一种针对在线社交网络的自动化僵尸账号攻击方案

doi:10.7523/j.issn.2095-6134.2014.04.016

中国科学院大学学报 ›› 2014, Vol. 31 ›› Issue (4): 548-554.DOI: 10.7523/j.issn.2095-6134.2014.04.016

一种针对在线社交网络的自动化僵尸账号攻击方案

熊凯¹, 张玉清^1,2, 吕少卿¹

1. 西安电子科技大学综合业务网理论与关键技术国家重点实验室, 西安 710071;
2. 中国科学院大学国家计算机网络入侵防范中心, 北京 100049

收稿日期:2013-02-01 修回日期:2013-07-31 发布日期:2014-07-15
通讯作者: 张玉清，E-mail：zhangyq@nipc.org.cn
基金资助:
国家自然科学基金（61272481）资助

Automatic Sybil attack method for online social network

XIONG Kai¹, ZHANG Yuqing^1,2, LÜ Shaiqing¹

1. State Key Laboratory of Integrated Services Networks, XiDian University, Xi'an 710071, China;
2. National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 100049, China

Received:2013-02-01 Revised:2013-07-31 Published:2014-07-15

摘要/Abstract

摘要：

分析僵尸账号对社交网络的主要威胁及社交网络对僵尸账号的检测机制，针对现有检测机制的不足设计规避检测的策略.使用该策略设计并实现一款利用僵尸账号对社交网络进行攻击的自动化工具.使用该工具对国内外最大的2个社交网站进行攻击测试.实验结果证明了策略与工具的有效性，并证明了社交网络针对僵尸账号的检测机制仍存在不足.

关键词: 社交网络, 僵尸账号, 隐私, Sybil attack

Abstract:

The Sybil attack has become a serious threat to the online social networks(OSN). We analyze the main threats of Sybil accounts to the OSN and the methods for detecting them. We find out that all the detection methods have their weaknesses. Based on those we propose a set of strategies to avoid the OSN's detection and accomplish a tool called OSNBP, which uses strategies to infiltrate into the OSN. After we used this tool in infiltration tests into the two largest social networks, Facebook.com and RenRen.com, we conclude that our infiltration strategies are effective and the existing methods of detecting Sybil accounts are imperfect.

Key words: ocial networks, Sybil account, privacy, Sybil attack

中图分类号:

TP393

熊凯, 张玉清, 吕少卿. 一种针对在线社交网络的自动化僵尸账号攻击方案[J]. 中国科学院大学学报, 2014, 31(4): 548-554.

XIONG Kai, ZHANG Yuqing, LÜ Shaiqing. Automatic Sybil attack method for online social network[J]. , 2014, 31(4): 548-554.

参考文献

[1] Wikipedia.Facebook[EB/OL].(2012-06-05) . http://en.wikipedia.org/wiki/Facebook.

[2] Stein T, Chen E, Mangla K. Facebook immune system[C]//Proceedings of the 4th Workshop on Social Network Systems. Salzburg, Austria, 2011.

[3] Yang Z, Wilson C, Wang X, et al. Uncovering social network sybils in the wild[C]//Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference. Berlin, Germany, 2011:259-268.

[4] Bilge L, Strufe T, Balzarotti D, et al. Automated ldentity theft attacks on social networks[C]//Proceedings of the 18th International Conference on World Wide Web. New York: ACM, 2009:551-560.

[5] Mondal M, Viswanath B, Clement A, et al. Limiting arge-scale crawls of social networking sites[C]//Proceedings of the ACM SIGCOMM 2011 Conference. New York: ACM, 2011:398-399.

[6] Philip WLF. Preventing Sybil attacks by privilege attenuation: A design principle for social network systems[C]//Security and Privacy (SP), 2011 IEEE Symposium on. Berkeley, CA, 2011:263-278.

[7] Zha D, Jing J, Kang L. Mitigating the malicious trust expansion in social network service[J]. Information Security, Practice and Experience, 2010(6047):264-275.

[8] Matt Jurek. Google explorer +1 button to influence search results[EB/OL]. (2011-08-29) . http://tinyurl.com/7g927oy.

