An IAC Approach for Detecting Profile Cloning in Online Social Networks



Similar documents
C H A P T E R 1 Writing Reports with SAS

Keywords Cloud Computing, Service level agreement, cloud provider, business level policies, performance objectives.

Architecture of the proposed standard

FACULTY SALARIES FALL NKU CUPA Data Compared To Published National Data

QUANTITATIVE METHODS CLASSES WEEK SEVEN

EFFECT OF GEOMETRICAL PARAMETERS ON HEAT TRANSFER PERFORMACE OF RECTANGULAR CIRCUMFERENTIAL FINS

union scholars program APPLICATION DEADLINE: FEBRUARY 28 YOU CAN CHANGE THE WORLD... AND EARN MONEY FOR COLLEGE AT THE SAME TIME!

Sci.Int.(Lahore),26(1), ,2014 ISSN ; CODEN: SINTE 8 131

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

Remember you can apply online. It s quick and easy. Go to Title. Forename(s) Surname. Sex. Male Date of birth D

A Project Management framework for Software Implementation Planning and Management

Use a high-level conceptual data model (ER Model). Identify objects of interest (entities) and relationships between these objects

Gold versus stock investment: An econometric analysis

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic

by John Donald, Lecturer, School of Accounting, Economics and Finance, Deakin University, Australia

Continuity Cloud Virtual Firewall Guide

Entity-Relationship Model

Free ACA SOLUTION (IRS 1094&1095 Reporting)

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769

Enforcing Fine-grained Authorization Policies for Java Mobile Agents

Adverse Selection and Moral Hazard in a Model With 2 States of the World

A Secure Web Services for Location Based Services in Wireless Networks*

Analyzing Failures of a Semi-Structured Supercomputer Log File Efficiently by Using PIG on Hadoop

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power

June Enprise Rent. Enprise Author: Document Version: Product: Product Version: SAP Version:

Important Information Call Through... 8 Internet Telephony... 6 two PBX systems Internet Calls... 3 Internet Telephony... 2

AP Calculus AB 2008 Scoring Guidelines

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 10 Regulation 11 Safety and Suitability of Premises

IBM Healthcare Home Care Monitoring

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore

The international Internet site of the geoviticulture MCC system Le site Internet international du système CCM géoviticole

Lecture 20: Emitter Follower and Differential Amplifiers

User-Perceived Quality of Service in Hybrid Broadcast and Telecommunication Networks

Rural and Remote Broadband Access: Issues and Solutions in Australia

Combinatorial Analysis of Network Security

A Graph-based Proactive Fault Identification Approach in Computer Networks

Data warehouse on Manpower Employment for Decision Support System

Question 3: How do you find the relative extrema of a function?

Parallel and Distributed Programming. Performance Metrics

Performance Evaluation

Category 7: Employee Commuting

(Analytic Formula for the European Normal Black Scholes Formula)

CPS 220 Theory of Computation REGULAR LANGUAGES. Regular expressions

Asset set Liability Management for

Incomplete 2-Port Vector Network Analyzer Calibration Methods

CPU. Rasterization. Per Vertex Operations & Primitive Assembly. Polynomial Evaluator. Frame Buffer. Per Fragment. Display List.

Review and Analysis of Cloud Computing Quality of Experience

Planning and Managing Copper Cable Maintenance through Cost- Benefit Modeling

Development of Financial Management Reporting in MPLS

STATEMENT OF INSOLVENCY PRACTICE 3.2

Abstract. Introduction. Statistical Approach for Analyzing Cell Phone Handoff Behavior. Volume 3, Issue 1, 2009

GOAL SETTING AND PERSONAL MISSION STATEMENT

Expert-Mediated Search

Presentation on Short-Term Certificates to the CAPSEE Conference. September 18, 2014

Traffic Flow Analysis (2)

Teaching Computer Networking with the Help of Personal Computer Networks

Voice Biometrics: How does it work? Konstantin Simonchik

A Theoretical Model of Public Response to the Homeland Security Advisory System

REPORT' Meeting Date: April 19,201 2 Audit Committee

Logo Design/Development 1-on-1

DENTAL CAD MADE IN GERMANY MODULAR ARCHITECTURE BACKWARD PLANNING CUTBACK FUNCTION BIOARTICULATOR INTUITIVE USAGE OPEN INTERFACE.

Personal Identity Verification (PIV) Enablement Solutions

Lecture 3: Diffusion: Fick s first law

Caution laser! Avoid direct eye contact with the laser beam!

