Xinyue Zhang,Jingyi Wang,Yong Li,Riku Jantti,Miao Pan,Zhu Han

DOI: https://doi.org/10.1109/tvt.2018.2882733

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:The widespread adoption of mobile devices with global positioning system enables location-based games (LBGs) to use real world maps, while locations and objectives in LBGs can make the progression, achievements, and virtual rewards feel more palpable and entertaining. However, allowing location sharing in LBGs gives dishonest parties opportunities to learn users' trajectories, which compromises the users' privacy. In this paper, we propose a novel scheme jointly maximizing LBG players' virtual rewards while preserving their trajectory privacy. Briefly, we first introduce a quantitative machine learning-based approach to model trajectory inference attacks via tensor voting. Then, to thwart this attack, we propose a tensor voting-based k-anonymous obfuscation strategy. Considering the trajectory privacy concerns and power constraint of hand-held mobile devices, we mathematically formulate the LBG players' virtual reward maximization optimization into the mixed integer problem and develop the feasible solutions. Simulation results and analysis show that the proposed scheme can effectively preserve LBG players' trajectory privacy against tensor voting based inference attacks while maximizing LBG players' virtual rewards.

Yanzhe Che,Kevin Chiew,Xiaoyan Hong,Qinming He

DOI: https://doi.org/10.1145/2442810.2442820

2012-01-01

Abstract:ABSTRACTThere is a potential privacy breach when users access various location-based social applications on a mobile social network (MSN), e.g., sharing locations with friends. To preserve location privacy, one of the most common methods is to use a coarse or fake location instead of a user's exact location. However, most of these previous approaches only provide geometric strategies without considering the semantic context of the geographical locations. For example, if a cloaked region contains a part of a lake, where no boats are allowed, an adversary can easily prune the cloaked region to a smaller range covering a user's actual location. In this paper, we propose SALS, a semantics-aware location sharing framework based on cloaking zone for an MSN environment. By considering a user's social relations and activities which are available in an MSN environment, SALS does not assume any trustworthy entities, including strangers, friends or any third parties. As a solution, SALS enables users to cooperate with each other, in a Peer-to-Peer (P2P) way, to generate the cloaking zones, which will be used instead of the actual locations. Different from the previous cloaking techniques, SALS considers the semantic location which can influence the distribution probability of a user's locations. We also propose metrics for measuring the quality of the cloaking zone. The evaluation shows that our method can well defend the semantic-location attack.

Wenbo He,Xue Liu,Mai Ren

DOI: https://doi.org/10.48550/arXiv.1102.4135

2011-02-21

Abstract:Location-based mobile social network services such as foursquare and Gowalla have grown exponentially over the past several years. These location-based services utilize the geographical position to enrich user experiences in a variety of contexts, including location-based searching and location-based mobile advertising. To attract more users, the location-based mobile social network services provide real-world rewards to the user, when a user checks in at a certain venue or location. This gives incentives for users to cheat on their locations. In this report, we investigate the threat of location cheating attacks, find the root cause of the vulnerability, and outline the possible defending mechanisms. We use foursquare as an example to introduce a novel location cheating attack, which can easily pass the current location verification mechanism (e.g., cheater code of foursquare). We also crawl the foursquare website. By analyzing the crawled data, we show that automated large scale cheating is possible. Through this work, we aim to call attention to location cheating in mobile social network services and provide insights into the defending mechanisms.

Social and Information Networks,Cryptography and Security

Muyuan Li,Haojin Zhu,Zhaoyu Gao,Si Chen,Kui Ren,Le Yu,Shangqian Hu

DOI: https://doi.org/10.1145/2632951.2632953

2013-01-01

Abstract:Location-based social networks (LBSNs) feature friend discovery by location proximity that has attracted hundreds of millions of users world-wide. While leading LBSN providers claim the well-protection of their users' location privacy, for the first time we show through real world attacks that these claims do not hold. In our identified attacks, a malicious individual with the capability of no more than a regular LBSN user can easily break most LBSNs by manipulating location information fed to LBSN client apps and running them as location oracles. We further develop an automated user location tracking system and test it on leading LBSNs including Wechat, Skout, and Momo. We demonstrate its effectiveness and efficiency via a 3 week real-world experiment on 30 volunteers and show that we could geo-locate any target with high accuracy and readily recover his/her top 5 locations. Finally, we also develop a framework that explores a grid reference system and location classifications to mitigate the attacks. Our result serves as a critical security reminder of the current LBSNs pertaining to a vast number of users.

