Monday, February 26, 2018

Inference Attack on Browsing History of Twitter Users Using Public Click Analytics and Twitter Metadata


Twitter today is one among the popular Social Networking platforms available worldwide.  Much of its popularity is due to the presence and activeness of many known personalities from sports, business and media. It can be used by anyone to send messages. Its users friendly since it can help shorten a long URL shared in messages.

Public Click Analysis

Another good feature is the public click analysis of the shortened URLs.  In order to preserve the privacy of individual users a public key analysis is used in an aggregated form.

Further we will be going to discuss about the practical attack techniques concluding who clicked on the URLs on Twitter available in shortened form. Twitter is actually using the public click analysis and Twitter metadata. So it is completely different from the conventional stealing attacks happened on browser history. The attacks ruin the Twitter user’s privacy up to a great extent.

Current Scenario

  • It has been found via certain research results that attack methods includes stealing browsing history of a user. It can be done using side-channels or user interactions.
  • Linda mood etal. and He et al. proposes a network in order to predict undisclosed personal attributes known as Bayesian network.
  • Getoor and Zheleva have showed the process about how an attacker can feat a mixture of public and private data in order to assume target user’s private attributes.
  • Weinberg et al. exploit CAPTCHA in order to deceive the users or to distract them. A webcam can also be used in order to detect the light from the screen’s reflection on the users face. Further those can be used to identify the colors of unvisited and visited links.
  • Calandrino et al. has algorithms inferring user’s transactions in systems like Hunch and Amazon.
  • Mnislove et al. uncover the attribute of any user using a mix of user’s connections, friends connected directly or indirectly.

So the previous techniques have shown an attack can be performed by inferring private attributes, privacy leaks in social networks and de-anonymizing users. An attacker focusses on inferring the user’s hidden information from different related data sets.

Proposed System

We are proposing new attack methods in order to known whether a user clicked on any specific shortened URL on Twitter. We truly focus on Twitter metadata and click analysis from URL shortening services, mostly public available information. We consider 2 different attract methods, an attack in order to uncover details regarding who clicked on the URLs of a Twitter user and an attack on target user’s clicked URLs.

In order to accomplish the first attack we need to know the total number of users who frequently share shortened URLs on their Twitter profile with others. Further then investigating the click analysis of those URLs wherever they are distributed. Also using the metadata of the followers of the same.

Now for the second attack, we need monitoring accounts those are monitoring messages from the followers of the target Twitter user. It can helps in collecting the shortened URLs those were clicked on by the target users.

In order to reduce attack overhead we can use an advanced attack method at the same time increasing the accuracy of inference based on the user’s time model further representing the actual Twitter usage of target users.

System Requirements

Minimum Hardware:

Ø  System                                   :               Pentium Dual Core.
Ø  Monitor                                 :               15’’ LED
Ø  Ram                                       :               1GB.
Ø  Hard Disk                              :               120 GB.
Ø  Input Devices                       :               Keyboard, Mouse.

Minimum Software:

Ø  Coding Language           :               JAVA/J2EE
Ø  Operating system           :               Windows 7.
Ø  Database                         :               MYSQL.
Ø  Tool                                :                Eclipse.




System Architecture




Conclusion

We use newer attack techniques in order to determine whether a user clicks on a specific shortened URL on Twitter. We only use public information from Twitter and URL shortening services. Our approach doesn’t need any complicated assumptions or techniques like phishing, DNS monitoring, Malware Injection, script Injection or so. Our study infers URL visiting history on Twitter.


It has been determined whether a user clicks on shortened URL and actually visited it by using the public available information. We used time models of the targeted users hence the attack overhead has been decreased leading to high accuracy. Final results showed that our attacks can successfully infer the click information with low overhead and higher accuracy.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Hybrid scheme of public-key encryption

Hybrid scheme of public-key encryption We introduce a hybrid homomorphic encryption that combines public-key encryption (PKE) and som...