Shan Chang,Yuting Tao,Hongzi Zhu,Bo Li

DOI: https://doi.org/10.1109/icdcs57875.2023.00028

2023-01-01

Abstract:Check-in data widely published in mobile social networks (MSNs) pose serious privacy threats to users. Existing inference attack methods show that pairwise social relationship could be estimated by analyzing check-in user records. However, the efficacy of such attacks heavily depends on the density of check-in data, which is often not present in practice. In this work, we propose a new inference attack scheme, which for the first time can effectively reveal hidden social friendship in both the real world and in cyberspace among users with only sparse check-in data. Our attack method enjoys two salient features. First, it requires no prior knowledge about social connections, instead it estimates users' social proximity by exploiting both physical presence and social proximities. Second, our attack scheme can automatically learn representative features based on the significance of various check-in records, rather than relying on heuristic features. We conduct extensive trace-driven simulations, and the results demonstrate that our inference attack method can improve the efficacy of the state-of-the-art learning-based schemes up to 40%. Moreover, our proposed attack method is also robust against common data obfuscation mechanisms.

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Chongjing Sun,Philip S. Yu,Xiangnan Kong,Yan Fu

DOI: https://doi.org/10.1109/ICDMW.2013.71

2013-10-11

Abstract:Publishing social network data for research purposes has raised serious concerns for individual privacy. There exist many privacy-preserving works that can deal with different attack models. In this paper, we introduce a novel privacy attack model and refer it as a mutual friend attack. In this model, the adversary can re-identify a pair of friends by using their number of mutual friends. To address this issue, we propose a new anonymity concept, called k-NMF anonymity, i.e., k-anonymity on the number of mutual friends, which ensures that there exist at least k-1 other friend pairs in the graph that share the same number of mutual friends. We devise algorithms to achieve the k-NMF anonymity while preserving the original vertex set in the sense that we allow the occasional addition but no deletion of vertices. Further we give an algorithm to ensure the k-degree anonymity in addition to the k-NMF anonymity. The experimental results on real-word datasets demonstrate that our approach can preserve the privacy and utility of social networks effectively against mutual friend attacks.

Databases,Cryptography and Security,Social and Information Networks

Lingshuo Meng,Yijie Bai,Yanjiao Chen,Yutong Hu,Wenyuan Xu,Haiqin Weng

DOI: https://doi.org/10.1145/3576915.3623173

2023-01-01

Abstract:Graph neural networks (GNNs) have been developed to mine useful information from graph data of various applications, e.g., health-care, fraud detection, and social recommendation. However, GNNs open up new attack surfaces for privacy attacks on graph data. In this paper, we propose Infiltrator, a privacy attack that is able to pry node-level private information based on black-box access to GNNs. Different from existing works that require prior information of the victim node, we explore the possibility of conducting the attack without any information of the victim node. Our idea is to infiltrate the graph with attacker-created nodes to befriend the victim node. More specifically, we design infiltration schemes that enable the adversary to infer the label, neighboring links, and sensitive attributes of a victim node. We evaluate Infiltrator with extensive experiments on three representative GNN models and six real-world datasets. The results demonstrate that Infiltrator can achieve an attack performance of more than 98% in all three attacks, outperforming baseline approaches. We further evaluate the defense resistance of Infiltrator against the graph homophily defender and the differentially private model.

Xiangyu Liu,Xiaochun Yang

DOI: https://doi.org/10.1007/978-3-642-29038-1_25

2012-01-01

Abstract:The increasing popularity of social networks in various application domains has raised privacy concerns for the individuals involved. One popular privacy attack is identifying sensitive relationships between individuals. Simply removing all sensitive relationships before releasing the data is insufficient. It is easy for adversaries to reveal sensitive relationships by performing link inferences. Unfortunately, most of previous studies cannot protect privacy against link inference attacks. In this work, we identify two types of link inference attacks, namely, one-step link inference attacks and cascaded link inference attacks. We develop a general framework for preventing link inference attacks, which adopts a novel lineage tracing mechanism to efficiently cut off the inference paths of sensitive relationships. We also propose algorithms for preventing one-step link inference attacks and cascaded link inference attacks meanwhile retaining the data utility. Extensive experiments on real datasets show the satisfactory performance of our methods in terms of privacy protection, efficiency and practical utilities.

Youyang Qu,Shui Yu,Wanlei Zhou,Jianwei Niu

DOI: https://doi.org/10.1109/GLOCOM.2018.8647771

2018-01-01

Abstract:Fast proliferation of mobile devices significantly promotes the development of mobile social networks. Users tend to interact with friends via multiple social networks. Multiple social networks identification is of great significance in terms of both attack and defense. Current methods either focus on the profile matching or network structure to re-identify a specific user. However, the accuracy are not satisfying with relative high error rate. In this paper, we propose a new Friendship learning-Based Identification (FBI) method to discriminate multiple pseudo identities of a real-world individual. We aim at providing potential attack mechanism to following privacy protection research. Firstly, we develop a new identification method based on friendship matching. Then, we implement a weighted mechanism which takes profile, network structure, and friendship into consideration. Furthermore, machine learning is leverage to further optimize the parameters and improve the accuracy. In addition, extensive experimental results show the superior of the FBI comparing to existing ones.