Ashly Fuller,Martin Lo,Angelica Holmes,Lu Lemanski,Marie Vasek,Enrico Mariconti

2023-04-06

Abstract:Location-based games have come to the forefront of popularity in casual and mobile gaming over the past six years. However, there is no hard data on crimes that these games enable, ranging from assault to cyberstalking to grooming. Given these potential harms, we conduct a risk assessment and quasi-experiment on the game features of location-based games. Using PokemonGO as a case study, we identify and establish cyber-enabled stalking as the main risk event where in-game features such as an innocent function to share in-game postcards can be exploited by malicious users. Users obtain postcards that are unique to each Pokestop and represent gifts that can be shared with in-game friends. The number of postcards that each user can retain is limited, so they send the excess to their friends with items that boost their friends' game activities. The postcard often also unintentionally leaks the users' commonly visited locations to their in-game friends. We analyze these in-game features using risk assessment and identify cyber-enabled stalking as one of the main threats. We further evaluate the feasibility of this crime through a quasi-experiment. Our results show that participants' routine locations such as home and work can be reliably re-identified within days from the first gift exchange. This exploitation of a previously unconsidered in-game feature enables physical stalking of previously unknown persons which can escalate into more serious crimes. Given current data protection legislation in Europe, further preventive measures are required by Niantic to protect pseudonymized users from being re-identified by in-game features and (potentially) stalked.

Human-Computer Interaction

Yuan Xuan,Yang Chen,Huiying Li,Pan Hui,Lei Shi

DOI: https://doi.org/10.1145/2818052.2869094

2016-01-01

Abstract:Given the popularity of GPS-enabled smart devices, location-based social networks (LBSNs) have attracted numerous users around the world. The openness of LBSN platforms has also made themselves the targets of malicious attack-ers. In LBSNs, attackers can register a number of fake iden-tities and let them post spam reviews or fake check-ins. Therefore, discovering and blocking the malicious accounts are vital for the experience of legitimate users. In this pa-per, we investigated how to accurately detect malicious ac-counts in LBSNs. We collected rich user data from a pop-ular LBSN in China, so-called Dianping. We then built a crowdsourcing based annotation platform to mark legitimate and malicious accounts. By examining the annotated data set, we selected a number of key features to distinguish between these two types of accounts. Based on these fea-tures, we built LBSNShield, a machine learning-based mali-cious account detection system. According to our extensive evaluation, our system can achieve an F1-score of 0.89.

Yulong Gu,Jiaxing Song,Weidong Liu,Lixin Zou

DOI: https://doi.org/10.1109/icdm.2016.0110

2016-01-01

Abstract:The rapid spread of mobile internet and location-acquisition technologies have led to the increasing popularity of Location-Based Social Networks(LBSNs). Users in LBSNs can share their life by checking in at various venues at any time. In LBSNs, identifying home locations of users is significant for effective location-based services like personalized search, targeted advertisement, local recommendation and so on. In this paper, we propose a Home Location Global Positioning System called HLGPS to tackle with the home location identification problem in LBSNs. Firstly, HLGPS uses an influence model named as IME to model edges in LBSNs. Then HLGPS uses a global iteration algorithm based on IME model to position home location of users so that the joint probability of generating all the edges in LBSNs is maximum. Extensive experiments on a large real-world LBSN dataset demonstrate that HLGPS significantly outperforms state-of-the-art methods by 14.7%.