A Loadable Task Execution Recorder for Hierarchical Scheduling in Linux

A Note on Approximating. the Normal Distribution Function

Scalable Transactions for Web Applications in the Cloud using Customized CloudTPS

Upper Bounding the Price of Anarchy in Atomic Splittable Selfish Routing

Foreign Exchange Markets and Exchange Rates

Category 1: Purchased Goods and Services

Cisco Data Virtualization

Meerkats: A Power-Aware, Self-Managing Wireless Camera Network for Wide Area Monitoring

SPECIAL VOWEL SOUNDS

Maintain Your F5 Solution with Fast, Reliable Support

Intermediate Macroeconomic Theory / Macroeconomic Analysis (ECON 3560/5040) Final Exam (Answers)

Fraud, Investments and Liability Regimes in Payment. Platforms

Cookie Policy- May 5, 2014

EVALUATING EFFICIENCY OF SERVICE SUPPLY CHAIN USING DEA (CASE STUDY: AIR AGENCY)

Hardware Modules of the RSA Algorithm

Sample Green Belt Certification Examination Questions with Answers

Keywords: Knowledge Management Foundations, Probst et al., Model, Knowledge Management, Albroz Electric Power Distribution Companies

Product Overview. Version 1-12/14

Global Sourcing: lessons from lean companies to improve supply chain performances

Real-Time Evaluation of Campaign Performance

TIME MANAGEMENT. 1 The Process for Effective Time Management 2 Barriers to Time Management 3 SMART Goals 4 The POWER Model e. Section 1.

Repulsive Force

Mathematics. Mathematics 3. hsn.uk.net. Higher HSN23000

Who uses our services? We have a growing customer base. with institutions all around the globe.

Category 11: Use of Sold Products

ITIL & Service Predictability/Modeling Plexent

YOU HAVE A MISSION WE HAVE TECHNOLOGY SAVING TIME TO BUILD YOUR CAMP S BOTTOM LINE

Fleet vehicles opportunities for carbon management

An Adaptive Clustering MAP Algorithm to Filter Speckle in Multilook SAR Images

Transcription:

An IAC Approach for Dtcting Profil Cloning in Onlin Social Ntworks MortzaYousfi Kharaji 1 and FatmhSalhi Rizi 2 1 Dptartmnt of Computr and Information Tchnology Enginring,Mazandaran of Scinc and Tchnology,Babol, Iran 2 Dpartmnt of Computr Enginring and Information Tchnology, Shikhbaha of Isfahan, Isfahan, Iran Abstract Nowadays, Onlin Social Ntworks (OSNs) ar popular wbsits on th intrnt, which millions of usrs rgistr on and shar thir own prsonal information with othrs. Privacy thrats and disclosing prsonal information ar th most important concrns of OSNs usrs. Rcntly, a nw attack which is namd Idntity Clond Attack is dtctd on OSNs. In this attack th attackr tris to mak a fak idntity of a ral usr in ordr to accss to privat information of th usrs frinds which thy do not publish on th public profils. In today OSNs, thr ar som vrification srvics, but thy ar not activ srvics and thy ar usful for usrs who ar familiar with onlin idntity issus. In this papr, Idntity clond attacks ar xplaind in mor dtails and a nw and prcis mthod to dtct profil cloning in onlin social ntworks is proposd. In this mthod, first, th social ntwork is shown in a form of graph, thn, according to similaritis among usrs, this graph is dividd into smallr communitis. Aftrwards, all of th similar profils to th ral profil ar gathrd (from th sam community), thn strngth of rlationship (among all slctd profils and th ral profil) is calculatd, and thos which hav th lss strngth of rlationship will b vrifid by mutual frind systm. In this study, in ordr to valuat th ffctivnss of proposd mthod, all stps ar applid on a datast of Facbook, and finally this work is compard with two prvious works by applying thm on th datast. Kywords Onlin social ntworks, Profil cloning, Privacy 1.Introduction Social ntwork wbsits ar dfind as wb srvics that allow usrs to mak public and smipublic profils in a boundd systm, to build a list of usrs with whom hav a kind of common rlationship, and to sarch in thir frinds lists [1]. On of th most important challngs of obsrving frinds information is thratning usrs scurity and privacy. An advrsary can caus many problms by xploiting usrs information. This data may contain usrs financial information which advrsary can us thm to do idntity thft attacks, or may contain usrs mdical background such as halthy status, diagnosis or tratmnt rcords [2]. Rcntly, a nw kind of attack which is namd Idntity Clon Attack is dtctd on OSNs that maks fak idntitis of spcific usrs. Th basic goals of th advrsary in this attack ar obtaining victim s frinds prsonal information by forging ral usr profil, and incrasing trust among mutual frinds to do mor dfrauding in th futur [3]. Two kinds of ths attacks ar alrady dfind: first on is Singl-Sit Profil Cloning, and th nxt on is Cross-Sit Profil Cloning. In th first attack, advrsary forgs th ral usr profil in th sam social ntwork and us this clond profil to snd frind rqust to usrs frinds. An unawar usr may think this DOI : 10.5121/ijnsa.2014.6107 75

