Toward Evaluating Trustworthiness of Social Networking Site Users: Reputation-Based Method
DOI:
https://doi.org/10.14738/abr.73.6265Keywords:
Social engineering, deception, source credibility, phishing, social networking sitesAbstract
As social networking sites (SNSs) have risen in popularity, attackers have been using social engineering traps and tactics to trick SNS users into obeying them, accepting threats, and falling victim to various crimes and attacks, such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms. Recent research on SNS security shows that most of the attackers rely mainly on fake identities. However, one of the key challenges that has faced researchers recently is how to distinguish between legitimate users and attackers. In this paper, we propose a simple yet effective method of evaluating the trustworthiness of an SNS user. The proposed method relies on a user’s reputation, which can be evaluated from the user’s friendship history. As such, this method contributes to reducing the risks associated with the lack of identity authentication in SNSs, as well as the failure to filter fake profiles when receiving friendship invitations, looking for people on search engines, and dealing with spam messages.References
Abbasi, M.-A., & Liu, H. (2013). Measuring user credibility in social media Social Computing, Behavioral-Cultural Modeling and Prediction (pp. 441-448): Springer.
Al Zamal, F., Liu, W., & Ruths, D. (2012). Homophily and Latent Attribute Inference: Inferring Latent Attributes of Twitter Users from Neighbors. Paper presented at the ICWSM.
Algarni, A., Xu, Y., & Chan, T. (2015). Susceptibility to social engineering in social networking sites: The case of Facebook.
Algarni, A., Xu, Y., Chan, T., & Tian, Y.-C. (2013a). Social engineering in social networking sites: Affect-based model. Paper presented at the Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference for.
Algarni, A., Xu, Y., Chan, T., & Tian, Y.-C. (2013b). Toward understanding social engineering. Law & Practice: Critical Analysis and Legal Reasoning, 279-300.
Benevenuto, F., Magno, G., Rodrigues, T., & Almeida, V. (2010). Detecting spammers on twitter. Paper presented at the Collaboration, electronic messaging, anti-abuse and spam conference (CEAS).
Boorman, J., Liu, Y., Zhang, Y., Bai, Y., Yao, S., Wang, M., & Tai, L. (2014). Implications of social media networks on information security risks.
Braun, R., & Esswein, W. (2013). Towards a Conceptualization of Corporate Risks in Online Social Networks: A Literature Based Overview of Risks. Paper presented at the Enterprise Distributed Object Computing Conference (EDOC), 2013 17th IEEE International.
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative research in psychology, 3(2), 77-101.
Brody, R. G. (2012). Flying under the radar: social engineering. International Journal of Accounting and Information Management, 20(4), 335-347. doi: 10.1108/18347641211272731
Burger, J. D., Henderson, J., Kim, G., & Zarrella, G. (2011). Discriminating gender on Twitter. Paper presented at the Proceedings of the Conference on Empirical Methods in Natural Language Processing.
Castillo, C., Mendoza, M., & Poblete, B. (2011). Information credibility on twitter. Paper presented at the Proceedings of the 20th international conference on World wide web.
Chitrey, A., Singh, D., & Singh, V. (2012). A Comprehensive Study of Social Engineering Based Attacks in India to Develop a Conceptual Model. International Journal of Information and Network Security (IJINS), 1(2), 45-53.
Chu, Z., Gianvecchio, S., Wang, H., & Jajodia, S. (2012). Detecting automation of twitter accounts: Are you a human, bot, or cyborg? Dependable and Secure Computing, IEEE Transactions on, 9(6), 811-824.
Conti, M., Poovendran, R., & Secchiero, M. (2012). FakeBook: detecting fake profiles in on-line social networks. Paper presented at the Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012).
Couper, M. (2013). Is the sky falling? New technology, changing media, and the future of surveys. Paper presented at the Survey Research Methods.
Denzin, N. K., & Lincoln, Y. S. (2005). The Sage handbook of qualitative research: Sage.
Dimensional-Research. (2011). The risk of social engineering on information security: a survey of it professionals. Technical Report, Long Beach, CA.
Egele, M., Stringhini, G., Kruegel, C., & Vigna, G. (2013). Compa: Detecting compromised accounts on social networks. Paper presented at the NDSS.
Eisend, M. (2006). Source credibility dimensions in marketing communication–A generalized solution. Journal of Empirical Generalizations in Marketing, 10(2), 1-33.
Fire, M., Goldschmidt, R., & Elovici, Y. (2014). Online Social Networks: Threats and Solutions. Communications Surveys & Tutorials, IEEE, 16(4), 2019-2036.
Fire, M., Katz, G., & Elovici, Y. (2012). Strangers intrusion detection-detecting spammers and fake proles in social networks based on topology anomalies. HUMAN, 1(1), pp. 26-39.
Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., & Zhao, B. Y. (2010). Detecting and characterizing social spam campaigns. Paper presented at the Proceedings of the 10th ACM SIGCOMM conference on Internet measurement.
