E-Letter‎ > ‎


Security and Privacy in Online Social Networks

Welcome to the STCSN E-Letter Vol.2 No.4! Please check the PDF version here.

  • The Design of a Friend Search Web Service for Studying Users’ Query Behavior (PDF)
    (by Na Li, Northwest Missouri State University, MO, U.S.A., Yuhong Liu, Penn State Altoona, U.S.A., 
    Venu Madhavi Doddapaneni and Sai Samrat Malka, Northwest Missouri State University, MO, U.S.A.)

    Recently, one of the most popular services in online social networks (OSNs) is the friend search engine, which is intended for querying the friend lists of individual users. However, privacy concerns have risen since users may not feel comfortable to display their full friend lists in response to queries. In our previous work, we have proposed a privacy-aware display strategy which prevents the search engine from displaying more friends than the users are willing to expose. However, the lack of real attack data makes it hard to evaluate the effectiveness of such a strategy in reality. In this article, we propose the design of a web application which can be used to collect real friend search behaviors of normal users as well as attack strategies which aim to violate users’ friendship privacy. The collected data will advance our understanding of advanced attack strategies and help with the design of a more secured search engine with privacy protection.
  • Reviewsec: Security Analysis Tool for Online Reviews (PDF)
    Yongbo Zeng, Yihai Zhu, Yan (Lindsay) Sun, University of Rhode Island, RI, U.S.A.)

    Abstract: Online review plays an important role when people are making decisions to purchase a product/service. It is shown that the sellers can benefit from boosting the reviews of their products/services, or downgrading the reviews of their competitors. Dishonest behavior on reviews can seriously affect both buyers and sellers. In this work, we propose an algorithm that contains a two-step analysis to detect whether a product’s reviews have been manipulated. The first step is called consistency analysis, which detects the variation in rating values. In the second step, we introduce a novel angle to detect dishonest reviews, called Equal Rating Opportunity (ERO) principle. We propose the ERO analysis using the ANOVA method. Furthermore, we develop a web-based system, referred to as ReviewSec, to conduct real-time on-demand review manipulation detection. The ReviewSec system includes three modules: 1) crawler, which download reviews data from e-commerce website; 2) detector, consisting of the consistency analysis and ERO analysis; and 3) web-based interface. We believe that with the assistance of the ReviewSec system, online shoppers can understand product reviews in a better way and thereby reduce the risk of being misled by untruthful reviews.
  • Arguable App Boosting Strategies - Are They Working in a Small Social Community? (PDF)
  • (by Yuhong Liu, Penn State Altoona, PA, U.S.A., Yan (Lindsay) Sun, University of Rhode Island, RI, U.S.A.)
    With the big success of the mobile application (app) sales, diverse app sales boosting strategies have attracted wide attention. However, many of these strategies may raise security concerns since they attempt to allure users by providing dishonest information. In this paper, we survey current arguable app sale boosting strategies and discussed the effectiveness of these strategies. Based on an app installation data set collected from a university campus community, we quantitatively investigate the effectiveness of these arguable app boosting strategies and find out that for a closely connected social community, the manipulation of app ratings/reviews cannot significantly affect app downloads when other social factors are present.
  • Privacy Leakage and Security Vulnerability Survey of China Bank and Connected-car Mobile Apps

    (by Wei Yan, Jideng Han, Hualin Zhao, Kunlun Wang, and Zhengfang Tang, VisualThreat Inc., Santa Clara, CA, U.S.A.)
    Abstract: With the fast evolvement of mobile technology, the number of mobile devices grows exponentially. There are many new applications with new features, such as online banking and smart driving. However, those features raise private leakage concerns and require security awareness for users. In order to gauge the risks of mobile apps from more than 1 millions mobile apps from nearly one hundred categories, we have implemented an automatic mobile security deep-analytics platform. In this paper, we share our survey results of two categories: China banks and connected-car apps. The moderate to high privacy leakage issues have been found in more than 87% of 80 China mobile bank apps and 50% of 150 connected-car apps can be hacked to attack cars. Also quite a few top Chinabank apps failed to defend against the activity hijack.

How to cite this E-Letter edition?
Yuhong Liu (ed.), "Security and Privacy in Online Social Networks", IEEE Computer Society Special Technical Community on Social Networking E-Letter, vol. 2, no. 4, December 2014.