rqust is from a familiar usr hnc sh/h will confirm it and his/hr prsonal information will b accssibl for advrsary. Th nxt attack is cross-sit profil cloning, as it shown in Figur1, th advrsary dtcts a usr with his/hr frinds in ntwork A, thn mak a clon profil with his/hr attributs in ntwork B which usr has not mad account yt. Th advrsary snds frind rqusts to th victim s frinds in ntwork B. Victim s frinds think thy know th sndr of rqusts and confirm thm, and as soon as thy confirm th rqust, th advrsary will thiv thir prsonal information. Th advrsary uss this information to mak othr clon profils or to dciv othrs in th futur. Dtcting this kind of attack is vry difficult for srvic providrs and profils ownrs, bcaus srvic providrs think it is a nw usr which is rgistring in ths wbsits [4]. Discovring clond profils with mor prcis mthods can bring mor scurity for usrs who ar using social ntworks, and also caus an incrasing movmnt for srvic providrs to improv thir scurity lvl in th srvics thy provid on thir platforms [5]. Figur 1. Singl-sit profil cloning and cross-sit profil cloning attacks [5] Th rst of th papr is organizd as follows: in sction 2,a short rviw on rlatd works ar xprssd and sction 3 prsnts th proposd mthod for dtcting clond profils in complt dtails. In sction 4, to valuat th applicability of proposd mthod, it is applid on a datast of Facbook and it is also compard with prvious works in sction 5. Finally, in sction 6, th papr is concludd and som fasibl futur works ar discussd. 2.Rlatd Works Many social ntworks hav a wak usr to usr authntication mchanism that ar mostly basd on prsntd information such as nam, photos, and a st of social links. This causs th misus of profil cloning attack to mak fak social links. Bhumiratana in [6] prsntd a modl to xploit of availabl wak trust in social ntworks. This modl savs th authority of an onlin fak idntity which mad by profil cloning attack to obtain mor prsonal information. This rsarch proposd an attack mthodology to us clond profils and to do rliabl intractions among slctd usrs. Proposd modl uss an array of attacking tchniqus to mak a prmannt and automatic clond idntity of ral usrs on social ntworks so that ar abl to gt prsonal data in a spcific priod of tim. This proposd systm works among diffrnt social ntworks. Jin t al. in [7] proposd an activ dtction framwork to dtct clond profils.an intllignt fak idntity not only forgs usrs' attributs, but may add victim's frinds into his frind ntwork too. According to similarity of attributs and usrs' frind list thr ar two ways for dfining similarity masur among ral idntity and fak idntitis. On of thm is basic profil similarity and th nxt on is multipl-fakd idntitis profil similarity. In this rsarch, according to th similarity of profils, a framwork for dtcting clond profils on social ntwork is proposd which contains of thr stps: first stp is to sarch and sparat idntitis as a st of profils, as 76

th ntry of sarch is a profil attributs. Scond stp is dtcting suspicious profils by using profil similarity schmas, and third stp is dlting clond profils from frind list. In dtcting procss adjusting a st of paramtrs can hlp to do a corrct dtction in diffrnt social ntworks. Kontaxis t al. in [8] offrd a tool which is abl to automatically sarch and dtct clond profils in OSNs. Th concpt ky of thir approach is using usr-spcific data which is xtractd from ral usr profil in social ntwork. In this approach, finally a list of profils which ar probably clond with similarity scors is prsntd to usr. A string matching algorithm is usd to dfin th similarity of attributs btwn two profils and assign similarity scor for ach candidat idntity. In this mthod dtcting clond profil contains thr stps as follows: information Distillr, profil huntr, and profil vrifir. Gani t al. in [9] discussd a pic of work which intnds to provid som insights rgarding th rsolution of th hard problm of multipl idntitis dtction. Basd on hypothsis that ach prson is uniqu and idntifiabl whthr in its writing styl or social bhavior, thy proposd a framwork rlying on machin larning modls and a dp analysis of social intractions, towards such dtction. Most of th currnt rsarch has focusd on protcting thprivacy of an xisting onlin profil in a givn OSN. Instad, Conti t al. in [10]notd that thr is a risk of not having a profil in th last fancysocial ntwork. Th risk is du to th fact that an advrsary maycrat a fak profil to imprsonat a ral prson on th OSN.Th fak profil could b xploitd to build onlin rlationshipwith th frinds of victim of idntity thft, with th final targt ofstaling prsonal information of th victim, via intracting onlinwith th frinds of th victim. 3. Th proposd approach Th dtction approach is organizd in 6 stps as follows: 3.1. Discovring community th social ntwork graph In many social ntworking sits, ntwork topological structur and attributs valus ar th complt information. Nods rprsnt usrs and dgs rprsnt th rlationship among thm. In ach nod, thr ar som attributs such as nam, gndr, ducation, intrsts, location and social activitis. It is obvious that ntwork topological structur and attribut information can b usd to idntify som hiddn pattrns in communitis. In this study, IAC clustring algorithm [11] is applid to dtct communitis in social ntwork graphs. Figur 2 shows a psudo cod of th algorithm whr it accpts an attribut augmntd graph and rturn a clustrd graph as output. Figur 2. IAC Clustring Algorithm [11] 77

