With the increased use of Internet, Online Social Networks (OSN) has become a part of life for millions of people today. Every day, users of such networks including Facebook, Twitter, etc. execute millions of activities, such as sharing information, posting comments, uploading photos, and updating statuses. The demand on a large amount of information and application that users upload, install, and execute on the social networks makes the social networks an attractive target for attackers. In this study, a new model has been built based on Back Propagation Neural Network (BPNN) so as to identify the vulnerability level of the user with the practical attack techniques inferring who clicks which shortened URLs on Twitter using the combination of public information: Twitter metadata and public click analytics. Unlike the conventional browser history stealing attacks, our attacks only demand publicly available information provided by Twitter and URL shortening services. Evaluation results show that our attack can compromise Twitter users’ privacy with high accuracy.
Profiling module obtains the information of the target user from the target user’s profile and timeline when someone posts a tweet using the Twitter client application for the iPhone; the information “Twitter for iPhone” is recorded in the source field of the tweet, which enables us to use this information to infer the browser and platform that were used.
The monitor module in the simulated server periodically monitors the click analytics of the shortened URLs posted by some Twitter users. The monitor module extracts real visitor information from the click analytics according to its changes and records it in the simulated click analytics. We create a Twitter user (monitoring user) who follows all the followings of the target user in order to access all tweets that the target user may view.
The matching module compares the information about the new visitor with the information about the target user when the monitoring module notices the changes in the click analytics. If the matching module infers that the new visitor is the target user, it includes the corresponding shortened URL in a candidate URL set.
Previous studies have considered attack techniques that cause privacy leaks in social networks, such as inferring private attributes and de-anonymizing users. Most of them combine public information from several di_erent data sets to infer hidden information. Some proposed the techniques to identifies the attack methods to steal browsing history using user interactions and side-channels some proposed the attributes of a target user by using a combination of attributes of the user’s friends and other users who are loosely (not directly) connected to the target use some proposed algorithms inferring customer’s transactions in the recommender systems, such as Amazon and Hunch.
In this study, a new model has been built based on Back Propagation Neural Network (BPNN) so as to identify the vulnerability level of the user with the practical attack techniques inferring who clicks which shortened URLs on Twitter using the combination of public information: Twitter metadata and public click analytics. Unlike the conventional browser history stealing attacks, our attacks only demand publicly available information provided by Twitter and URL shortening services. Evaluation results show that our attack can compromise Twitter users’ privacy with high accuracy.
We propose novel attack techniques to determine whether a specific user clicks on certain shortened URLs on Twitter. To the best of our knowledge, this is the first study that infers URL visiting history on Twitter. We only use public information provided by URL shortening services and Twitter (i.e., click analytics and Twitter metadata). We determine whether a target user visits a shortened URL by correlating the publiclyavailable information.
Our approach does not need complicated techniques or assumptions such as script injection, phishing, malware intrusion, or DNS monitoring. All we need is publicly available information. We further decrease attack overhead while increasing accuracy by considering target users’ time models. It can increase the practicality of our attacks so that we demand immediate countermeasures.
We proposed inference attacks to infer which shortened URLs clicked on by a target user. All the information needed in our attacks is public information: the click analytics of URL shortening services and Twitter metadata. To evaluate our attacks, we crawled and monitored the click analytics of URL shortening services and Twitter data with a new model has been built based on Back Propagation Neural Network (BPNN).
So as to identify the vulnerability level of the user with the practical attack techniques inferring who clicks which shortened URLs on Twitter using the combination of public information In future we propose a new vulnerability identification method for the OSN user to create awareness on their security and privacy status. It finds out the relation between OSN user behaviours and attacker scenarios.