Yulong Gu,Yuan Yao,Weidong Liu,Jiaxing Song

DOI: https://doi.org/10.1109/icccn.2016.7568598

2016-01-01

Abstract:The rapid spread of smartphones has led to the increasing popularity of Location-Based Social Networks(LBSNs) like Foursquare, Gowalla, Facebook Places and so on where users can publish information about their current location. In LBSNs, identifying home locations of users is very important for various applications like effective location-based advertisement and recommendation. However, this problem is rather challenging because the location information in LBSNs is sparse and noisy: Only a small percentage of users share their home location information due to privacy concerns; users may check in at diverse places far from their home and make friends far away; many users even do not have any check-in information. In this paper, we propose a trust-based influence model, named as TSU to solve the problem. To be specific, TSU is a Trust-based unified probabilistic model that models edges in LBSNs based on signals from Social relationship data(social friendship, social trust) and User-centric data(check-in data) in LBSN. We proposed a Home Location Identification method based on TSU model and evaluate it on a large real-world LBSNs dataset. Extensive experiments demonstrate that our method significantly outperforms state-of-the- art methods.

Hao Zhou,Yingjie Wu,Sisi Zhong,Zhao Luo,Xiaodong Wang

DOI: https://doi.org/10.1109/icicee.2012.418

2012-01-01

Abstract:The query privacy issue in location-based services (LBS) has recently received considerable attention. To protect the query privacy of users, current state-of-the-art techniques adopt cloaking which cloaks the sender's location to k-anonymized spatial region (ASR), such that an attack based on the sender's location cannot identify the query source with probability larger than 1/k, among other k-1 users. However, these techniques do not consider that these k-1 additional mobile users with different privacy requirements may send request at the same time. In this paper, we propose a new attack model that an adversary who observes all the ASRs at one time can identify the query source with probability larger than 1/k based on prior knowledge of the locations of all users. And we propose our two algorithms, namely, Basic and Adaptive Algorithms, which strengthen the privacy guarantee to defend such inference attack while still support personalized user privacy requirements. We verify the effectiveness of the proposed algorithms by experiments on location data which synthetically generated on real road maps.

Zheng Huo,Xiaofeng Meng,Rui Zhang

DOI: https://doi.org/10.1007/978-3-642-37487-6_29

2013-01-01

Abstract:Check-in services, one of the most popular services in Geo-Social Networks (GeoSNs) may cause users’ personal location privacy leakage. Although users may avoid checking in places which they regard as sensitive, adversaries can still infer where a user has been through linkage of multiple background information. In this paper, we propose a new location privacy attack in GeoSNs, called hidden location inference attack, in which adversaries infer users’ location based on users’ check-in history as well as check-in history of her friends and similar users. Then we develop three inference models (baseline inference model, CF-based inference model and HMM-based inference model) to capture the hidden location privacy leakage probability. Moreover, we design a privacy alert framework to warn users the most probable leaked locations. At last, we conduct a comprehensive performance evaluation using two real-world datasets collected from Gowalla and Brightkite. Experiment results show the accuracy of our proposed inference models and the effectiveness of the privacy alert framework.

Zidong Yang,Shibo He,Jiming Chen,Youxian Sun

DOI: https://doi.org/10.1145/3055601.3055619

2017-01-01

Abstract:Dynamically localizing users in online social networks is challenging because people seldom post location-related microblogs due to privacy concern. To increase inference accuracy, a promising approach is to leverage microblogs from friends. However, it is difficult because microblogs from friends may not be synchronized or informative. To tackle these challenges, we propose a system consisting two steps. Firstly, "co-location" friends are detected and used to infer the statistical locations of users. Secondly, users' dynamic locations are determined by considering both statistical locations and POI(point of interest) names in microblogs. Experiments based on real world dataset demonstrates that our approach outperforms previous studies.

