Mutual-friend based attacks in social network systems
Identifieur interne : 001674 ( PascalFrancis/Checkpoint ); précédent : 001673; suivant : 001675Mutual-friend based attacks in social network systems
Auteurs : LEI JIN [États-Unis] ; James B. D. Joshi [États-Unis] ; Mohd Anwar [États-Unis]Source :
- Computers & security [ 0167-4048 ] ; 2013.
Descripteurs français
- Pascal (Inist)
- Wicri :
- topic : Confidentialité.
English descriptors
- KwdEn :
Abstract
Recently, we have seen a rapid growth of social networking systems (SNSs). In most SNSs, a user can configure his privacy settings to indicate who can or cannot see his friend list. Usually, SNSs, such as LinkedIn and Google Plus, also include a feature that allows a user to query mutual friends between him and any other user he can reach using the available public search feature in SNSs. While such a mutual friend feature is very helpful in letting users find new friends and connect to them, in this paper, we show that it also raises significant privacy concerns as an adversary can use it to find out some or all of the victim's friends, although, as per the privacy settings of the victim, the adversary is not authorized to see his friend list directly. We show that by using mutual friend queries, an attacker can launch privacy attacks that we refer to as mutual-friend based attacks to identify friends and distant neighbors of targeted users. We analyze these attacks and identify various attack structures that an attacker can use to build attack strategies, using which an attacker can identify a user's friends and his distant neighbors. Through simulations, we demonstrate that mutual-friend based attacks are effective. For instance, one of the simulation results show that an attacker using just one attacker node can identify more than 60% of a user's friends.
Affiliations:
Links toward previous steps (curation, corpus...)
Links to Exploration step
Pascal:13-0362940Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">Mutual-friend based attacks in social network systems</title><author><name sortKey="Lei Jin" sort="Lei Jin" uniqKey="Lei Jin" last="Lei Jin">LEI JIN</name><affiliation wicri:level="4"><inist:fA14 i1="01"><s1>School of Information Sciences, University of Pittsburgh</s1><s2>Pittsburgh, PA 15260</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><settlement type="city">Pittsburgh</settlement><region type="state">Pennsylvanie</region></placeName><orgName type="university">Université de Pittsburgh</orgName></affiliation></author><author><name sortKey="Joshi, James B D" sort="Joshi, James B D" uniqKey="Joshi J" first="James B. D." last="Joshi">James B. D. Joshi</name><affiliation wicri:level="4"><inist:fA14 i1="01"><s1>School of Information Sciences, University of Pittsburgh</s1><s2>Pittsburgh, PA 15260</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><settlement type="city">Pittsburgh</settlement><region type="state">Pennsylvanie</region></placeName><orgName type="university">Université de Pittsburgh</orgName></affiliation></author><author><name sortKey="Anwar, Mohd" sort="Anwar, Mohd" uniqKey="Anwar M" first="Mohd" last="Anwar">Mohd Anwar</name><affiliation wicri:level="1"><inist:fA14 i1="02"><s1>Department of Computer Sciences, North Carolina A&T State University</s1><s2>Greensboro, NC 27411</s2><s3>USA</s3><sZ>3 aut.</sZ></inist:fA14><country>États-Unis</country><wicri:noRegion>Greensboro, NC 27411</wicri:noRegion></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">INIST</idno><idno type="inist">13-0362940</idno><date when="2013">2013</date><idno type="stanalyst">PASCAL 13-0362940 INIST</idno><idno type="RBID">Pascal:13-0362940</idno><idno type="wicri:Area/PascalFrancis/Corpus">001758</idno><idno type="wicri:Area/PascalFrancis/Curation">003274</idno><idno type="wicri:Area/PascalFrancis/Checkpoint">001674</idno><idno type="wicri:explorRef" wicri:stream="PascalFrancis" wicri:step="Checkpoint">001674</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">Mutual-friend based attacks in social network systems</title><author><name sortKey="Lei Jin" sort="Lei Jin" uniqKey="Lei Jin" last="Lei Jin">LEI JIN</name><affiliation wicri:level="4"><inist:fA14 i1="01"><s1>School of Information Sciences, University of Pittsburgh</s1><s2>Pittsburgh, PA 15260</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><settlement type="city">Pittsburgh</settlement><region type="state">Pennsylvanie</region></placeName><orgName