T. Krishna Chaitanya, H. Ponnapalli, D. Herts, J. Pablo
{"title":"社交网站上现代垃圾邮件技术的分析与检测","authors":"T. Krishna Chaitanya, H. Ponnapalli, D. Herts, J. Pablo","doi":"10.1109/ICSEM.2012.28","DOIUrl":null,"url":null,"abstract":"The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.","PeriodicalId":382519,"journal":{"name":"2012 Third International Conference on Services in Emerging Markets","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Analysis and Detection of Modern Spam Techniques on Social Networking Sites\",\"authors\":\"T. Krishna Chaitanya, H. Ponnapalli, D. Herts, J. Pablo\",\"doi\":\"10.1109/ICSEM.2012.28\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.\",\"PeriodicalId\":382519,\"journal\":{\"name\":\"2012 Third International Conference on Services in Emerging Markets\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Third International Conference on Services in Emerging Markets\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSEM.2012.28\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Third International Conference on Services in Emerging Markets","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSEM.2012.28","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analysis and Detection of Modern Spam Techniques on Social Networking Sites
The modern Web has become a collaboration and communications platform with the advent of social networks. Apart from attracting millions of users, the popularity of social networking communities has also attracted spammers who can abuse and misuse the rich information in these sites using sophisticated attack techniques. In this paper we have described four popular modern techniques used by attackers to spam social networking sites: clickjacking [1], malicious browser extensions via drive-by-downloads [2], URL shorteners [3] and socially engineered script injection [4]. We have analyzed click-jacking and malicious browser extensions in detail, evaluating existing solutions to detect/prevent them. We observed that the existing solutions for clickjacking fail in some common use case scenarios. Therefore, we proposed enhancements that help detecting clickjacking attacks in those failed scenarios. We also proposed a declarative security policy to prevent malicious browser extension attacks. We implemented chrome extensions to validate both of our proposals in a test bed social network, which we have setup using an open source social networking engine. We believe our proposals are helpful to strengthen the security of social networks in general and the Web platform as a whole.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
