kako predloženi algoritam pruža bolju zaštitu od clone napada smanjivanjem odbacivanja paketa i povećavanjem omjera isporuke paketa

Security techniques for intelligent spam sensing and anomaly detection in online social platforms

Copyright © 2020 Institute of Advanced Engineering and Science. All rights reserved. The recent advances in communication and mobile technologies made it easier to access and share information for most people worldwide. Among the most powerful information spreading platforms are the Online Social Networks (OSN)s that allow Internet-connected users to share different information such as instant messages, tweets, photos, and videos. Adding to that many governmental and private institutions use the OSNs such as Twitter for official announcements. Consequently, there is a tremendous need to provide the required level of security for OSN users. However, there are many challenges due to the different protocols and variety of mobile apps used to access OSNs. Therefore, traditional security techniques fail to provide the needed security and privacy, and more intelligence is required. Computational intelligence adds high-speed computation, fault tolerance, adaptability, and error resilience when used to ensure security in OSN apps. This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs. In addition, we use the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups and to prevent further planned actions such as cyber/terrorist attacks before they happen

Security techniques for intelligent spam sensing and anomaly detection in online social platforms

Copyright © 2020 Institute of Advanced Engineering and Science. All rights reserved. The recent advances in communication and mobile technologies made it easier to access and share information for most people worldwide. Among the most powerful information spreading platforms are the Online Social Networks (OSN)s that allow Internet-connected users to share different information such as instant messages, tweets, photos, and videos. Adding to that many governmental and private institutions use the OSNs such as Twitter for official announcements. Consequently, there is a tremendous need to provide the required level of security for OSN users. However, there are many challenges due to the different protocols and variety of mobile apps used to access OSNs. Therefore, traditional security techniques fail to provide the needed security and privacy, and more intelligence is required. Computational intelligence adds high-speed computation, fault tolerance, adaptability, and error resilience when used to ensure security in OSN apps. This research provides a comprehensive related work survey and investigates the application of artificial neural networks for intrusion detection systems and spam filtering for OSNs. In addition, we use the concept of social graphs and weighted cliques in the detection of suspicious behavior of certain online groups and to prevent further planned actions such as cyber/terrorist attacks before they happen

A Survey On Security In Wireless Sensor Network

With the global use of wireless sensor network technology in different fields and for different purposes such as health care monitoring, earth sensing, air pollution monitoring, military operations monitoring or surveillance system monitoring, a problem arises. Problem that could negatively impact previously started activities and observations if not handled in a right way. Authors of this paper discuss various vulnerabilities and security threads in different applications of WSN in the real world, such as intrusion, node capture attack, black hole attack or selective forwarding attack. Potential countermeasures are proposed formatted as protocols or architectures for secure transfer of data between friendly nodes, compromises on security measures with the goal of achieving secure and reliable connection. This paper could be used as a general representation of WSN security issue with which WSN engineers are faced on a daily basis

Exploring machine learning techniques for fake profile detection in online social networks

The online social network is the largest network, more than 4 billion users use social media and with its rapid growth, the risk of maintaining the integrity of data has tremendously increased. There are several kinds of security challenges in online social networks (OSNs). Many abominable behaviors try to hack social sites and misuse the data available on these sites. Therefore, protection against such behaviors has become an essential requirement. Though there are many types of security threats in online social networks but, one of the significant threats is the fake profile. Fake profiles are created intentionally with certain motives, and such profiles may be targeted to steal or acquire sensitive information and/or spread rumors on online social networks with specific motives. Fake profiles are primarily used to steal or extract information by means of friendly interaction online and/or misusing online data available on social sites. Thus, fake profile detection in social media networks is attracting the attention of researchers. This paper aims to discuss various machine learning (ML) methods used by researchers for fake profile detection to explore the further possibility of improvising the machine learning models for speedy results