Академический Документы
Профессиональный Документы
Культура Документы
AbstractThe threats to Internet have been also posed to the networks. Then we discuss the content and manner of threats
social networking sites. In social networks people tend to to social networks in Section . Section analyzes the
reduce the original alert and this makes it easier for malware countermeasures what users and social networking sites
to spread. In this paper we study the threats to social networks should use and gives a security framework of social
in recent years and analyze the targets what the attackers want
networks. Finally, Section finishes the paper with a
and the methods how attackers perform the attacks. We
separate social networks into two parts: user and social conclusion.
networking site. Then we discuss in details the
II. ATTACKS ON SOCIAL NETWORKS
countermeasures against the threats to social networks. In the
end we propose a security framework of social networks. In 2005 Sammy worm attacked MySpace and this
represented the danger in social networks. Sammy utilized
Keywords-social networks; security; user; social networking the loopholes in MySpace and spread very fast. Though
site; Sammy did not filch users information, it still had seriously
affected the normal operation of MySpace. In April 2009
I. INTRODUCTION Mikeyy worm attacked Twitter and modified the users
pages with some useless message. Mikeyy did not filth the
People can share multimedia data with others and keep in personal information just like Sammy. Unfortunately in May
touch for fun in social networks. As to users, social networks 2009 Koobface worm spread in Facebook and filched the
are like a virtual communication medium or an online important personal information such as password. Later
community[1]. User logs into one of these networks and Koobface began to spread in other social networking sites
searches for new users with the same interest after creating a and a greater harm was brought. Obviously attackers have
profile to introduce himself[2]. Social networks show found that social networks are a better way to commit
explosive growth in recent years. Social networking sites, network crimes.
such as Facebook[3], MySpace[4] and LinkedIn[5], have Malware is not the only threat. Due to the unlimited
been very popular and become the preferred method of access to the profiles of users, attackers can further gain the
communication for most people. Simultaneously the information of corporation and commercial secrets. In the
popularity of social networks poses a great threat to people. survey conducted by Sophos[7] it indicates that, 1) the
Attackers can gain the important personal information very concern of 62.8 percent companies is that the employees
easily by using social networks. These information such as provide too much information in social networks and 2)66
password and bank account can help attackers in a wide percent companies think that using social networks will pose
range of network crimes, including identity theft. a great threat to corporations.
Users are encouraged to provide name, address, gender, Gostev[8] points out: The growing popularity of social
date of birth, school, place of birth, interest and other networking sites has not gone unnoticed by cybercriminals;
personal information in social networking sites. These in 2008, such sites became a hotbed of malware and spam
information will be shared with other users. Then attackers and yet another source of illegal earnings on the Internet. By
will find the important information by analyzing these the end of 2008, the Kaspersky Lab collection contained
information. The more information users provide, the more more than 43 000 malicious files relating to social
information attackers will get. Some social networking sites networking sites. As to cybercriminals social networking
such as Twitter[6] do not leave much room for uses to sites are an increasingly popular target. The number of
provide important personal information but attackers also programs received by the Kaspersky Virus Lab which target
can analyze the series of these posts and gain what they social networking sites demonstrates that such sites are an
want. increasingly popular target. Relevant data in [8] are shown in
In this paper we focus on the threats to social networks Figure 1 and Figure 2.
and countermeasures. The structure of the rest of the paper is
as follows. Section introduces the related attacks on social
649
will attract many users. Once users click the URL more attention to the application layer in order to safeguard
the attacks will be triggered. the legitimate users. The countermeasures are concluded as
Plug-in: Some plug-in such as Flash and Silverlight follows:
are permitted to run in browser. This also brings a Provide the different functions to the different users.
new threat to social networks. Recently the flaw of Some normal users can use limited functions in
Flash has been found and the relevant attacks on default while the users with details can use more
social networks appear rapidly. functions.
Phishing: In social networks attacker can disguise Users should be notified prominently when new
himself as a legitimate user and uses social attack breaks out or new high-risk vulnerability is
engineering to entice other users to click the found. The sites also should notify the users to be
designed URL. Users in social networks are willing aware of some suspicious information.
to accept the invitation of strangers and Enhance filtering the spam and the malicious links.
communicate with them. This will lead to a phishing This can stop the spread of malicious programs and
attack. prevent users from visiting some dangerous pages.
