Analysis of Spamming Threats and Some Possible Solutions for Online Social Networking Sites (OSNS)
In this paper we are presenting some spamming
techniques their behaviour and possible solutions. We have analyzed
how Spammers enters into online social networking sites (OSNSs) to
target them and diverse techniques used by them for this purpose.
Spamming is very common issue in present era of Internet
especially through Online Social Networking Sites (like Facebook,
Twitter, and Google+ etc.). Spam messages keep wasting Internet
bandwidth and the storage space of servers. On social networking
sites; spammers often disguise themselves by creating fake accounts
and hijacking user’s accounts for personal gains. They behave like
normal user and they continue to change their spamming strategy.
Following spamming techniques are discussed in this paper like
clickjacking, social engineered attacks, cross site scripting, URL
shortening, and drive by download. We have used elgg framework
for demonstration of some of spamming threats and respective
implementation of solutions.
[1] Detecting Spammers on Social Networks by Gianluca Stringhini,
Christopher Kruegel and Giovanni Vigna, http://www.cse.fau.edu/
~xqzhu/courses/Resources/GSC.acsac10-socialnets.pdf
[2] OSWAP, https://www.owasp.org/index.php/
[3] Huang, Lin-Shung, et al. "Click jacking: Attacks and Defences."
USENIX Security Symposium. 2012.
[4] Jagatic, Tom N., et al. "Social phishing." Communications of the ACM
50.10 (2007): 94-100.
[5] Al Hasib, Abdullah. "Threats of online social networks." IJCSNS
International Journal of Computer Science and Network Security 9.11
(2009): 288-93.
[6] Lee, Kyumin, James Caverlee, and Steve Webb. "Uncovering social
spammers: social honeypots+ machine learning." Proceedings of the
33rd international ACM SIGIR conference on Research and
development in information retrieval. ACM, 2010.
[7] Lu, Long, et al. "Blade: an attack-agnostic approach for preventing
drive-by malware infections." Proceedings of the 17th ACM conference
on Computer and communications security. ACM, 2010. [8] L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, and C. Jackson,
“Clickjacking: Attacks and defences,” in USENIX Security Symposium.
USENIX Association, 2012.
[9] The Click jacking attack by Ilya Kantor http://javascript.info/
tutorial/clickjacking
[10] Linda Criddle, http://www.webroot.com/in/en/home/resources/tips/
online-shopping-banking/secure-what-is-social-engineering
[11] Phish tank, https://www.phishtank.com/what_is_phishing.php
[12] Blog,http://www.symantec.com/connect/blogs/web-applicationpenetration-
te
[13] Weboedia,
http://www.webopedia.com/TERM/S/social_engineering.html
[14] XSS examples by Lakhmanan Ganapathy, http://www.thegeekstuff.com/
2012/02/xss-attack-examples/
[15] M. Vilas, “Having fun with url shorteners,” Blog, Jan2010,
http://breakingcode.wordpress.com/2010/01/11/having-fun-with-urlshorteners/.
[16] URL shortening site, https://bitly.com/
[17] Security news, http://www.pctools.com/security-news/drive-bydownloads/
[18] E. Foundation, “Elgg- an award-winning social networking engine,”
Website, http://www.elgg.org/.
[19] G. Maone, “Hello clearclick, goodbye clickjacking!” Blog, October
2008.
[20] G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson, “Busting frame
busting: a study of click jacking vulnerabilities at popular sites,” in in
IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010.
[21] M. IE Team, “Combating click jacking with x-frame-options,” Blog,
March 2010.
[22] http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/dhspriv
acy_pia_usss_cyveillance_12272012.pdf
[23] K. Rieck, T. Krueger, and A. Dewald, “Cujo: Efficient detection and
prevention of drive-by-download attacks,” in Proceedings of the 26th
Annual Computer Security Applications Conference, ser. ACSAC ’10.
New York, NY, USA: ACM, 2010, pp. 31–39.
[24] Mineola Community Bank, https://www.mineolacb.com/avoidingattacks.
htm
[1] Detecting Spammers on Social Networks by Gianluca Stringhini,
Christopher Kruegel and Giovanni Vigna, http://www.cse.fau.edu/
~xqzhu/courses/Resources/GSC.acsac10-socialnets.pdf
[2] OSWAP, https://www.owasp.org/index.php/
[3] Huang, Lin-Shung, et al. "Click jacking: Attacks and Defences."
