The Security of Organizations and Individuals in Online Social Networks

📝 Abstract

The serious privacy and security problems related to online social networks (OSNs) are what fueled two complementary studies as part of this thesis. In the first study, we developed a general algorithm for the mining of data of targeted organizations by using Facebook (currently the most popular OSN) and socialbots. By friending employees in a targeted organization, our active socialbots were able to find new employees and informal organizational links that we could not find by crawling with passive socialbots. We evaluated our method on the Facebook OSN and were able to reconstruct the social networks of employees in three distinct, actual organizations. Furthermore, in the crawling process with our active socialbots we discovered up to 13.55% more employees and 22.27% more informal organizational links in contrast to the crawling process that was performed by passive socialbots with no company associations as friends. In our second study, we developed a general algorithm for reaching specific OSN users who declared themselves to be employees of targeted organizations, using the topologies of organizational social networks and utilizing socialbots. We evaluated the proposed method on targeted users from three actual organizations on Facebook, and two actual organizations on the Xing OSN (another popular OSN platform). Eventually, our socialbots were able to reach specific users with a success rate of up to 70% on Facebook, and up to 60% on Xing.

💡 Analysis

The serious privacy and security problems related to online social networks (OSNs) are what fueled two complementary studies as part of this thesis. In the first study, we developed a general algorithm for the mining of data of targeted organizations by using Facebook (currently the most popular OSN) and socialbots. By friending employees in a targeted organization, our active socialbots were able to find new employees and informal organizational links that we could not find by crawling with passive socialbots. We evaluated our method on the Facebook OSN and were able to reconstruct the social networks of employees in three distinct, actual organizations. Furthermore, in the crawling process with our active socialbots we discovered up to 13.55% more employees and 22.27% more informal organizational links in contrast to the crawling process that was performed by passive socialbots with no company associations as friends. In our second study, we developed a general algorithm for reaching specific OSN users who declared themselves to be employees of targeted organizations, using the topologies of organizational social networks and utilizing socialbots. We evaluated the proposed method on targeted users from three actual organizations on Facebook, and two actual organizations on the Xing OSN (another popular OSN platform). Eventually, our socialbots were able to reach specific users with a success rate of up to 70% on Facebook, and up to 60% on Xing.

📄 Content

M.Sc. Thesis

Aviad Elyashar 1

Ben-Gurion University of the Negev Faculty of Engineering Science

Department of Information Systems Engineering

The Security of Organizations and Individuals in Online Social Networks

THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE M.Sc. DEGREE

Submitted by Aviad Elyashar Department of Information Systems Engineering Ben-Gurion University of the Negev Tel: +972-52-6056439 E-mail: aviad.elishar@gmail.com

September 21, 2015

M.Sc. Thesis

Aviad Elyashar 2

M.Sc. Thesis

Aviad Elyashar 3

Ben-Gurion University of the Negev Faculty of Engineering Science Department of Information Systems Engineering

The Security of Organizations and Individuals in Online Social Networks

THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
FOR THE M.Sc. DEGREE

By: Aviad Elyashar (aviad.elishar@gmail.com)

Supervised by: Prof. Yuval Elovici (elovici@post.bgu.ac.il) Dr. Michael Fire (fire@cs.washington.edu)

September 21, 2015

M.Sc. Thesis

Aviad Elyashar 4

Abstract Online social networks (OSNs) have gained great popularity in recent years, having become an integral part of our daily lives and an indispensable dimension of the Internet. Users worldwide spend a significant amount of their time on OSNs, which have enabled them to create new connections with others based on shared interests, activities, and ideas, as well as maintain connections from the past. Along with the positive aspects of OSNs, users are faced with some uniquely troublesome issues; chief among these issues are privacy and security. Security breaches often result when users write, share, and publish personal information about themselves, their friends, and their workplaces online, not realizing the information they post is available to the public and can be used to aid malicious hackers. Commonly shared personal information may include, but is not limited to personal photographs, date of birth, religious affiliations, personal interests, and political views. In our study, we attempted to emphasize the acute problems inherent on OSNs that leave both employees and organizations vulnerable to cyber-attacks. In many cases, these attacks include the use of socialbots, which among other things, can spread spam and malware, and “phish” for login and password information. These malicious attacks may result in identity theft, fraud, and loss of intellectual assets and confidential business information.

The serious privacy and security problems related to OSNs are what fueled two complementary studies as part of this thesis. In the first study, we developed a general algorithm for the mining of data of targeted organizations by using Facebook (currently the most popular OSN) and socialbots. By friending employees in a targeted organization, our active socialbots were able to find new employees and informal organizational links that we could not find by crawling with passive socialbots. We evaluated our method on the Facebook OSN and were able to reconstruct the social networks of employees in three distinct, actual organizations. Furthermore, in the crawling process with our active socialbots we discovered up to 13.55% more employees and 22.27% more informal organizational links in contrast to the crawling process that was performed by passive socialbots with no company associations as “friends”.

In our second study, we developed a general algorithm for reaching specific OSN users who declared themselves to be employees of targeted organizations, using the topologies of organizational social networks and utilizing socialbots. We evaluated the proposed method on targeted users from three actual organizations on Facebook, and two actual organizations on the Xing OSN (another popular OSN platform). Eventually, our socialbots were able to reach specific users with a success rate of up to 70% on Facebook, and up to 60% on Xing.
The results from both studies demonstrate the dangers associated with OSNs. We believe that raising awareness regarding privacy issues among all entities of OSNs — users, organizations, and OSN operators — as well as developing preventive tools and M.Sc. Thesis

Aviad Elyashar 5

policies, may help to resolve this widespread, critical situation, and better protect OSN users’ privacy and security.

Keywords Socialbots, Social Networks, Security, Privacy, Organization Mining, Facebook, Xing, Online Social Network Threats, Trust, Crawling Social Networks, Clustering

Acknowledgment

I would like to express my sincere gratitude to my supervisors, Prof. Yuval Elovici and Dr. Michael Fire, for their continuous support of my M.Sc. studies and research —and especially for their patience, motivation,

This content is AI-processed based on ArXiv data.