Abstract
In the social media era, the ever-increasing utility of Online Social Networks (OSN) services provide a variety of benefits to users, organizations, and service providers. However, OSN services also introduce new threats and privacy issues regarding the data they are dealing with. For instance, in a reliable OSN service, a user should be able to set up his desired level of information sharing and securely manage sensitive data. Currently, few approaches exist that can model OSNs for the purpose, let alone a model the effects that attackers can have on these networks. In this work a novel OSN modeling approach is presented to fill the gap. This model is based on an innovative game-theoretic approach and it is analyzed both from a theoretical and simulation-oriented view. The game-theoretic model is implemented to analyze several attack scenarios. Honeytokens, which are an information security tool based upon deception, are defined and identified as a security tool that could help in OSN security. As the results show, there are several scenarios where OSN services are very vulnerable and hence more protection mechanisms should be provided to secure the data contained across these networks, including the use of honeytokens. In this work we introduce a novel OSN modeling approach for optimal data sharing based on innovative game theories, considering the states/optimal policies of data sharing on OSNs and possible confrontations between the attacker and the user. After we develop the theoretical framework, we conduct experiments, integrating our ideas with honeytokens in several attack scenarios. Finally, we analyze our experimental results and discuss recommendations based on the results.
Similar content being viewed by others
References
Ahn G-J, Shehab M, Squicciarini A (2011) Security and privacy in social networks. Internet Comput IEEE 15(3):10–12
Cascella R, Battiti R (2007) Social Networking and Game Theory to foster Cooperation. In: 2nd ENISA Workshop on Authentication Interoperability Languages, Paris, France, June 12–13
Chinchani R, Iyer A, Ngo S, Upadhayaya S (2005) Towards a theory of insider threat assessment. In: DSN 2005 Proceedings of the 2005 International Conference of the Dependable Systems and Networks, Yokohama, Japan, June 28–July 1
Dhillon G (2001) Violation of safeguards by trusted personnel and understanding related information security concerns. Comput Secur 20:165–172
Gao H, Hu J, Huang T, Wang J, Chen Y (2011) Security issues in online social networks. Internet Comput IEEE 15(4):56–63
Grails (2012) Facebook Connect authentication support for the Spring Security plugin. Retrieved from http://grails.org/plugin/spring-security-facebook. Accessed 25 July 2014
Griffin C, Squicciarini A (2012) Toward a Game Theoretic Model of Information Release in Social Media with Experimental Results. In: Security and Privacy Workshops (SPW), 2012 IEEE Symposium on, pp 113–116, 24–25 May
Huber M, Mulazzani M, Weippl E, Kitzler G, Goluch S (2011) Friend-in-the-middle attacks: exploiting social networking sites for spam. Internet Comput IEEE 15(3):28–34
Irani D, Webb S, Pu C, Li K (2011) Modeling unintended personal-information leakage from multiple online social networks. Internet Comput IEEE 15(3):13–19
Kamhoua CA, Kwiat KA, Park JS (2012) A Game Theoretic Approach for Modeling Optimal Data Sharing on Online Social Networks. In: Proccedings of 9th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE), September 26–28
Kisilevich S, Mansmann F (2010) Analysis of privacy in online social networks of runet. In: Proceedings of the 3rd international conference on Security of information and networks (SIN‘10). ACM, New York, USA, pp. 46–55S
Li N, Zhang N, Das SK (2011) Preserving relation privacy in online social network data. Internet Comput IEEE 15(3):35–42. doi:10.1109/MIC.2011.26
Luo W, Liu J, Liu J, Fan C (2009) An Analysis of Security in Social Networks. In: Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC‘09). IEEE Computer Society, Washington, DC, USA, pp 648–651
