Author: |
戴君翰 Jyun-han Dai |
---|---|
Thesis Title: |
基於粉絲頁成長行為時間序列模型之社群網路點擊綁架偵測機制 Detecting Clickjacking on Social Network Through Time-evolution of Fanpage Growing Behavior Modeling |
Advisor: |
李漢銘
Hahn-Ming Lee |
Committee: |
林豐澤
Feng-tse Lin 鄭博仁 Albert B. Jeng 廖弘源 Mark Liao 鄭欣明 Shin-ming Cheng |
Degree: |
碩士 Master |
Department: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
Thesis Publication Year: | 2014 |
Graduation Academic Year: | 102 |
Language: | 英文 |
Pages: | 74 |
Keywords (in Chinese): | 社群網路 、點擊綁架 、馬可夫模型 、相似度 |
Keywords (in other languages): | Social network, Clickjacking, Markov model, Similarity measure |
Reference times: | Clicks: 488 Downloads: 3 |
Share: |
School Collection Retrieve National Library Collection Retrieve Error Report |
隨著的社群網路服務日漸發達,社群網路上的惡意攻擊行為越來越多樣化。 惡意點擊綁架是個傳統的網頁攻擊手法,但是透過結合社群網路,發展出一個新興的攻擊手法。社群網路服務提供商(如:Facebook)迫切需要一套惡意點 擊綁架粉絲頁的防禦或偵測機制。然而,傳統的惡意點擊保護或偵測機制都以客戶端實作為主。社群服務提供商無法強致使用者安裝保護機制。並且在近年來的研究指出,現今的惡意點擊綁架保護與偵測機制都有機會被破解。本研究提出利用粉絲頁中粉絲成長行為之時間序列分析,偵測 Facebook 上的惡意點擊綁架粉絲頁。
The service providers of social network urgently require the confrontation through the modeling the ”clickjacking” patterns to detect the Clickjacking fans pages behavior.The Clikjacking in social network is bypassed currently not only signature-based mechanisms but also more complicated abnormal patterns, e.g., bipartite relations between users and pages. Therefore, in this study, we pro- pose a mechanisms named Clickjacking Hunter, detect Clickjacking fanpages throuhgh modeling fans base growing of fanpages evolution.
[1] Apache Hadoop. http://hadoop.apache.org/.
[2] Apache Mahout. https://mahout.apache.org/.
[3] Facebook Fanpage. https://www.facebook.com/help/174987089221178.
[4] Facebook FQL. https://developers.facebook.com/docs/reference/fql/.
[5] Facebook Graph API. https://developers.facebook.com/docs/graph-api.
[6] Facebook Improvements to our Site Integrity Systems. http://facebook.com/10151005934870766.
[7] Facebook Social Plugins. https://developers.facebook.com/docs/plugins.
[8] Facebook4J. http://facebook4j.org/en/index.html.
[9] JAMA : A Java Matrix Package. http://math.nist.gov/javanumerics/jama/.
[10] MyWOT. https://www.mywot.com/.
[11] No Script. http://noscript.net/.
[12] The Same Origin Policy. http://www.mozilla.org/projects/security/components/same- origin.html.
[13] F. Amblard, A. Casteigts, P. Flocchini, W. Quattrociocchi, and N. Santoro, “On the temporal analysis of scientific network evolution,” in Computational Aspects of Social Networks (CASoN), 2011 International Conference on, 2011, pp. 169–174.
[14] M. Balduzzi, M. Egele, E. Kirda, D. Balzarotti, and C. Kruegel, “A solution for the automated detection of clickjacking attacks,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010, pp. 135–144.
[15] A. Beutel, W. Xu, V. Guruswami, C. Palow, and C. Faloutsos, “Copycatch: stopping group attacks by spotting lockstep behavior in social networks,” in Proceedings of the 22nd international conference on World Wide Web, 2013, pp. 119–130.
[16] M. Egele, G. Stringhini, C. Kruegel, and G. Vigna, “Compa: Detecting compromised accounts on social networks.” in NDSS, 2013.
[17] S. Gaito, M. Zignani, G. P. Rossi, A. Sala, X. Zhao, H. Zheng, and B. Y. Zhao, “On the bursty evolution of online social networks,” in Proceedings of the First ACM International Workshop on Hot Topics on Interdisciplinary Social Networks Research, 2012, pp. 1–8.
