Analysis and Detection of Modern Spam Techniques on Social Networking Sites

The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophistica...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Krishna Chaitanya, T., Ponnapalli, HariGopal, Herts, Dylan, Pablo, Juan
Format:	Tagungsbericht
Sprache:	eng
Schlagworte:	attacks Browsers clickjacking drive-by-downloads Facebook javascript Logic gates Proposals Security social networking sites spam web 2.0 Web pages
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	152
container_issue
container_start_page	147
container_title
container_volume
creator	Krishna Chaitanya, T. Ponnapalli, HariGopal Herts, Dylan Pablo, Juan
description	The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.
doi_str_mv	10.1109/ICSEM.2012.28
format	Conference Proceeding
fullrecord	<record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6468192</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6468192</ieee_id><sourcerecordid>6468192</sourcerecordid><originalsourceid>FETCH-LOGICAL-c219t-f097035c6ea8bf9100c845e844ec1d7c5d8b16a51ecf03365b01b4665b289ef83</originalsourceid><addsrcrecordid>eNotjc1OwkAURscYEw2ydOVmXoB67_zPkiAqEXRRXJPp9FZHocVOjeHtJerq5MtJvsPYFUKBCP5mMSvnq0IAikK4Ezb21oE1XisvrTv93aiMldoKb87ZOOd3AECQGoW4YI_TNmwPOWUe2prf0kBxSF3Lu4avupr6lpf7sONrim9t-vyizI-y7GIKW_5Ew3fXf6T2lZdpoHzJzpqwzTT-54i93M3Xs4fJ8vl-MZsuJ1GgHyYNeHvMR0PBVY1HgOiUJqcURaxt1LWr0ASNFBuQ0ugKsFLmSOE8NU6O2PXfbyKizb5Pu9AfNkYZh17IHymoTcA</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Analysis and Detection of Modern Spam Techniques on Social Networking Sites</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Krishna Chaitanya, T. ; Ponnapalli, HariGopal ; Herts, Dylan ; Pablo, Juan</creator><creatorcontrib>Krishna Chaitanya, T. ; Ponnapalli, HariGopal ; Herts, Dylan ; Pablo, Juan</creatorcontrib><description>The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.</description><identifier>ISBN: 9781467357296</identifier><identifier>ISBN: 1467357294</identifier><identifier>EISBN: 9780769549378</identifier><identifier>EISBN: 0769549373</identifier><identifier>DOI: 10.1109/ICSEM.2012.28</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>attacks ; Browsers ; clickjacking ; drive-by-downloads ; Facebook ; javascript ; Logic gates ; Proposals ; Security ; social networking sites ; spam ; web 2.0 ; Web pages</subject><ispartof>2012 Third International Conference on Services in Emerging Markets, 2012, p.147-152</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c219t-f097035c6ea8bf9100c845e844ec1d7c5d8b16a51ecf03365b01b4665b289ef83</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6468192$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2056,27924,54919</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6468192$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Krishna Chaitanya, T.</creatorcontrib><creatorcontrib>Ponnapalli, HariGopal</creatorcontrib><creatorcontrib>Herts, Dylan</creatorcontrib><creatorcontrib>Pablo, Juan</creatorcontrib><title>Analysis and Detection of Modern Spam Techniques on Social Networking Sites</title><title>2012 Third International Conference on Services in Emerging Markets</title><addtitle>icsem</addtitle><description>The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.