Lei Xu,Chunxiao Jiang,Nengqiang He,Yi Qian,Yong Ren,Jianhua Li

DOI: https://doi.org/10.1109/jiot.2018.2847302

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:With the growing popularity of mobile social networks, point-of-interest (POI) recommendation, which utilizes users' check-in data to suggest interesting places for users, has attracted much attention in recent years. The check-in data, containing time and location information, are closely related to the user's personal life. Due to privacy concerns, users are reluctant to share check-in data with the service provider (SP), which causes a negative effect on recommendations. It is important for the user to find a balance between privacy and recommendation quality. In this paper, we consider a POI recommendation scenario where an adversary can access the data that a user reports to the SP. The user sequentially decides whether to check in for the POI he has visited. A stochastic game model is proposed to analyze the interaction between the user and the adversary. To find a good policy for the user, two value iteration algorithms are applied. The proposed game has a large state set, which makes it difficult for policy learning. To deal with this problem, we use some tricks when implementing the minimax Q-learning algorithm, and a set of neural networks are trained to approximate the Q-functions. To evaluate the performance of the learning algorithms, we conduct a series of simulations by using real-world check-in data. Simulation results show that the proposed learning algorithms can help the user to make good decisions, in the sense that the user can get a high long-term return.

Fengli Xu,Zhen Tu,Hongjia Huang,Shuhao Chang,Funing Sun,Diansheng Guo,Yong Li

DOI: https://doi.org/10.1109/tmc.2019.2947416

IF: 6.075

2021-01-01

IEEE Transactions on Mobile Computing

Abstract:With the flourishing of location based social networks, posting check-ins has become a common practice to document one's daily life. Users usually do not consider check-in records as violations of their privacy. However, through analyzing two real-world check-in datasets, our study shows that check-in records are vulnerable to linkage attacks. Specifically, adversary is able to uniquely re-identify over 52$\sim$∼66 percent users in other anonymous mobility datasets and 60$\sim$∼80 percent users have more than 60 percent probability leaking unreported mobility records. In addition, we further demonstrate that the privacy sensitivity of check-in records can be more accurately measured by including the information of additional mobility data compared with only looking at check-ins. Based on this observation, we design a partition-and-group framework to integrate the information of check-ins and additional mobility data to attain a novel privacy criterion—$k^{\tau, l}$kτ,l-anonymity. It ensures adversaries with arbitrary background knowledge cannot use check-ins to re-identify users in other anonymous datasets or learning unreported mobility records. The proposed framework achieves favorable performance against state-of-art baseline in terms of improving check-in utility by 24$\sim$∼57 percent while providing stronger privacy guarantee at the same time. We believe this study will open a new angle in attaining both privacy-preserving and useful check-in services.

Jeremy Blackburn,Ramanuja Simha,Nicolas Kourtellis,Xiang Zuo,Clayton Long,Matei Ripeanu,John Skvoretz,Adriana Iamnitchi

DOI: https://doi.org/10.48550/arXiv.1112.4915

2011-12-21

Abstract:Online gaming is a multi-billion dollar industry that entertains a large, global population. One unfortunate phenomenon, however, poisons the competition and the fun: cheating. The costs of cheating span from industry-supported expenditures to detect and limit cheating, to victims' monetary losses due to cyber crime. This paper studies cheaters in the Steam Community, an online social network built on top of the world's dominant digital game delivery platform. We collected information about more than 12 million gamers connected in a global social network, of which more than 700 thousand have their profiles flagged as cheaters. We also collected in-game interaction data of over 10 thousand players from a popular multiplayer gaming server. We show that cheaters are well embedded in the social and interaction networks: their network position is largely undistinguishable from that of fair players. We observe that the cheating behavior appears to spread through a social mechanism: the presence and the number of cheater friends of a fair player is correlated with the likelihood of her becoming a cheater in the future. Also, we observe that there is a social penalty involved with being labeled as a cheater: cheaters are likely to switch to more restrictive privacy settings once they are tagged and they lose more friends than fair players. Finally, we observe that the number of cheaters is not correlated with the geographical, real-world population density, or with the local popularity of the Steam Community. This analysis can ultimately inform the design of mechanisms to deal with anti-social behavior (e.g., spamming, automated collection of data) in generic online social networks.

