1 / 21

Unveiling Social Network Deception: Insights and Countermeasures

Explore how social honeypots and phishing experiments reveal deceptive tactics within popular online social networks. Learn about profile characterization, spam techniques, and demographic influences. Discover strategies to combat social network vulnerabilities.

cwashington
Download Presentation

Unveiling Social Network Deception: Insights and Countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Paper1: Social Honeypots, Making Friends With A Spammer Near You Paper2: Social phishing Kai and Isaac Miscreant of Social Networks

  2. Paper1, Motivation • Online Social Networks (OSNs) are rapidly growing in popularity, e.g., Facebook, MySpace, Hi5, etc • OSNs provide new opportunities for miscreants to conduct their activities • Ex: phishing more effective when done in the context of a social network • Understanding different types of social spam and deception tactics is the first step towards countering these vulnerabilities.

  3. Methodology • Harvesting deceptive spam profiles from social networking communities using social honeypots. • Providing a detailed characterization (from 6 aspects) of the spam profiles that were collected with the social honeypots.

  4. Social Honeypots • 51 identical profiles • Single, Athletic, Male, Caucasian • One in each state and Washington DC • Largest city in each state for anonymity • Always logon MySpace, 24 hours per day, and 7 days per week. • Harvested data • Conduct a four month evaluate from Oct.1 2007 to Feb.1 2008 • Harvest 1,570 friend requests (and corresponding spam profiles)

  5. Characterization • Temporal distributions of spam friends request • Peak at Columbus Day, Halloween, Thanksgiving

  6. Characterization (cont.) • Geographic distributions of spam friends request • Midwestern (receive most), California (send most) • 97.7% requests are from spam profiles that reported a location that did not match the city/state associated with the honeypot profile that received them.

  7. Characterization (cont.) • Spam Profile Duplication • 65 spam profiles sent friend requests to more than one of our honeypots • 40 out of 51 honeypots (78.4%) received duplicated requests. • Once rejected by one honeypot, that profile would not send request again.

  8. Characterization (cont.) • Spam Profile Examples • Click Traps: lead users to a nefarious webpage • Friend Infiltrators: do not have overtly deceptive elements; spam the users through every available communication method (message/comment spam). • Pornographic Storytellers: through “about me” section, which contains such stories. • Japanese Pill Pushers: a kind of advertisement, also through “about me” section. • Winnies: all these profiles have the same headline “Hey its winnie”

  9. Characterization (cont.) • Spam Profile Demographics • All are women, aged 17-34 (99.4% 21-27), single, attractive. • 30% of the profiles have more than one friend. • Distribution of # of friends associated with spam profiles.

  10. Characterization (cont.) • Advertised Webpages • 2,355URLs in spam profiles redirected to 11 different destinations. • Profiles that didn't have a URL in the “About Me” section were Friend Infiltrators. • 93.3% of pages were for redirection • 6.6% were pornographic storytellers • 0.1% (only 1 page) was a phishing attack

  11. Paper 2: Social Phishing • The motivation is to provide us with a baseline success rate for individual phishing attacks. • Year: 2005 • Location: Indiana University • The key question is how easily and effectively can a phisher exploit social network information found on the Internet to increase the yield of a phishing attack? • Very easily • Very effectively

  12. Setup

  13. Setup (cont.) • phishing experiment steps: • Blogging, social network, and other public data is harvested • Data is correlated and stored in a relational database • Heuristics are used to craft spoofed email message by Eve “as Alice” to Bob (a friend) • Message is sent to Bob • Bob follows the link contained within the email message and is sent to an unchecked redirect • Bob is sent to attacker whuffo.com site • Bob is prompted for his University credentials • Bob’s credentials are verified with the University authenticator • a. Bob is successfully phishedb. Bob is not phished in this session; he could try again.

  14. Experimental Results • Control group: emails from an unknown fictitious person using IU university email address. • Social group: email from a known friend. • Social networking plays a critical role !

  15. Experimental results (Cont.) • Temporal distribution

  16. Experimental results (Cont.) • Response dynamics:Distributions of repeat authentications and refreshes of authenticated users.(victims who successfully authenticated were shown a fake message indicating the server was overloaded and asking them to try again later)

  17. Experimental results (Cont.) • Gender effect

  18. Experimental results (Cont.) • Demographic effect Success rate of phishing attack by target class. T-test: Difference in success rates are significant for all classes (p <= 0.01) Success rate of phishing attack by target major. T-test: Difference in success rates are significant for all majors (p <= 0.02)

  19. Conclusion • Social Network information is valuable to miscreants because it allows them to leverage the trust people have built with their friends. • Social network aware phishing attacks are significantly more successful that attacks from untrusted sources.

  20. How could this relate to our proj.? • Motivation: Make friends on Facebook as many as you can (so that we can harvest information). • Method: Automatically send friend requests to facebook users and solicit their confirmation. • How long we need to send all requests? • Facebook: millions of users, let’s suppose there are 175,000,000 (after survey) • Automatic request sending: 10s per request • Approximately: 486111 hours, 20254 days, 55years (of course, we can parallel), however, …

  21. Cont. • How long do we need to receive? • I send requests to 10 of my friends (very good friendship) • 2 of them accept my invitation that day, 3 within a week, 2 within two week, 1 after a month, 2 not yet • Why this happens and what lessons can we learn from this to our proj.? • Thinking • Is our project too random to be controlled? • Can we use a different angle to deal with our proj.? • By assimilating the methodologies in these two papers, for example, instead of befriending with as many as we can, we study how different kinds of people deal with different kinds of friends invitation? Including, temporal, geographical, gender, demographical, etc, • Similar, but the problems are orthogonal

More Related