[18] S. Ghosh, B. Viswanath, F. Kooti, N. K. Sharma, G. Korlam, F. Benevenuto, N. Ganguly, and K. P. Gummadi, “Understanding and combating link farm- ing in the twitter social network,” in Proceedings of the 21st international conference on World Wide Web, 2012, pp. 61–70.
[19] N. Z. Gong, W. Xu, L. Huang, P. Mittal, E. Stefanov, V. Sekar, and D. Song, “Evolution of social-attribute networks: measurements, modeling, and im- plications using google+,” in Proceedings of the 2012 ACM conference on Internet measurement conference, 2012, pp. 131–144.
[20] R. Gonzalez, R. Cuevas, R. Motamedi, R. Rejaie, and A. Cuevas, “Google+ or google-?: dissecting the evolution of the new osn in its first year,” in Proceedings of the 22nd international conference on World Wide Web, 2013, pp. 483–494.
[21] R. Hansen and J. Grossman, “Clickjacking,” Sec Theory, Internet Security, 2008.
[22] X. Hu, J. Tang, Y. Zhang, and H. Liu, “Social spammer detection in mi- croblogging,” in Proceedings of the Twenty-Third international joint confer- ence on Artificial Intelligence, 2013, pp. 2633–2639.
[23] L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schecter, and C. Jackson, “Click- jacking: Attacks and defenses.” in USENIX Security Symposium, 2012, pp. 413–428.
[24] J. Jiang, C. Wilson, X. Wang, W. Sha, P. Huang, Y. Dai, and B. Y. Zhao, “Understanding latent interactions in online social networks,” ACM Trans- actions on the Web (TWEB), vol. 7, no. 4, p. 18, 2013.
[25] M. Jiang, P. Cui, A. Beutel, C. Faloutsos, and S. Yang, “Inferring strange be- havior from connectivity pattern in social networks,” in Advances in Knowl- edge Discovery and Data Mining. Springer, 2014, pp. 126–138.
[26] R. Kikas, M. Dumas, and M. Karsai, “Bursty egocentric network evolution in skype,” Social Network Analysis and Mining, vol. 3, no. 4, pp. 1393–1401, 2013.
[27] U. U. Rehman, W. A. Khan, N. A. Saqib, and M. Kaleem, “On detection and prevention of clickjacking attack for osns,” in Frontiers of Information Technology (FIT), 2013 11th International Conference on, 2013, pp. 160– 165.
[28] G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson, “Busting frame bust- ing: a study of clickjacking vulnerabilities at popular sites,” IEEE Oakland Web, vol. 2, pp. 6–19, 2010.
[29] T. Sakaki, M. Okazaki, and Y. Matsuo, “Earthquake shakes twitter users: real-time event detection by social sensors,” in Proceedings of the 19th inter- national conference on World wide web, 2010, pp. 851–860.
[30] J. A. Shamsi, S. Hameed, W. Rahman, F. Zuberi, K. Altaf, and A. Am- jad, “Clicksafe: Providing security against clickjacking attacks,” in High- Assurance Systems Engineering (HASE), 2014 IEEE 15th International Sym- posium on, 2014, pp. 206–210.
[31] G. Stringhini, G. Wang, M. Egele, C. Kruegel, G. Vigna, H. Zheng, and B. Y. Zhao, “Follow the green: growth and dynamics in twitter follower markets,” in Proceedings of the 2013 conference on Internet measurement conference, 2013, pp. 163–176.
[32] Y. Sun, J. Han, C. C. Aggarwal, and N. V. Chawla, “When will it happen?: relationship prediction in heterogeneous information networks,” in
Proceedings of the fifth ACM international conference on Web search and data mining, 2012, pp. 663–672.
[33] S. Tang, N. Dautenhahn, and S. T. King, “Fortifying web-based applications automatically,” in Proceedings of the 18th ACM conference on Computer and communications security, 2011, pp. 615–626.
[34] C. Wilson, A. Sala, K. P. Puttaswamy, and B. Y. Zhao, “Beyond social graphs: User interactions in online social networks and their implications,” ACM Transactions on the Web (TWEB), vol. 6, no. 4, p. 17, 2012.
[35] M. Zalewski., X-Frame-Options, or solving the wrong prob- lem. http://lcamtuf.blogspot.com/2011/12/x-frame-options-or-solving- wrong.html.