Hadnagy, C. (2010). Social engineering: The art of human hacking: Wiley.
Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., & Rao, H. R. (2014). Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Information systems journal, 24(1), 61-84.
Hogben, G. (2007). Security issues and recommendations for online social networks. ENISA position paper, 1.
Huber, M., Kowalski, S., Nohlberg, M., & Tjoa, S. (2009). Towards automating social engineering using social networking sites. Paper presented at the Computational Science and Engineering, 2009. CSE'09. International Conference on.
Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94-100. doi: 10.1145/1290958.1290968
Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. Mis Quarterly, 39(1), 113-134.
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2014). Advanced social engineering attacks. Journal of Information Security and Applications.
Laura Mazzuca, T. (2014). 7 Scary Findings from the 2014 Symantec Internet Security Threat Report. Property & Casualty 360.
Liu, W., & Ruths, D. (2013). What's in a Name? Using First Names as Features for Gender Inference in Twitter. Paper presented at the AAAI Spring Symposium: Analyzing Microtext.
Mazzuca, T. (2014). 7 Scary Findings from the 2014 Symantec Internet Security Threat Report. Property & Casualty 360.
McCord, M., & Chuah, M. (2011). Spam detection on twitter using traditional classifiers Autonomic and Trusted Computing (pp. 175-186): Springer.
Meligy, A. M., Ibrahim, H. M., & Torky, M. F. (2015). A Framework for Detecting Cloning Attacks in OSN Based on a Novel Social Graph Topology.
Mislove, A., Lehmann, S., Ahn, Y.-Y., Onnela, J.-P., & Rosenquist, J. N. (2011). Understanding the Demographics of Twitter Users. ICWSM, 11, 5th.
Nagy, J., & Pecho, P. (2009). Social Networks Security. 321-325. doi: 10.1109/securware.2009.56
Nohlberg, M. (2009). Why Humans are the weakest Link. Social and Human Elements of Information Security: Emerging Trends.
Posey, C., Roberts, T., Lowry, P. B., Bennett, B., & Courtney, J. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. Mis Quarterly, 37(4), 1189-1210.
Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & Management, 51(5), 551-567.
Rahman, M. S., Huang, T.-K., Madhyastha, H. V., & Faloutsos, M. (2012). Efficient and Scalable Socware Detection in Online Social Networks. Paper presented at the USENIX Security Symposium.
Rao, D., Paul, M. J., Fink, C., Yarowsky, D., Oates, T., & Coppersmith, G. (2011). Hierarchical Bayesian Models for Latent Attribute Detection in Social Media. ICWSM, 11, 598-601.
Roberts, K. L., & Taylor, B. (2002). Nursing research processes: An Australian perspective: Nelson.
Shariff, S. M., & Zhang, X. (2014). A survey on deceptions in online social networks. Paper presented at the Computer and Information Sciences (ICCOINS), 2014 International Conference on.
Stringhini, G., Kruegel, C., & Vigna, G. (2010a). Detecting spammers on social networks. Paper presented at the Proceedings of the 26th Annual Computer Security Applications Conference.
Stringhini, G., Kruegel, C., & Vigna, G. (2010b). A study on social network spam. GSWC 2010, 43.
Thomas, K., McCoy, D., Grier, C., Kolcz, A., & Paxson, V. (2013). Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. Paper presented at the USENIX Security.
Thornburgh, T. (2004). Social engineering: the dark art. Paper presented at the Proceedings of the 1st annual conference on Information security curriculum development.
Vance, A., Anderson, B. B., Kirwan, C. B., & Eargle, D. (2014). Using measures of risk perception to predict information security behavior: Insights from electroencephalography (EEG). J. Assoc. Inf. Syst, 15(10), 679-722.
Viswanath, B., Bashir, M. A., Crovella, M., Guha, S., Gummadi, K. P., Krishnamurthy, B., & Mislove, A. (2014). Towards Detecting Anomalous User Behavior in Online Social Networks. Paper presented at the USENIX Security Symposium.
Wagner, C., Mitter, S., Körner, C., & Strohmaier, M. (2012). When social bots attack: Modeling susceptibility of users in online social networks. Making Sense of Microposts (# MSM2012), 2.
Wang, A. H. (2010). Don't follow me: Spam detection in twitter. Paper presented at the Security and Cryptography (SECRYPT), Proceedings of the 2010 International Conference on.
Wang, J., Gupta, M., & Raj, R. (2015). Insider Threats in a Financial Institution: Analysis of Attack-Proneness of Information Systems Applications. Management Information Systems Quarterly, 39(1), 91-112.
West, R., Mayhorn, C., Hardee, J., & Mendel, J. (2009). The Weakest Link: A Psychological Perspective on Why. Social and Human Elements of Information Security: Emerging Trends.
Workman, M. (2007). Gaining access with social engineering: An empirical study of the threat. Information Systems Security, 16(6), 315-331.
Yardi, S., Romero, D., & Schoenebeck, G. (2009). Detecting spam in a twitter network. First Monday, 15(1).