In addition to installing anti-virus modules, it is very
IV. COUNTERMEASURES AGAINST ATTACKS important that there should be enough communi-
Now we know for what and how attackers perform cations between the sites and the security vendors.
attacks. In this section we separate social networks into two The sites should be programmed carefully to prevent
parts: user and social networking site. Each part has its own attacks such as SQL injection and XSS. Furthermore
responsibility to prevent from intrusion. the sites should pay more attention to the latest
security vulnerabilities of the platform. Installing the
A. User
patch and ensuring the normal operation of the sites
Social networks can not ignore the interactions among are the basic tasks which social networking sites
users. The behaviours of users have some great impact on the should do.
operation of social networks. Especially attackers often use The sites should be very cautious when calling a
social engineering to disguise the real attacks in social large number of external Web API. The timely
networks. If users had a good sense of safety, they could detection of the vulnerability of the third-party
avoid the vast majority of attacks. What users should do are applications or plug-in can minimize the risks.
concluded as follows:
Users must make it clear what the differences among C. A security framework
social networking sites are before joining them. According to the analysis above, we represent a security
Some sites only allow certain users access to your framework of social networks shown in Figure 3.
post, while others allow anyone to view your post.
The uploaded content must be controlled by users.
Users can permit only certain groups, such as Activities Find friends, Join groups, Communicate with others, ...
classmates, clubs, colleagues and relatives to have
User
rights to visit their web pages. Stay alert to strangers, Not click the suspicious messages,
Security Protect personal information, Be precautious to upload
Do not post full name, social security number, information, Install patches, ...
address, telephone number, bank account or credit
card numbers, and do not post the information of
other users either. Some information that can reveal Security
Classify users, Block spam, Filter suspicious links, Notify
security alert, ...
user identity must be carefully published. Social
Users should keep in mind that the information networking Services Chat, Message, Video, File sharing, Group, ...
site
uploaded by users can not be taken back. Even if Vulnerability detection, Anti-virus detection, Encrypted
Security
users removed the information from the sites, but the transmission, ...
650
V. CONCLUSIONS REFERENCES
In this paper we study the threats to social networks in [1] X. Li, D. Zeng, W. Mao and F. Wang. Online Communities: A Social
recent years. We find that the traditional attacks still work in Computing Perspective. Intelligence and Security Informatics 2008
Workshops, 2008, pp. 355-365, doi:10.1007/978-3-540-69304-8.
social networks. In the virtual community, attackers prefer
[2] D. Boyd. Social Network Sites: Public, Private, or What?
using social engineering to entice users to click the designed http://kt.flexiblelearning.net.au/tkt2007/edition-13/social-network-
pages. As users are willing to interact with others, attackers sites-public-private-or-what/.
are easier than before to perform attacks. Most attackers filch [3] Facebook. http://www.facebook.com
the secrets of users and the ultimate target is money in most [4] MySpace. http://www.myspace.com
cases. [5] LinkedIn. http://www.linkedin.com
After analyzing the methods how attacks are performed, [6] Twitter. http://twitter.com
we separate social networks into two parts: user and social
[7] Sophos: Two thirds of businesses fear that social networking endan-
networking site. Then we discuss the countermeasures gers corporate security.
against attacks respectively. In general users should stay alert http://www.sophos.com/pressoffice/news/articles/2009/04/social-
in social networks. Users should keep secret and not easily networking.html.
trust others, especially strangers. As to social networking [8] A. Gostev, O. Zaitsev, S. Golovanov and V. Kamluk: Kaspersky Se-
sites, they should pay more attention to the security of the curity Bulletin: Malware evolution 2008.
application layer apart from using traditional security http://usa.kaspersky.com/threats/docs/KasperskySecurityBulletin_Ma
lwareEvolution2008.pdf.
measures.
[9] J. Nagy, P. Pecho: Social networks security. 2009 Third International
In the end we propose a security framework of social Conference on Emerging Security Information, Systems and
networks and this makes it clear where and of what we Technologies, 2009, pp. 321-325, doi:10.1109/SECURWARE.2009.
should be aware. 56.
Social networks are still growing while relevant threats
are increasing. We should pay more attention to the safety of
social networks.
651