Mutual-friend based attacks in social network systems

详细信息    查看全文

• 作者：Lei Jin ; James B.D. Joshi ; Mohd Anwar
• 关键词：Mutual friend ; Common friend ; Mutual-friend based attack ; Query of mutual friends ; Privacy ; Social networks ; Social network systems
• 刊名：Computers and Security
• 出版年：2013
• 出版时间：September, 2013
• 年：2013
• 卷：37
• 期：Complete
• 页码：15-30
• 全文大小：1544 K

文摘

Recently, we have seen a rapid growth of social networking systems (SNSs). In most SNSs, a user can configure his privacy settings to indicate who can or cannot see his friend list. Usually, SNSs, such as LinkedIn and Google Plus, also include a feature that allows a user to query mutual friends between him and any other user he can reach using the available public search feature in SNSs. While such a mutual friend feature is very helpful in letting users find new friends and connect to them, in this paper, we show that it also raises significant privacy concerns as an adversary can use it to find out some or all of the victim's friends, although, as per the privacy settings of the victim, the adversary is not authorized to see his friend list directly. We show that by using mutual friend queries, an attacker can launch privacy attacks that we refer to as mutual-friend based attacks to identify friends and distant neighbors of targeted users. We analyze these attacks and identify various attack structures that an attacker can use to build attack strategies, using which an attacker can identify a user's friends and his distant neighbors. Through simulations, we demonstrate that mutual-friend based attacks are effective. For instance, one of the simulation results show that an attacker using just one attacker node can identify more than 60 % of a user's friends.