An augmntd graph is a graph G = (V, E, ), whr V = {v 1, v 2, v 3,,v n } is th st of nods and n = V dnots th numbr of nods in th graph, E V V is th st of dgs,e = {(v i, v j ): v i, v j V}, and R v d is th nods attribut matrix. First of all, th algorithm crats th similarity matrix C, thn according to K (K = E) it adds th st of dgs to th graph and th lmnts which blong to ths dgs ar st to 1 in matrix S. As wll as matrix W is mad by summation of S and A. To this nd, a wightd graph is clustrd by MCL algorithm that is dmonstratd in Figur 3. MCL is a clustring algorithm [12] basd on stochastic flows on th graph and in ordr to xcut it, first, transition matrix should b mad from wightd graph obtaind through matrix W. This algorithm includs xpansion and inflationoprations on stochastic matrixs such that th xpansion is calculatd as M M and th inflation incrass th M s lmnts to amount of r (r > 1), thn normalizs ach column. Eq. 1 indicats how th inflation opration works, aftr normalizing th summation of ach column will b 1. Γ M MCL is startd from a standard flow matrix and th two oprations apply it altrnativly until th output matrix gts a stabl stat and it will not b changd whn th oprations ar applid again. Aftr,allof clustrs ar dtrmind in th rows of th stabl matrix. (1) 3.2.Extraction usr s attribut Figur 3. MCL clustring algorithm [12] In this stag, th usr s information is xtractd from his/hr lgitimat profil in onlin social ntwork. At th start, th usr s profil is analyzd thn it is spcifid that which parts of usr s profil can b rgard as usr-spcific. This information is usd to construct quris in sarch ngins of social ntworks. Th xtractd information is includs nam, gndr, location, ducation, mail and tc. social ntworks ownr and srvic providr hav complt accss to usrs data and can xploit usr-spcific from hr/his profil asily. 3.3.Sarch in community In stp1, th socialgraphwasclustrdconcrning to usrs attribut similaritis. In this stag for finding similar profils to ral usr s profil, th clustr which is blong to ral usr is markd thn all of similar profils ar sarchd by nam attribut. Th sarch rsult is th list of profils with similar or sam nam to ral profil. 78

3.4. Slcting profil In this stag, th profils which hav mutual frinds with victim (ral profil) ar pickd up among foundd profils in stp 3. Mutual frinds ar th frinds who xist in th victim s frind list and in th frind list of ach candidat profil in th sam tim. Sinc, in profil cloning attacks many frind rqusts ar snt to victim s frinds, it is obvious thy hav som common frinds with victim [4]. Hnc, only profils which hav mutual frinds with victim ar chosn for continuing nxt stps. 3.5. Computing strngth of rlationship In stp 5, all of nods dgs which was accdd in this stag, ar wightd considring to th numbr of common activ frinds, shard Urls and pag-liks among usrs. Formally, th social ntwork can b dfind as a wightd graph G = (V, E, W), whr V is th st of profils, E V V is th st of dgs, and W R is a st of wights ar assignd to dgs. For ach nod v V, a 3-dimntional fatur vctor is dfind as it is includd in th numbr of activ frinds, pag liks and common shard URLs. Thrfor, wight of ach dg ij = (v i,v j ) is calculatd as summation of common activs frinds, pag liks and common shard URLs btwn nods v i and v j. Furthr dtails prsntd how th wights can comput com in th following parts [13]. 3.5.1 Activ frinds: This masur taks th intraction frquncy of a usr with his/hr frinds in th ntwork. For a usr V i with F i as th st of frinds, th st of activ frinds F i a can b computd as an intraction btwn th st F i and th st of frinds of V i who wr ithr contactd by V i or thos who intractd with V i through wall posts, commnts or tags. It can b dfind using Eq. 2 in whr I i is th st of usrs with whom V i has intractions in th ntwork. For a nod V i th valu of th activ frinds fatur is takn as th cardinality of th st of its activ frinds F i a. Similarly, th st of common activ frinds in th ntwork with whom a pair of usrs v i and v j hav intractd is calculatd as th intrsction of thir activ frinds F i a and F j a, rspctivly, as givn in Eq. 3. For an dg ij = (v i,v j ), th valu of th activ frinds fatur is takn as th cardinality of th st of common activ frinds F ij a [13]. (2) 3.5.2 Pags-liks: (3) This fatur computs th pag liks frquncy of th usrs in social ntwork. For an dg ij = (v i, v j ), th common pag liks of v i and v j, P ij, is calculatd as th intraction of th sts of pag liks of v i and v j, as givn in Eq. 4, and th pag liks attribut valu is calculatd as th cardinality of th st P ij [13]. (4) 3.5.3 URLs: this fatur capturs th URL sharing pattrns of th social ntworks usrs. For an dg ij = (v i,v j ), th common URLs of v i and v j, U ij, is calculatd as th intrsction of th st of URLs shard by v i and v j. Th URLs attribut valu is calculatd as a fraction of URLs commonly shard by thm using Eq. 5 [13]. (5) 79