[9] Gao H, Hu J, Wilson C, et al. Detecting and characterizing social spam campaigns[C]//Proceedings of the 10th ACM SIGCOMM. AFairfax, VA, USA, 2010:35-47.

[10] Thomas K, Grier C, Paxson V, et al. Suspended accounts in retrospect: An analysis of twitter spam[C]//Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference. Berlin, Germany, 2011:243-258.

[11] Yu H, Kaminsky M, Gibbons P B, et al. SybilGuard: defending against sybil attacks via social networks[C]//Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. Pisa, Italy, 2006:267-278.

[12] Yu H, Gibbons P, Kaminsky M, et al. SybilLimit: A near-optimal social metwork defense against sybil attacks[C]//Security and Privacy, IEEE Symposium on. 2008:3-17.

[13] Danezis G, Mittal P. SybilInfer: detecting SybilNodes using social networks[C]//NDSS. 2009.

[14] Tran N, Min B, Li J, et al. Sybil-resilient online content voting[C]//NSDI. 2009.

[15] Tran N, Li J, Subramanian, et al. Optimal Sybil-resilient node admission control[C]//INFOCOM, 2011 Proceedings IEEE. 2011:3218-3226.

[16] Viswanath B, Post A, Gummadi K P. An analysis of social network-based Sybil defenses[C]//Proceedings of the ACM SIGCOMM 2010 Conference. New Delhi, India, 2010:363-374.

[17] Gao H, Hu J, Wilson C, et al. Detecting and characterizing social spam campaigns[C]//Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement. Melbourne, Australia, 2010:35-47.

[18] Antonio L, Cliff E, Reynold X. Detecting spam on social networking site: related work[EB/OL]. (2012-03-14) . http://bid.berkeley.edu/cs294-1-spring12/images/b/b9/Spam-related-work.pdf.

[19] Boshmaf Y, Muslukhov I, Beznosov K, et al. The socialbot network: when bots socialize for fame and money[C]//Proceedings of the 27th Annual Computer Security Applications Conferencetions Conference. Orlando, FL, USA, 2011:93-102.

[20] Stringhini G, Kruegel C, Vigna G, et al. Detecting spammers on social networks[C]//Proceedings of the 26th Annual Computer Security Applications Conference. Austin, TX, USA, 2010:1-9.

[21] Cao Q, Yang X W. SybilFence: improving social-graph-based sybil defenses with user negative feedback[EB/OL]. (2013-04-13) .[2013-05-28]http://arxiv.org/abs/1304.3819.

[22] Cao Q, Sirivianos M, Yang X, et al. Aiding the detection of fake accounts in large scale social online services[C]//USENIX Networked Systems Design and Implementation. 2012.

[23] Ahn Y, Han S, Kwak H, et al. Analysis of topological characteristics of huge online social networking services[C]//Proceedings of the 16th International Conference on World Wide Web. Banff, AB, Canada, 2007:835-844.

[24] Fielding R T. Architectural styles and the design of network-based software architectures[D].Irvine: University of California, Irvine, 2000.

一种针对在线社交网络的自动化僵尸账号攻击方案

Automatic Sybil attack method for online social network

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 5

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	王新栋, 于华, 江成. 社交网络关键节点检测的积极效应问题[J]. 中国科学院大学学报, 2019, 36(3): 425-432.
[2]	田玮, 朱廷劭. 基于深度学习的微博用户自杀风险预测[J]. 中国科学院大学学报, 2018, 35(1): 131-136.
[3]	吴敬征, 武延军, 武志飞, 杨牧天, 罗天悦, 王永吉. 基于有向信息流的Android隐私泄露类恶意应用检测方法[J]. 中国科学院大学学报, 2015, 32(6): 807-815.
[4]	倪平, 张玉清, 闻观行, 刘奇旭, 范丹. 基于群体特征的社交僵尸网络检测方法[J]. 中国科学院大学学报, 2014, 31(5): 691-700.
[5]	唐强, 姬东耀. 秘密认证中的可否认性问题[J]. 中国科学院大学学报, 2009, 26(6): 835-840.