Social and Information Networks,Computers and Society,Physics and Society

Xiaoyan Zhu,Haotian Chi,Shunrong Jiang,Xiaosan Lei,Hui Li

DOI: https://doi.org/10.1109/ICC.2014.6883667

2014-01-01

Abstract:Location-based services (LBSs) are attracting more and more attentions with the increasing popularity of mobile devices and online social networking. In LBSs, users can conveniently obtain their interested information by sending queries to the LBS server. However, users' queries include their identities, locations, interests, etc, which may result in the leakage of users' trajectory and other sensitive information. Although the existing obfuscation and location anonymization techniques along with a long-term pseudonym can protect users' location privacy to some extent, users' real identities and moving trajectories can still be deduced through long-term observation and side information aided inference attacks. To address these problems, we propose a dynamic pseudo-ID system, where unlinkable pseudo-IDs are used by users to completely hide their identities in the queries, in order to break the link between users' identities and their locations. Moreover, we employ certificates to ensure the verifiability and traceability of the dynamic pseudo-IDs. Security analysis and evaluation results show that the proposed scheme can enhance user' privacy and is feasible to implement into mobile devices.

Kashif Sharif

2018-01-01

Abstract:Recent advances in Socially Aware Networks (SANs) have allowed its use in many domains, out of which social Internet of vehicles (SIOV) is of prime importance. SANs can provide a promising routing and forwarding paradigm for SIOV by using interest-based communication. Though able to improve the forwarding performance, existing interest-based schemes fail to consider the important issue of protecting usersu0027 interest information. In this paper, we propose a PRivacy-preserving Interest-based Forwarding scheme (PRIF) for SIOV, which not only protects the interest information, but also improves the forwarding performance. We propose a privacy-preserving authentication protocol to recognize communities among mobile nodes. During data routing and forwarding, a node can know othersu0027 interests only if they are affiliated with the same community. Moreover, to improve forwarding performance, a new metric {em community energy} is introduced to indicate vehicular social proximity. Community energy is generated when two nodes encounter one another and information is shared among them. PRIF considers this energy metric to select forwarders towards the destination node or the destination community. Security analysis indicates PRIF can protect nodesu0027 interest information. In addition, extensive simulations have been conducted to demonstrate that PRIF outperforms the existing algorithms including the BEEINFO, Epidemic, and PRoPHET.

Yi-Liang Zhao,Qiang Chen,Shuicheng Yan,Tat-Seng Chua,Daqing Zhang

DOI: https://doi.org/10.1145/2502415

2013-01-01

Abstract:In location-based social networks (LBSNs), users implicitly interact with each other by visiting places, issuing comments and/or uploading photos. These heterogeneous interactions convey the latent information for identifying meaningful user groups, namely social communities, which exhibit unique location-oriented characteristics. In this work, we aim to detect and profile social communities in LBSNs by representing the heterogeneous interactions with a multimodality nonuniform hypergraph. Here, the vertices of the hypergraph are users, venues, textual comments or photos and the hyperedges characterize the k -partite heterogeneous interactions such as posting certain comments or uploading certain photos while visiting certain places. We then view each detected social community as a dense subgraph within the heterogeneous hypergraph, where the user community is constructed by the vertices and edges in the dense subgraph and the profile of the community is characterized by the vertices related with venues, comments and photos and their inter-relations. We present an efficient algorithm to detect the overlapped dense subgraphs, where the profile of each social community is guaranteed to be available by constraining the minimal number of vertices in each modality. Extensive experiments on Foursquare data well validated the effectiveness of the proposed framework in terms of detecting meaningful social communities and uncovering their underlying profiles in LBSNs.