Yuzi Yi,Jingsha He,Nafei Zhu,Xiangjun Ma

DOI: https://doi.org/10.1002/spy2.194

2021-01-01

Security and Privacy

Abstract:Privacy inference attacks in online social networks aim at inferring hidden attributes of target users based on released attributes of the users as well as information about social relationships in the networks. Although many privacy inference methods have been proposed in recent years, most of the methods have mostly focused on pursuing high accuracy of the inference results without paying too much attention on identifying users who make the most contributions to the inference, making it less useful in the development of effective countermeasures. In this paper, by taking full consideration of the roles of users in privacy inference, we propose a privacy inference method based on graph attention networks that can provide information about not only the private attributes of the target users, but also the importance of the users in the process of inferring the results. We also design a novel mechanism for the selection of influential users to make our proposed method adaptive to the characteristics of user influence diffusion, resulting in involving fewer number of users in privacy inference and hence improving the efficiency. We also performed some experiment to evaluate the proposed method using a real online social network dataset to show the effectiveness of the proposed method. Comparison with other comparable methods also shows that the results of our proposed method are more accurate.

Yunjuan Yang,Ye Tian,Edith Ngai,Lanshan Zhang,Yining Teng,Wendong Wang

DOI: https://doi.org/10.1109/glocom.2014.7417301

2015-01-01

Abstract:Web users are immersed in their roles as information producers and propagation pushers. They are unaware of being potential threats to privacy-protection towards themselves and their friends. It is necessary to know who they should beware of most in their friend-networks once their privacy information is divulged inadvertently. In this paper, we aim to identify the vulnerable friend who maximizes the dissemination of privacy information. First we develop a Privacy Receiving-Disseminating (PRD) model to simulate the iterative course of privacy information dissemination within social graph. The subgraph constituted of those users who are involved in the dissemination, called Ultimate Circle of Disseminating (UCD), is then detected by an iterative algorithm. The contribution of each direct friend could be evaluated by comparing the disseminating intensities of detected UCDs before and after unfriending himself. The performance of our work has been validated empirically with the comparison of different unfriending strategies.

Weirong Cui,Chenglie Du

DOI: https://doi.org/10.3969/j.issn.1000-2758.2017.04.027

2017-01-01

Abstract:In mobile social networks, unfamiliar users can decide whether to establish new social relationships be?tween each other by examining whether they have common friends. The biggest challenge during this process is how to protect the users' privacy and prevent users from forging friend relationships. In order to address this challenge, a common friends detection method based on identity?based encryption technology is presented in this paper. In our method, a new evidence of friend relationship is designed, which can establishes a one?to?one relationship between the issuer of evidence and the owner of evidence. Based on the evidence, a privacy?preserving and trusted common friends detection protocol is designed. We provide thorough security analysis and performance evaluation on our scheme.

Cong Tang,Yonggang Wang,Hu Xiong,Tao Yang,Jianbin Hu,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1109/AINA.2011.57

2011-01-01

Abstract:Private attributes of Online Social Network (OSN) users can be inferred from other information (which is usually from users' friends and group information). To address this, social networking sites allow users to hide their friend lists and group lists, so that general public cannot see them. However, if a user doesn't make his friend list public, but his friends have public friend list where we can find him, we can do reverse lookup to extend the friend lists of the user. Furthermore, many social networks allow non-group members to list the members of public groups (e.g., Face book). These are strong violations of OSN users' privacy, and can be considered as privacy risks caused by the asymmetric configuration of settings in OSNs. In this paper we present the privacy risks due to the lack of symmetric configurations, which exist in most of the OSNs. To make our idea more clear, we propose a inference attack and show that it can be used to infer users' private information, even users already made their friend list private. We theoretically analyze the risk of proposed privacy issues, and evaluate the risk using experiments based on real-world OSN data. We show that it is not sufficient to only disable friend list and group list to guarantee privacy, and propose methods to mitigate these privacy issues.

Chenyang Liu,Dan Yin,Hao Li,Wei Wang,Wu Yang

DOI: https://doi.org/10.1007/978-3-319-60033-8_34

2017-01-01

Abstract:With the popularity of social networks, publishing social network data is necessary for research purposes, which causes privacy leakage undoubtedly. Therefore, many methods are proposed to deal with different attack models. This paper focuses on a novel privacy attack model and refers it as a label pair attack. In the label pair attacks, the adversary can re-identify a pair of friends by using the labels of two vertices connected by an edge. We present a new anonymity concept, called Label Pair k(2)-anonymity which ensures that there exists at least k -1 other vertices such that each of the k -1 vertices also has an incident edge of the same label pair and reduces the probability of a vertex being re-identified to less than 1/k. The experimental results demonstrate that the approach can preserve the privacy and utility of social networks effectively.