On th basis of th abov mntiond faturs, ach dg ij = (v i,v j ), is assignd a wight w( ij ) that is calculatd as an summation of th individual fatur valu as givn in Eq. 6. rprsnts th cardinality of th st [13]. (6) Aftrward, th wights ar assignd to ach dg in social ntwork graph and strngth of rlationship is calculatd btwn two nods as follows: 3.5.4 Dfinition 1 (Frindship Graph) [14] Givn a social ntwork G and a nod v G.N, th frindship graph of v, dnotd as FG (v), is a sub-graph of G whr: (1) FG(v).N = {v} {n G.N n v, G.E, = <v, n> }; (2) FG(v).E = { = <v, n> G.E n FG (v).n} { = <n, n > G.E n, n FG(v).N } 3.5.5 Dfinition 2 (Mutual Frinds Graph) [14] Givn a social ntwork G and two nods v, c G.N, th mutual frinds Graph of v and c, dnotd as MFG(v, c), is a sub-graph of G whr: (1) MFG(v, c).n = {v, c} {n G.N n v, n c,, G.E, = <v, n> = <n, c> }; (2) MFG(v, c).e = { = n, n G.E n, n MFG (v, c).n} For instanc, Frindship graph of nod 7 and mutual frinds graph of 7 and 12 ar shown in Figur 4. Figur 4. Frinds and mutual frinds graphs 3.5.6 Dfinition 3 (Strngth of rlationship btwn two nods) Givn a social ntwork G and two nods v, c G.N, Lt T = {MFG(v, c).e }, R = { FG(v).E }, P = {FG (c).e }. Strngth of rlationship btwn v and c is dfind in Eq.7 as follows:, (7) Strngth of rlationship (SR)masur is calculatd btwn ach suspiciousprofil which hasmutual frinds with victim. Inasmuch as an xprt advrsary attmpts to mak lss suspicious by making social rlationship and intractions with victim s frinds. Strngth of rlationship masur is usd to dtct clond idntitis bcaus th ral idntitis mak mor dp social activitis than thm as thy mostly know ach othr in ral lif. Thy might gt intimacy through rlationships in ral lif or voic and vido chat on th Intrnt for a whil [15]. Thrfor, ral 80

usrs contribut in social activitis lik commnting, snding mssag and tagging mor than faks and clarly thy hav highr SR comparing to clond profils. In th rst of this stag, nods ar sortd in a list by amount of SR as RS (v, c 1 ) < RS (v, c 2 )<RS (v, c 3 ) < <RS (v, c n ) and n is th numbr of profils which hav rachd in stp 5. Among ths profils, c 1 has th last SR and it will b snt to nxt stp for vrifying. If it dos not idntify as a clond idntity th nxt on in th list, c 2 will b gon to stag 6. This trnd will b continud until th last profil in th list. 3.6. Dcision making Hrtofor, som mthods wr prsntd to vrify th suspicious idntity in onlin social ntworks. In a primary approach, th ID numbr is askd from usrs for vrification procss. For xampl Idntity Badg wants usrs to ntr thir passport numbr [16]. Th social vrification approach is prsntd by Schchtr t al. [17] want usrs to dsign som qustions to vrify thir frinds and if a usr answrs most qustions corrctly h/sh will b markd as a valid usr. A proposd approach is vrifying suspicious idntitis by mutual frinds as it is wantd mutual frinds to dsign som qustion concrning to background knowldg that thy hav obtaind during thir rlationships. As wll as ths qustions can b dsign by som social nginring tachings. It is vidnt that a clond idntity cannot answr th qustion corrctly, spcially th qustions which ar dsignd considring to usrs background. Also similar idntitis (ar not fak) snd thir own answrs which ar undrstandabl for mutual frinds as thy com from ral idntitis. Evntually, fak idntitis ar idntifid and thy rmov or closd tmporary by srvic providr as wll as thir frinds rciv som notification for xistnc a fak idntity in thir frind list. Figur 5dmonstrats a viw of proposd vrification systm. Figur 5. Vrification systm by mutual frinds Th diagram of dtction approach is shown in Figur 6. Figur 6. IAC Dtction Approach 81

4.Exprimntal Rsults In ordr to valuat th proposd approach, an offic datast of Facbook usrs [18] is usd and it is updatd by adding usr s attributs, shard Urls and pag-liks. Vrification th proposd approach is not possibl for a normal social ntwork usr bcaus only srvic providrs havaccss to usrs original information and social ntwork graph.also som social ntworks hav rstrictions thus normal usrs cannot mak clon profil asily [4]. Thr ar 63,731 usrs in this datast and 1,634,115 links among thm thus ach usr has 25.6 rlationship links on avrag. To valuat th approach, it is assumd that thr ar som fak idntitis in this datast and it is ncssary to add thmto datast as victims. For dmonstrating th dtail of ffctivnss of proposd approach, 20 usrs ar slctd from th datast as thir social graph is shown in Figur7 and thir attributs ar xhibitd in Tabl 1. Tabl 1. 20 usrs attributs slctd from datast ID Nam Gnd r Education School Dgr Work Employ r Position Birthd ay Locatio n Rlatio nship 32 NikoP arda Fmal Harvard PhD East Man Managr 1979 USA Singl 35 Abraha m Fmal Arcadia Mastr s Owns Wb Dvlopr 1980 USA Singl 36 Abraha Fmal Carolina Mastr s Owns Wb Dvlopr 1980 USA Singl 174 David Ernox Mal Michigan Mastr s Qpass Java Dvlopr 1984 USA Singl 463 Abram Fmal Michigan Mastr s AppNt Wb Dvlopr 1985 USA Singl 1236 Tom Banho Mal Acadia Bachlor Xing Ntwork Managr 1979 USA Marrid 2411 Ros Milan Fmal Koln PhD Axvrt Managr 1972 USA Singl 33 Hanrry Dabuo Mal Dublin High school Diploma Sonic Scrtary 1970 UK Marrid 34 Rosa Morad a Fmal Franklin school High Diploma Sonic Bookkping 1974 UK Marrid 163 Charls Slvin Mal Pitrsburg Bachlor Sony Accountant 1979 UK Marrid 4013 SolDi ao Mal Chstr Mastr s Maxtor Databas Administrator 1983 Franc Singl 4014 Lor Parsan Fmal Pitrsburg Bachlor Sonic Databas Administrator 1982 Spain Singl 4023 Caroli n Wolf Fmal Franklin school High Diploma Sony Bookkping 1979 Grman y Marrid 1081 Alx Monat a Mal Lowa Mastr s Sony Elctrical Enginr 1986 UK Marrid 82

