All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks

机译：您的所有联系人都属于我们：社交网络上的自动身份盗用攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Social networking sites have been increasingly gaining popularity. Well-known sites such as Facebook have been reporting growth rates as high as 3% per week [5]. Many social networking sites have millions of registered users who use these sites to share photographs, contact long-lost friends, establish new business contacts and to keep in touch. In this paper, we investigate how easy it would be for a potential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information. The first attack we present is the automated identity theft of existing user profiles and sending of friend requests to the contacts of the cloned victim. The hope, from the attacker's point of view, is that the contacted users simply trust and accept the friend request. By establishing a friendship relationship with the contacts of a victim, the attacker is able to access the sensitive personal information provided by them. In the second, more advanced attack we present, we show that it is effective and feasible to launch an automated, cross-site profile cloning attack. In this attack, we are able to automatically create a forged profile in a network where the victim is not registered yet and contact the victim's friends who are registered on both networks. Our experimental results with real users show that the automated attacks we present are effective and feasible in practice.

机译：社交网站越来越受欢迎。 Facebook等知名网站的报告增长率高达每周3％[5]。许多社交网站都有数百万个注册用户，这些用户使用这些网站共享照片，联系久违的朋友，建立新的业务联系并保持联系。在本文中，我们调查了潜在的攻击者针对许多流行的社交网站发起自动爬网和身份盗窃攻击以获取大量个人用户信息的难易程度。我们提出的第一个攻击是现有用户个人资料的自动身份盗窃，以及向克隆的受害者的联系人发送好友请求。从攻击者的角度来看，希望是被联系的用户简单地信任并接受朋友的请求。通过与受害者的联系人建立友谊关系，攻击者可以访问他们提供的敏感个人信息。在我们目前提出的第二种更高级的攻击中，我们表明发起自动的跨站点配置文件克隆攻击是有效且可行的。在这种攻击中，我们能够在尚未注册受害者的网络中自动创建伪造的配置文件，并与在两个网络上注册的受害者的朋友联系。我们对真实用户的实验结果表明，我们提出的自动攻击在实践中是有效且可行的。

著录项

来源
《International world wide web conference;WWW 09》|2009年|p.541-550|共10页
会议地点
作者
Leyla Bilge; Thorsten Strufe; Davide Balzarotti; Engin Kirda;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算机网络;
关键词
social network security; identity theft;

机译：社交网络安全;身份盗窃;

相似文献

外文文献
中文文献
专利

1. A novel machine learning approach to the detection of identity theft in social networks based on emulated attack instances and support vector machines [J] . Villar‐Rodríguez E., Del Ser J., Torre‐Bastida A. I., Concurrency and computation: practice and experience . 2016,第4期

机译：一种基于仿真攻击实例和支持向量机的社交网络身份盗窃检测机器学习新方法
2. A defence scheme against Identity Theft Attack based on multiple social networks [J] . Bing-Zhe He, Chien-Ming Chen, Yi-Ping Su, Expert Systems with Application . 2014,第5期

机译：基于多个社交网络的身份盗窃攻击防御方案
3. Fusing Behavioral Projection Models for Identity Theft Detection in Online Social Networks [J] . Cheng Wang, Bo Yang, Jipeng Cui, Computational Social Systems, IEEE Transactions on . 2019,第4期

机译：融合行为投影模型用于在线社交网络中的身份盗窃检测
4. All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks [C] . Leyla Bilge, Thorsten Strufe, Davide Balzarotti, International world wide web conference . 2009

机译：您的所有联系人都属于我们：对社交网络的自动身份盗窃攻击
5. Automating social network models for tuberculosis contact investigation. [D] . Abernethy, Neil Franklin. 2005

机译：用于结核病接触者调查的自动化社交网络模型。
6. The effects of social integration and hometown identity on the life satisfaction of Chinese rural migrants: the mediating and moderating effects of a sense of belonging in the host city [O] . Hongsheng Chen, Zhenjun Zhu, Jiang Chang, 2020

机译：社会融合和家乡身份对中国农民工生活满意度的影响：东道主城市归属感的中介和调节作用
7. Social Networks ‟ Benefits, Privacy, and Identity Theft: KSA Case Study [O] . Ahmad A. Al-daraiseh, Afnan S. Al-joudi, Hanan B. Al-gahtani, 2015

机译：社交网络“福利，隐私和身份盗窃：Ksa案例研究”

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks

摘要

著录项

相似文献

相关主题

期刊订阅