Jiuxin Cao,Rongqing Xia,Yifang Guo,Zhuo Ma

DOI: https://doi.org/10.1007/s11280-018-0614-x

2018-07-16

World Wide Web

Abstract:To ensure the quality of online review, more and more location-based social networks (LBSNs), like Yelp, have established the filtering systems to detect groups of review spammers. This is not an easy task. Review spammers use camouflage methods to maintain their spam behavior in a very low density to try to conceal themselves in normal users. These camouflaged spammers, driven by profits, are hired by some stores to write fake reviews in groups so as to raise these stores or to belittle their competitors. To avoid the unhealthy competition, in this paper, we propose a novel detection mechanism to discern collusive review spammers, including individuals and groups. The key point of our mechanism is to identify hidden spammers through multiple anomalous relationship features, especially the collusive relation between review spammers and the business competition between locations. Based on multi-view anomalous features, two detection models are proposed for individual and group discovery, respectively. For malicious individuals, a detection model based on Markov Random Field (MRF) is constructed to formalize an inference problem, where the corresponding marginal distribution of users and locations are calculated respectively. For review spammer groups, a hierarchical agglomerative clustering algorithm is conceived according to a new validity index to make sure the collusion relation in each group is close at most. Experiment results show that our method can detect collusive spammers and groups more accurately and comprehensively over the current researches. The additional experiments also show the effectiveness of each anomalous feature in detecting review spammers.

Mengyue Hang,Ian Pytlarz,Jennifer Neville

DOI: https://doi.org/10.48550/arXiv.1811.06912

IF: 5.414

2018-09-25

Machine Learning

Abstract:With the availability of vast amounts of user visitation history on location-based social networks (LBSN), the problem of Point-of-Interest (POI) prediction has been extensively studied. However, much of the research has been conducted solely on voluntary checkin datasets collected from social apps such as Foursquare or Yelp. While these data contain rich information about recreational activities (e.g., restaurants, nightlife, and entertainment), information about more prosaic aspects of people's lives is sparse. This not only limits our understanding of users' daily routines, but more importantly the modeling assumptions developed based on characteristics of recreation-based data may not be suitable for richer check-in data. In this work, we present an analysis of education "check-in" data using WiFi access logs collected at Purdue University. We propose a heterogeneous graph-based method to encode the correlations between users, POIs, and activities, and then jointly learn embeddings for the vertices. We evaluate our method compared to previous state-of-the-art POI prediction methods, and show that the assumptions made by previous methods significantly degrade performance on our data with dense(r) activity signals. We also show how our learned embeddings could be used to identify similar students (e.g., for friend suggestions).

Jonathan White,Joon S. Park,Charles A. Kamhoua,Kevin A. Kwiat

DOI: https://doi.org/10.1007/s13278-014-0221-5

2014-07-31

Social Network Analysis and Mining

Abstract:In the social media era, the ever-increasing utility of Online Social Networks (OSN) services provide a variety of benefits to users, organizations, and service providers. However, OSN services also introduce new threats and privacy issues regarding the data they are dealing with. For instance, in a reliable OSN service, a user should be able to set up his desired level of information sharing and securely manage sensitive data. Currently, few approaches exist that can model OSNs for the purpose, let alone a model the effects that attackers can have on these networks. In this work a novel OSN modeling approach is presented to fill the gap. This model is based on an innovative game-theoretic approach and it is analyzed both from a theoretical and simulation-oriented view. The game-theoretic model is implemented to analyze several attack scenarios. Honeytokens, which are an information security tool based upon deception, are defined and identified as a security tool that could help in OSN security. As the results show, there are several scenarios where OSN services are very vulnerable and hence more protection mechanisms should be provided to secure the data contained across these networks, including the use of honeytokens. In this work we introduce a novel OSN modeling approach for optimal data sharing based on innovative game theories, considering the states/optimal policies of data sharing on OSNs and possible confrontations between the attacker and the user. After we develop the theoretical framework, we conduct experiments, integrating our ideas with honeytokens in several attack scenarios. Finally, we analyze our experimental results and discuss recommendations based on the results.