type="university">Université de Pittsburgh</orgName></affiliation></author><author><name sortKey="Joshi, James B D" sort="Joshi, James B D" uniqKey="Joshi J" first="James B. D." last="Joshi">James B. D. Joshi</name><affiliation wicri:level="4"><inist:fA14 i1="01"><s1>School of Information Sciences, University of Pittsburgh</s1><s2>Pittsburgh, PA 15260</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></inist:fA14><country>États-Unis</country><placeName><settlement type="city">Pittsburgh</settlement><region type="state">Pennsylvanie</region></placeName><orgName type="university">Université de Pittsburgh</orgName></affiliation></author><author><name sortKey="Anwar, Mohd" sort="Anwar, Mohd" uniqKey="Anwar M" first="Mohd" last="Anwar">Mohd Anwar</name><affiliation wicri:level="1"><inist:fA14 i1="02"><s1>Department of Computer Sciences, North Carolina A&T State University</s1><s2>Greensboro, NC 27411</s2><s3>USA</s3><sZ>3 aut.</sZ></inist:fA14><country>États-Unis</country><wicri:noRegion>Greensboro, NC 27411</wicri:noRegion></affiliation></author></analytic><series><title level="j" type="main">Computers & security</title><title level="j" type="abbreviated">Comput. secur.</title><idno type="ISSN">0167-4048</idno><imprint><date when="2013">2013</date></imprint></series></biblStruct></sourceDesc><seriesStmt><title level="j" type="main">Computers & security</title><title level="j" type="abbreviated">Comput. secur.</title><idno type="ISSN">0167-4048</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Computer attack</term><term>Computer security</term><term>Confidentiality</term><term>Friendship</term><term>Private life</term><term>Social interaction</term><term>Social network</term></keywords><keywords scheme="Pascal" xml:lang="fr"><term>Attaque informatique</term><term>Vie privée</term><term>Sécurité informatique</term><term>Réseau social</term><term>Interaction sociale</term><term>Amitié</term><term>Confidentialité</term><term>.</term></keywords><keywords scheme="Wicri" type="topic" xml:lang="fr"><term>Confidentialité</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Recently, we have seen a rapid growth of social networking systems (SNSs). In most SNSs, a user can configure his privacy settings to indicate who can or cannot see his friend list. Usually, SNSs, such as LinkedIn and Google Plus, also include a feature that allows a user to query mutual friends between him and any other user he can reach using the available public search feature in SNSs. While such a mutual friend feature is very helpful in letting users find new friends and connect to them, in this paper, we show that it also raises significant privacy concerns as an adversary can use it to find out some or all of the victim's friends, although, as per the privacy settings of the victim, the adversary is not authorized to see his friend list directly. We show that by using mutual friend queries, an attacker can launch privacy attacks that we refer to as mutual-friend based attacks to identify friends and distant neighbors of targeted users. We analyze these attacks and identify various attack structures that an attacker can use to build attack strategies, using which an attacker can identify a user's friends and his distant neighbors. Through simulations, we demonstrate that mutual-friend based attacks are effective. For instance, one of the simulation results show that an attacker using just one attacker node can identify more than 60% of a user's friends.</div></front></TEI><inist><standard h6="B"><pA><fA01 i1="01" i2="1"><s0>0167-4048</s0></fA01><fA03 i2="1"><s0>Comput. secur.</s0></fA03><fA05><s2>37</s2></fA05><fA08 i1="01" i2="1" l="ENG"><s1>Mutual-friend based attacks in social network systems</s1></fA08><fA11 i1="01" i2="1"><s1>LEI JIN</s1></fA11><fA11 i1="02" i2="1"><s1>JOSHI (James B. D.)</s1></fA11><fA11 i1="03" i2="1"><s1>ANWAR (Mohd)</s1></fA11><fA14 i1="01"><s1>School of Information Sciences, University of Pittsburgh</s1><s2>Pittsburgh, PA 15260</s2><s3>USA</s3><sZ>1 aut.</sZ><sZ>2 aut.</sZ></fA14><fA14 i1="02"><s1>Department of Computer Sciences, North Carolina A&T State University</s1><s2>Greensboro, NC 27411</s2><s3>USA</s3><sZ>3 aut.</sZ></fA14><fA20><s1>15-30</s1></fA20><fA21><s1>2013</s1></fA21><fA23 i1="01"><s0>ENG</s0></fA23><fA43 i1="01"><s1>INIST</s1><s2>19635</s2><s5>354000505183240020</s5></fA43><fA44><s0>0000</s0><s1>© 2013 INIST-CNRS. All rights reserved.</s1></fA44><fA45><s0>1 p.