</description><subject>attacks</subject><subject>Browsers</subject><subject>clickjacking</subject><subject>drive-by-downloads</subject><subject>Facebook</subject><subject>javascript</subject><subject>Logic gates</subject><subject>Proposals</subject><subject>Security</subject><subject>social networking sites</subject><subject>spam</subject><subject>web 2.0</subject><subject>Web pages</subject><isbn>9781467357296</isbn><isbn>1467357294</isbn><isbn>9780769549378</isbn><isbn>0769549373</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2012</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjc1OwkAURscYEw2ydOVmXoB67_zPkiAqEXRRXJPp9FZHocVOjeHtJerq5MtJvsPYFUKBCP5mMSvnq0IAikK4Ezb21oE1XisvrTv93aiMldoKb87ZOOd3AECQGoW4YI_TNmwPOWUe2prf0kBxSF3Lu4avupr6lpf7sONrim9t-vyizI-y7GIKW_5Ew3fXf6T2lZdpoHzJzpqwzTT-54i93M3Xs4fJ8vl-MZsuJ1GgHyYNeHvMR0PBVY1HgOiUJqcURaxt1LWr0ASNFBuQ0ugKsFLmSOE8NU6O2PXfbyKizb5Pu9AfNkYZh17IHymoTcA</recordid><startdate>201212</startdate><enddate>201212</enddate><creator>Krishna Chaitanya, T.</creator><creator>Ponnapalli, HariGopal</creator><creator>Herts, Dylan</creator><creator>Pablo, Juan</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201212</creationdate><title>Analysis and Detection of Modern Spam Techniques on Social Networking Sites</title><author>Krishna Chaitanya, T. ; Ponnapalli, HariGopal ; Herts, Dylan ; Pablo, Juan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c219t-f097035c6ea8bf9100c845e844ec1d7c5d8b16a51ecf03365b01b4665b289ef83</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2012</creationdate><topic>attacks</topic><topic>Browsers</topic><topic>clickjacking</topic><topic>drive-by-downloads</topic><topic>Facebook</topic><topic>javascript</topic><topic>Logic gates</topic><topic>Proposals</topic><topic>Security</topic><topic>social networking sites</topic><topic>spam</topic><topic>web 2.0</topic><topic>Web pages</topic><toplevel>online_resources</toplevel><creatorcontrib>Krishna Chaitanya, T.</creatorcontrib><creatorcontrib>Ponnapalli, HariGopal</creatorcontrib><creatorcontrib>Herts, Dylan</creatorcontrib><creatorcontrib>Pablo, Juan</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Krishna Chaitanya, T.</au><au>Ponnapalli, HariGopal</au><au>Herts, Dylan</au><au>Pablo, Juan</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Analysis and Detection of Modern Spam Techniques on Social Networking Sites</atitle><btitle>2012 Third International Conference on Services in Emerging Markets</btitle><stitle>icsem</stitle><date>2012-12</date><risdate>2012</risdate><spage>147</spage><epage>152</epage><pages>147-152</pages><isbn>9781467357296</isbn><isbn>1467357294</isbn><eisbn>9780769549378</eisbn><eisbn>0769549373</eisbn><coden>IEEPAD</coden><abstract>The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.</abstract><pub>IEEE</pub><doi>10.1109/ICSEM.2012.28</doi><tpages>6</tpages></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISBN: 9781467357296
ispartof	2012 Third International Conference on Services in Emerging Markets, 2012, p.147-152
issn
language	eng
recordid	cdi_ieee_primary_6468192
source	IEEE Electronic Library (IEL) Conference Proceedings
subjects	attacks Browsers clickjacking drive-by-downloads Facebook javascript Logic gates Proposals Security social networking sites spam web 2.0 Web pages
title	Analysis and Detection of Modern Spam Techniques on Social Networking Sites
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-10T21%3A55%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Analysis%20and%20Detection%20of%20Modern%20Spam%20Techniques%20on%20Social%20Networking%20Sites&rft.btitle=2012%20Third%20International%20Conference%20on%20Services%20in%20Emerging%20Markets&rft.au=Krishna%20Chaitanya,%20T.&rft.date=2012-12&rft.spage=147&rft.epage=152&rft.pages=147-152&rft.isbn=9781467357296&rft.isbn_list=1467357294&rft.coden=IEEPAD&rft_id=info:doi/10.1109/ICSEM.2012.28&rft_dat=%3Cieee_6IE%3E6468192%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9780769549378&rft.eisbn_list=0769549373&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6468192&rfr_iscdi=true