USENIX Security Symposium. 2012.
[4] Jagatic, Tom N., et al. "Social phishing." Communications of the ACM
50.10 (2007): 94-100.
[5] Al Hasib, Abdullah. "Threats of online social networks." IJCSNS
International Journal of Computer Science and Network Security 9.11
(2009): 288-93.
[6] Lee, Kyumin, James Caverlee, and Steve Webb. "Uncovering social
spammers: social honeypots+ machine learning." Proceedings of the
33rd international ACM SIGIR conference on Research and
development in information retrieval. ACM, 2010.
[7] Lu, Long, et al. "Blade: an attack-agnostic approach for preventing
drive-by malware infections." Proceedings of the 17th ACM conference
on Computer and communications security. ACM, 2010. [8] L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, and C. Jackson,
“Clickjacking: Attacks and defences,” in USENIX Security Symposium.
USENIX Association, 2012.
[9] The Click jacking attack by Ilya Kantor http://javascript.info/
tutorial/clickjacking
[10] Linda Criddle, http://www.webroot.com/in/en/home/resources/tips/
online-shopping-banking/secure-what-is-social-engineering
[11] Phish tank, https://www.phishtank.com/what_is_phishing.php
[12] Blog,http://www.symantec.com/connect/blogs/web-applicationpenetration-
te
[13] Weboedia,
http://www.webopedia.com/TERM/S/social_engineering.html
[14] XSS examples by Lakhmanan Ganapathy, http://www.thegeekstuff.com/
2012/02/xss-attack-examples/
[15] M. Vilas, “Having fun with url shorteners,” Blog, Jan2010,
http://breakingcode.wordpress.com/2010/01/11/having-fun-with-urlshorteners/.
[16] URL shortening site, https://bitly.com/
[17] Security news, http://www.pctools.com/security-news/drive-bydownloads/
[18] E. Foundation, “Elgg- an award-winning social networking engine,”
Website, http://www.elgg.org/.
[19] G. Maone, “Hello clearclick, goodbye clickjacking!” Blog, October
2008.
[20] G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson, “Busting frame
busting: a study of click jacking vulnerabilities at popular sites,” in in
IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010.
[21] M. IE Team, “Combating click jacking with x-frame-options,” Blog,
March 2010.
[22] http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/dhspriv
acy_pia_usss_cyveillance_12272012.pdf
[23] K. Rieck, T. Krueger, and A. Dewald, “Cujo: Efficient detection and
prevention of drive-by-download attacks,” in Proceedings of the 26th
Annual Computer Security Applications Conference, ser. ACSAC ’10.
New York, NY, USA: ACM, 2010, pp. 31–39.
[24] Mineola Community Bank, https://www.mineolacb.com/avoidingattacks.
htm
@article{"International Journal of Information, Control and Computer Sciences:69492", author = "Dilip Singh Sisodia and Shrish Verma", title = "Analysis of Spamming Threats and Some Possible Solutions for Online Social Networking Sites (OSNS)", abstract = "In this paper we are presenting some spamming
techniques their behaviour and possible solutions. We have analyzed
how Spammers enters into online social networking sites (OSNSs) to
target them and diverse techniques used by them for this purpose.
Spamming is very common issue in present era of Internet
especially through Online Social Networking Sites (like Facebook,
Twitter, and Google+ etc.). Spam messages keep wasting Internet
bandwidth and the storage space of servers. On social networking
sites; spammers often disguise themselves by creating fake accounts
and hijacking user’s accounts for personal gains. They behave like
normal user and they continue to change their spamming strategy.
Following spamming techniques are discussed in this paper like
clickjacking, social engineered attacks, cross site scripting, URL
shortening, and drive by download. We have used elgg framework
for demonstration of some of spamming threats and respective
implementation of solutions.
", keywords = "Online social networking sites, spam attacks,
Internet, clickjacking/likejacking, drive-by-download, URL
shortening, cross site scripting, socially engineered attacks, elgg
framework.", volume = "9", number = "3", pages = "762-5", }