</s0></fA45><fA47 i1="01" i2="1"><s0>13-0362940</s0></fA47><fA60><s1>P</s1></fA60><fA61><s0>A</s0></fA61><fA64 i1="01" i2="1"><s0>Computers & security</s0></fA64><fA66 i1="01"><s0>NLD</s0></fA66><fC01 i1="01" l="ENG"><s0>Recently, we have seen a rapid growth of social networking systems (SNSs). In most SNSs, a user can configure his privacy settings to indicate who can or cannot see his friend list. Usually, SNSs, such as LinkedIn and Google Plus, also include a feature that allows a user to query mutual friends between him and any other user he can reach using the available public search feature in SNSs. While such a mutual friend feature is very helpful in letting users find new friends and connect to them, in this paper, we show that it also raises significant privacy concerns as an adversary can use it to find out some or all of the victim's friends, although, as per the privacy settings of the victim, the adversary is not authorized to see his friend list directly. We show that by using mutual friend queries, an attacker can launch privacy attacks that we refer to as mutual-friend based attacks to identify friends and distant neighbors of targeted users. We analyze these attacks and identify various attack structures that an attacker can use to build attack strategies, using which an attacker can identify a user's friends and his distant neighbors. Through simulations, we demonstrate that mutual-friend based attacks are effective. For instance, one of the simulation results show that an attacker using just one attacker node can identify more than 60% of a user's friends.</s0></fC01><fC02 i1="01" i2="X"><s0>001D02B07C</s0></fC02><fC02 i1="02" i2="X"><s0>001D02B04</s0></fC02><fC03 i1="01" i2="X" l="FRE"><s0>Attaque informatique</s0><s5>06</s5></fC03><fC03 i1="01" i2="X" l="ENG"><s0>Computer attack</s0><s5>06</s5></fC03><fC03 i1="01" i2="X" l="SPA"><s0>Ataque informática</s0><s5>06</s5></fC03><fC03 i1="02" i2="X" l="FRE"><s0>Vie privée</s0><s5>07</s5></fC03><fC03 i1="02" i2="X" l="ENG"><s0>Private life</s0><s5>07</s5></fC03><fC03 i1="02" i2="X" l="SPA"><s0>Vida privada</s0><s5>07</s5></fC03><fC03 i1="03" i2="X" l="FRE"><s0>Sécurité informatique</s0><s5>08</s5></fC03><fC03 i1="03" i2="X" l="ENG"><s0>Computer security</s0><s5>08</s5></fC03><fC03 i1="03" i2="X" l="SPA"><s0>Seguridad informatica</s0><s5>08</s5></fC03><fC03 i1="04" i2="X" l="FRE"><s0>Réseau social</s0><s5>18</s5></fC03><fC03 i1="04" i2="X" l="ENG"><s0>Social network</s0><s5>18</s5></fC03><fC03 i1="04" i2="X" l="SPA"><s0>Red social</s0><s5>18</s5></fC03><fC03 i1="05" i2="X" l="FRE"><s0>Interaction sociale</s0><s5>19</s5></fC03><fC03 i1="05" i2="X" l="ENG"><s0>Social interaction</s0><s5>19</s5></fC03><fC03 i1="05" i2="X" l="SPA"><s0>Interacción social</s0><s5>19</s5></fC03><fC03 i1="06" i2="X" l="FRE"><s0>Amitié</s0><s5>20</s5></fC03><fC03 i1="06" i2="X" l="ENG"><s0>Friendship</s0><s5>20</s5></fC03><fC03 i1="06" i2="X" l="SPA"><s0>Amistad</s0><s5>20</s5></fC03><fC03 i1="07" i2="X" l="FRE"><s0>Confidentialité</s0><s5>21</s5></fC03><fC03 i1="07" i2="X" l="ENG"><s0>Confidentiality</s0><s5>21</s5></fC03><fC03 i1="07" i2="X" l="SPA"><s0>Confidencialidad</s0><s5>21</s5></fC03><fC03 i1="08" i2="X" l="FRE"><s0>.</s0><s4>INC</s4><s5>82</s5></fC03><fN21><s1>343</s1></fN21><fN44 i1="01"><s1>OTO</s1></fN44><fN82><s1>OTO</s1></fN82></pA></standard></inist><affiliations><list><country><li>États-Unis</li></country><region><li>Pennsylvanie</li></region><settlement><li>Pittsburgh</li></settlement><orgName><li>Université de Pittsburgh</li></orgName></list><tree><country name="États-Unis"><region name="Pennsylvanie"><name sortKey="Lei Jin" sort="Lei Jin" uniqKey="Lei Jin" last="Lei Jin">LEI JIN</name></region><name sortKey="Anwar, Mohd" sort="Anwar, Mohd" uniqKey="Anwar M" first="Mohd" last="Anwar">Mohd Anwar</name><name sortKey="Joshi, James B D" sort="Joshi, James B D" uniqKey="Joshi J" first="James B. D." last="Joshi">James B. D. Joshi</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Amérique/explor/PittsburghV1/Data/PascalFrancis/Checkpoint
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 001674 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Checkpoint/biblio.hfd -nk 001674 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Amérique
|area= PittsburghV1
|flux= PascalFrancis
|étape= Checkpoint
|type= RBID
|clé= Pascal:13-0362940
|texte= Mutual-friend based attacks in social network systems
}}
| This area was generated with Dilib version V0.6.38. |  |