McRae C, Vaughn R (2007) Phighting the Phisher: Using Web Bugs and Honeytokens to Investigate the Source of Phishing Attacks. In: Proceedings of 40th Annual Hawaii International Conference on System Sciences (HICSS’07), pp 270c
Mokube I, Adams M (2007) Honeypots: concepts, approaches, and challenges. In: ACM-SE 45: Proceedings of the 45th annual southeast regional conference, New York, NY, USA, pp 321–326
Netter M, Herbst S, Pernul G (2011) Analyzing Privacy in Social Networks—An Interdisciplinary Approach. In: Proceedings of Privacy, security, risk and trust (passat), IEEE 3rd International Conference on Social Computing, pp 1327–1334, 9–11 Oct
Park JS, Devarajan G (2007) Fine-grained and scalable message protection in sensitive organizations. J Softw 2(6):64–75
Park JS, Robinson J (2010) Security Mechanisms for Trusted Cloud computing. In: Proceedings of the International Conference on Cloud Computing and Virtualization (CCV), Singapore, May 17–18
Park JS, An G, Liu I (2010) Active access control with fine-granularity and scalability. Secur Commun Netw 4(10):1114–1129
Park JS, Kim S, Kamhoua C, Kwiat K (2012a) Towards Trusted Data Management in Online Social Network (OSN) Services. In Proceedings of the IEEE World Congress on Internet Security (WorldCIS), pp 202-203, June 10–12
Park JS, Kim S, Kamhoua CA, Kwiat KA (2012b) Optimal State Management of Data Sharing in Online Social Network (OSN) Services. In: Proceedings of IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp 648–655, June 25–27
Park J, Kwiat K, Kamhoua C, White J, Kim S (2014) Trusted online social network (OSN) services with optimal data management. J Comput Secur 42:116–136
Spitzner L (2005) Honeytokens: The Other Honeypots. http://www.securityfocus.com/infocus/1713. Accessed 18 Nov 2005
Thompson N (2003) New economy, the ‘Honeytoken’ an innocuous tag in a file can signal an intrusion in a company’s database. NY Times. http://www.nytimes.com/2003/04/28/business/new-economy-honeytoken-innocuous-tag-file-can-signal-intrusion-company-s.html
White J (2009) Radio Frequency Identification (RFID) Honeytokens as a Mitigation Tool against Illicit Inventorying. In: Proceedings of the International Conference on Information Security and Privacy (ISP-2009), Orlando, Florida, July 13–16, pp 67–73
White J, Banerjee N (2011) Mirage: Mitigating illicit inventorying in a RFID enabled retail environment. In: Proceedings of Communication Systems and Networks (COMSNETS), Third International Conference, pp 1–9
White J, Panda B (2009) Implementing PII Honeytokens to Mitigate Against the Threat of Malicious Insiders. In: Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI-2009), Dallas, Texas, June 8–11, pp 233
White J, Park J, Kamhoua C, Kwiat K (2013) Game Theoretic Attack Analysis in Online Social Network (OSN) Services. In: Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (FOSINT-SI 2013), Niagara Falls, Ontario, Canada, August 25–28, pp 1012–1019
Yuill J, Zappe M, Denning D, Feer F (2004) Honeyfiles: Deceptive Files for Intrusion Detection.In: Proceedings of the 2004 IEEE Workshop on Information Assurance, IEEE publishers, West Point, NY, pp 116–122
Zhang C, Sun J, Zhu X, Fang Y (2010) Privacy and security for online social networks: challenges and opportunities. Netw IEEE 24(4):13–18
Acknowledgments
This research was performed while Dr. Joon Park held a National Research Council (NRC) Research Associateship Award at the Air Force Research Laboratory (AFRL). This research was supported by the Air Force Office of Scientific Research (AFOSR).
Author information
Authors and Affiliations
Corresponding author
Additional information
Approved for Public Release; Distribution Unlimited: 88ABW-2014-2294, Dated 14 May 2014.
Rights and permissions
About this article
Cite this article
White, J., Park, J.S., Kamhoua, C.A. et al. Social network attack simulation with honeytokens. Soc. Netw. Anal. Min. 4, 221 (2014). https://doi.org/10.1007/s13278-014-0221-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13278-014-0221-5