37 Silvia Jacson Fmal Carolina Bachlor MySpac Computr Data Clrk 1978 Australi a Marrid 1187 Shry Monat n Fmal Dublin High school Diploma MySpac Buyr 1968 Australi a Singl 1195 Mlina Diyana Fmal Pitrsburg PhD MySpac Call Cntr Assistant 1989 Australi a Singl 1234 LinaEg hos Fmal Gablino school High Diploma Amgn Buyr 1980 Canada Singl 1235 Mariya naplan ta Fmal lowa Bachlor Amgn Elctrical Enginr 1987 Canada Singl 1237 Tony Cazola Mal Carolina Bachlor Amgn Call Oprator cntr 1978 Canada Singl Figur 7.20 usrs social graph As mntiond bfor, an activ frind is a frind who posts on th wall, commnts and tags on hr/his frinds posts. This rlationship is shown in grn lins in Figur7. 4.1. Tsting th IAC approach on datast All of dtction stps (6 stps) ar applid to usrs of datast as wll as it is supposd that thy do not us any particular privacy stting. 4.1.1.Choosing a victim idntity Initially, a usr is slctd as a victim idntity from datast. As it is mntiond in sction 1, an attackr maks a fak idntity considring som accptabl information of a ral idntity which h/sh has alrady gathrd from onlin social ntworks or othr sits. Attackr uss this victim to rach his goal by conncting to victim s frinds [4].Usr 35 is chosn as a victim bcaus it has som prquisits as th numbr of links (dgs) and social activitis (grn dgs) in th ntwork. Thrfor a victim idntity 35 is cratd and its attribut valus ar displayd in Tabl 2 and Figur 8 dmonstrats its position in social graph in rd color. 83

Tabl 2. 20 usrs attributs slctd from datast with fak idntity ID Nam Gndr 32 NikoParda Fmal 35 35 Abraham Abraham Fmal Fmal 36 Abraha Fmal 174 David Ernox Mal 463 Abram Fmal 1236 Tom Banho Mal Education Work School Dgr Employr Position Harvard Arcadia Arcadia Carolina Michigan Michigan Acadia Birthday Locati on Rlations hip PhD East Man Managr 1979 USA Singl Mastr s Owns Wb Dvlopr 1980 USA Singl Bachlor Owns Wb Dvlopr 1980 USA Singl Mastr s Owns Wb Dvlopr 1980 USA Singl Mastr s Qpass Java Dvlopr 1984 USA Singl Mastr s AppNt Wb Dvlopr 1985 USA Singl Bachlor Xing Ntwork Managr 1979 USA Marrid 2411 Ros Milan Fmal Koln PhD Axvrt Managr 1972 USA Singl 33 34 HanrryDabu o Rosa Morada Mal Fmal 163 CharlsSlvin Mal 4013 SolDiao Mal 4014 Lor Parsan Fmal 4023 Carolin Wolf Fmal 1081 Alx Monata Mal 37 Silvia Jacson Fmal 1187 1195 ShryMonat n Mlina Diyana Fmal Fmal 1234 LinaEghos Fmal 1235 1237 MariyanaPla nta Tony Cazola Dublin school Franklin school Pitrsburg Chstr Pitrsburg Franklin school Lowa Carolina Dublin school Pitrsburg High High High High Gablino High school Diploma Sonic Scrtary 1970 UK Marrid Diploma Sonic Bookkping 1974 UK Marrid Bachlor Sony Accountant 1979 UK Marrid Mastr s Bachlor Maxtor Sonic Databas Administrator Databas Administrator Diploma Sony Bookkping 1979 Mastr s Bachlor Sony MySpac Elctrical Enginr Computr Clrk Data 1983 Franc Singl 1982 Spain Singl Grma ny Marrid 1986 UK Marrid 1978 Diploma MySpac Buyr 1968 PhD MySpac Fmal lowa Bachlor Amgn Mal Carolina Call Cntr Assistant 1989 Diploma Amgn Buyr 1980 Bachlor Amgn Elctrical Enginr Call Oprator cntr 1987 1978 Austral ia Austral ia Austral ia Canad a Canad a Canad a Marrid Singl Singl Singl Singl Singl 84

4.1.2. Initializing Figur 8. 20 usrs social graph with a fak idntity As mntiond in sction 3-1, it is ncssary to initializ bfor prforming th xprimnts on thdatast. Attribut augmntd dgs ar chosn among th top K similar pairs of matrix C whr K = E. Th highr mount is gottn, th mor dgs ar addd to ach community thus mor accurat clustrs ar formd on th social graph. At th bginning, is st by 0.68 (K = 34) thn it will b st by othr valus in sction 4-2. 4.1.3.Discovring communitis in social graph Aftr prforming IAC algorithm on datast, th attribut augmntd graph and clustrd graph with thr communitis C 1, C 2 and C 3 ar gaind so that isshown in Figur 9 and Figur 10 rspctivly. Figur 9. Attribut augmntd graph 85

4.1.4. Extracting victim s attributs Figur 10.Clustrd graph by IAC algorithm Th information of victim (who wants to dtct his clons) is xtractd in this stp and it shown in Tabl 3. Tabl 3. Ral usr s attributs ID Nam Gndr 35 Abraham Fmal Education Work Birthda School Dgr Employr Position y Arcadia Mastr s Owns Wb Dvlopr Location Rlationshi p 1980 USA Singl 4.1.5.Sarching in Community Sinc nod 35 is blong to C 1, only in this community is sarch for finding similar profils to 35. Th sarchrsult is shown in Tabl 4. Tabl 4.Similar usrs to 35 ID Nam Gndr 35 36 463 Abraha m Abraha Abram Fmal Fmal Fmal Education Work Birthd School Dgr Employr Position ay Arcadia Carolina Michigan Bachlor Mastr s Mastr s Owns Owns AppNt Wb Dvlopr Wb Dvlopr Wb Dvlopr Location 1980 USA Singl 1980 USA Singl Rlationship 1985 USA Singl 86

4.1.6. Slcting apt idntitis According to profil cloning attacks, an attackr aims victim s frinds and snds thm frind rqusts hnc a clond profil will hav som victim s frinds in its frind list [29]. Nod 463 is not a clon idntity bcaus it is connctd to nod 35 dirctly and only 36 and 35 ar passd to nxt stp. 4.1.7. Computing strngth of rlationship In this stp, SR is calculatd for nod 35 and nod 36 in rgard to Eq. 2,3,4,5,6,7 thn thy will b ordrd by valus: SR (35, 35 ) = 14.497 SR (35, 36) = 36.85 As it is shown amount of SR (35, 35 ) is lss than othr and first it will b snt to nxt stag for vrification. 4.1.7. Vrification In this part, nods 2411, 32, 1236, 174 (mutual frinds btwn 35 and 35 ) ar askd to dsign som tchnical qustions concrning th rlationship background. Nod 35 cannot answr th qustions du to lack of knowldg about usrs prvious activitis and it is markd as clon nods. 4.2.Th rol of to constructing communitis In this sction, th is st by som othr valus as rprsnt in Tabl 4. For xampl whn =1, th numbr of augmntd dgs will b E. Th clustrd graphs with changing arshown in Figur11. If is incrasd and th form of clustring dos not chang, it mans that th dfault valu for was corrct and most similar usrs ar in ach community. Tabl 5. Diffrnt valus of K 0.68 34 0.78 39 0.88 44 1 50 87

Figur 11. Th diffrnt graphs with diffrnt For indicating th rol of to construct communitis with similar mmbrs, a similarity rat in clustr paramtr is dfind as follows: similarity rat in clustr 1 0.8 0.6 0.4 0.2 0 0.68 0.78 0.88 1 C1 C2 C3 Figur 12. Similarity rat in community Th similar rat in clustrsfor C 1, C 2 and C 3 in Figur 10, is indicatd in diagram of Figur 12. According to diagram, through incrasing th valu of th most accurat clustrs ar obtaind in th light of similar mmbrs. 88

5. Evaluation In ordr to dmonstrat th accuracy of IAC approach,first two paramtrs ar dfind as follows: Tru positiv (TP): Numbr of clon nods that ar idntifid as fak nods Fals Positiv (FP): Numbr of ral nods that ar idntifid as fak nods Nxt, som othr clon nods ar addd to datast and IAC approach is applid on. As shown in Figur 13, for all numbrs of fak nods, th mount of TP is highr than FP. 3.5 3 2.5 2 1.5 1 0.5 0 1 2 3 4 Numbr of clon nods TP FP Figur 13. TP and FP for clon nod dtction With th intnsion of comparing IAC approach to prvious approachs,all of thr prvious approachs ar applid on th datast. As diagram in Figur 14shows, in prvious approachs th mount of thir TP is lss than th TP of IAC approach and also th mount of thir FP is mor than th FP of IAC approach. Hnc our approach can dtct fak nods mor accurat than othrs. 3500 3000 2500 2000 1500 1000 500 0 Jin Kontaxis IAC TP FP 6.CONCLUSIONS Figur 14.Comparing thr xiting approachs Nwly, social ntworks bcam a significant part of popl normal lif and th most intrnt usrs spnd thir tims on. Alongsid many usful applications thy hav som othr aspcts which ar growing by hackrs, hustlrs and onlin thif. In this papr, an approach was suggstdfor 89

dtcting clond profils dpnding on usrs similaritis and thir rlationship in 6 stps. It should b notd that, although dtcting fak idntitis can stop gratr xtnt of dcption in futur, prvntion is bttr than cur bcaus it is nough for an attackr to obsrvr usrs dtail onc. Thrfor, taching usrs is a worthy attmpt to prvnt cloning attacksso that thy must not accpt frind rqusts whn thy do not know th sndr. With a viw to xtnd th proposd approach, it can b dvlopd as a Facbook application which ach usr can run it on his/hr profil and also som fuzzy mthods can b usd to ovrcom wrongly typdinformation in usrs profils. REFERENCES [1] D. Boyd and N. Ellison, Social ntwork sits: Dfinition, history, and scholarship, IEEE Enginring Managmnt Rviw Journal, vol. 38, no. 3, pp. 16-31, 2010. [2] G. J Ahn, M. Shhab and A. Squicciarini, Scurity and Privacy in Social Ntworks, IEEE Intrnt Computing Journal, vol. 15, no. 3, pp. 10-12, 2011. [3] H. Gao, Jun Hu, T. Huang, J. Wang and Y. Chn, Scurity issus in onlin social ntworks, IEEE Intnt Computing Journal, vol. 15, no. 4, pp. 56-62, 2011. [4] L. Bilg, T. Struf, D. Balzarotti and E. Kirda, All Your Contacts Ar Blong to Us: Automatd Idntity Thft Attacks on Social Ntworks, In Procding of 18th Intrnational Confrnc World Wid Wb, pp. 551-560, 2009. [5] All SysSc Partnrs, "A Europan Ntwork of Excllnc in Managing Thrats and Vulnrabilitis in th Futur Intrnt", Dlivrabl D7.1: Rviw of th Stat-of-th-Art in Cybr Attacks, 2011. [6] BhumBhumiratana, A Modl for Automating Prsistnt Idntity Clon in Onlin Social Ntwork, In Procdings of th IEEE 10th Intrnational Confrnc on Trust, Scurity and Privacy in Computing and Communications, pp. 681-686, 2011. [7] L. Jin, H. Takabi and J. Joshi, Towards Activ Dtction of Idntity Clon Attacks ononlin Social Ntworks, In Procdings of th first ACM Confrnc on Data and application scurity and privacy, pp. 27-38, 2011. [8] G. Kontaxis, I. Polakis, S. Ioannidis and E. Markatos, Dtcting Social Ntwork Profil Cloning, In Procdings of IEEE Intrnational Confrnc on Prvasiv Computing and Communications, pp. 295-300, 2011. [9] K. Gani, H. Hacidand R. Skraba, Towards Multipl Idntity Dtction in Social Ntworks, In Procdings of th 21st ACM intrnational confrnc companion on World Wid Wb, pp. 503-504, 2012. [10] M. Conti, R. Poovndran and M. Scchiro, Fakbook: Dtcting Fak Profils in Onlin Social Ntworks, In Procdings of IEEE/ACM Intrnational Confrnc on Adavncss in Social Ntworks Analysis and Mining, pp. 1071-1078, 2012. [11] S. Salm, Sh. Banitaan, I. Aljarah, J. E. Brwr and R. Alroobi, Discovring Communitis in Social Ntworks Using Topology and Attributs, In Procdings of th 2011 10th Intrnational Confrnc on Machin Larning and Applications, pp. 40-43, 2011 [12]S. V. Dongn, Graph Clustring by Flow Simulation, PhD Thsis, of Utrcht, 2000. [13] F. Ahmd and M. Abulaish, An MCL-Basd Approach for Spam Profil Dtction in Onlin Social Ntworks, In Procdings of th 2012 IEEE 11th Intrnational Confrnc on Trust, Scurity and Privacy in Computing and Communications, pp. 602-608, 2012. [14] C. G. Akcora, B. Carminati ande.frrari, Usr similaritis on social ntworks, Social Ntworks analysis and Mining Journal, pp. 1-21, 2013 [15] Q. Cao, M. Sirivianos, X. Yang and T. Prguiro, Aiding th Dtction of Fak Accounts in Larg Scal Social Onlin Svics, In Procdings of th 9th USENIX confrnc on Ntworkd Systms Dsign and Implmntation, pp. 15-29, 2012. [16] Idntity Badg [Onlin]. http://apps.facbook.com/idntity_badg [17] S. Schchtr, S. Eglman, and R.W. Rdr, It's not what you know, but who you know: a social approach to lastrsort authntication, In Procdings of th 27th Intrnational Confrnc on Human Factors in computing systms,pp. 1983-1992, 2009. [18] B.Viswanath, A. Mislov, M. Cha and K. P. Gummaldi, On th Evolution of Usr Intraction in Facbook, Procdings of th 2nd ACM workshop on onlin social ntworks, pp. 37-42, 2009. 90