Haojin Zhu,Suguo Du,Muyuan Li,Zhaoyu Gao

DOI: https://doi.org/10.1109/tetc.2013.2279541

2013-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Mobile social networks represent a promising cyber-physical system, which connects mobile nodes within a local physical proximity using mobile smart phones as well as wireless communication. In mobile social networks, the mobile users may, however, face the risk of leaking their personal information and location privacy. In this paper, we first model the secure friend discovery process as a generalized privacy-preserving interest and profile matching problem. We identify a new security threat arising from existing secure friend discovery protocols, coined as runaway attack, which can introduce a serious unfairness issue. To thwart this new threat, we introduce a novel blind vector transformation technique, which could hide the correlation between the original vector and transformed results. Based on this, we propose our privacy-preserving and fairness-aware interest and profile matching protocol, which allows one party to match its interest with the profile of another, without revealing its real interest and profile and vice versa. The detailed security analysis as well as real-world implementations demonstrate the effectiveness and efficiency of the proposed protocol.

Minghui Li,Zhaobin Liu,Kang Dong

DOI: https://doi.org/10.1109/trustcom.2016.0244

2016-01-01

Abstract:Recently, privacy preservation in publishing social network has become one of the most notable challenges. Researchers have developed a variety of methods to protect individual's privacy while maintaining utility at the same time. There exists such a situation that an adversary may identify the privacy of a victim with the background knowledge of public neighborhoods. Unfortunately, most of previous researches only focus on unclassified neighborhood attacks and ignore that public neighborhoods whose information is completely open will bring greater risk than private neighborhoods. In view of the availability of users' information, we adopt k-anonymity which belongs to graph modification methods to protect private users from public neighborhood attacks. Although k-anonymity could defend users from re-identification, a group of nodes may share the same sensitive labels which may be exploited by attackers to speculate private information. So we adopt l-diversity to guard the sensitive labels. We conduct our experiments in some social networks, and the results show that our method is effective.

Shah Mahmood,Yvo Desmedt

DOI: https://doi.org/10.48550/arXiv.1203.4043

2012-03-19

Abstract:With over 750 million active users, Facebook is the most famous social networking website. One particular aspect of Facebook widely discussed in the news and heavily researched in academic circles is the privacy of its users. In this paper we introduce a zero day privacy loophole in Facebook. We call this the deactivated friend attack. The concept of the attack is very similar to cloaking in Star Trek while its seriousness could be estimated from the fact that once the attacker is a friend of the victim, it is highly probable the attacker has indefinite access to the victims private information in a cloaked way. We demonstrate the impact of the attack by showing the ease of gaining trust of Facebook users and being befriended online. With targeted friend requests we were able to add over 4300 users and maintain access to their Facebook profile information for at least 261 days. No user was able to unfriend us during this time due to cloaking and short de-cloaking sessions. The short de-cloaking sessions were enough to get updates about the victims. We also provide several solutions for the loophole, which range from mitigation to a permanent solution

Social and Information Networks,Computers and Society,Physics and Society

Michael Fire,Dima Kagan,Aviad Elyashar,Yuval Elovici

DOI: https://doi.org/10.1007/s13278-014-0194-4

2014-05-23

Social Network Analysis and Mining

Abstract:AbstractThe amount of personal information involuntarily exposed by users on online social networks is staggering, as shown in recent research. Moreover, recent reports indicate that these networks are inundated with tens of millions of fake user profiles, which may jeopardize the user’s security and privacy. To identify fake users in such networks and to improve users’ security and privacy, we developed the Social Privacy Protector (SPP) software for Facebook. This software contains three protection layers that improve user privacy by implementing different methods to identify fake profiles. The first layer identifies a user’s friends who might pose a threat and then restricts the access these “friends” have to the user’s personal information. The second layer is an expansion of Facebook’s basic privacy settings based on different types of social network usage profiles. The third layer alerts users about the number of installed applications on their Facebook profile that has access to their private information. An initial version of the SPP software received positive media coverage, and more than 3,000 users from more than 20 countries have installed the software, out of which 527 have used the software to restrict more than 9,000 friends. In addition, we estimate that more than 100 users have accepted the software’s recommendations and removed nearly 1,800 Facebook applications from their profiles. By analyzing the unique dataset obtained by the software in combination with machine learning techniques, we developed classifiers that are able to predict Facebook profiles with a high probability of being fake and consequently threaten the user’s security and privacy. Moreover, in this study, we present statistics generated by the SPP software on both user privacy settings and the number of applications installed on Facebook profiles. These statistics alarmingly demonstrate how vulnerable Facebook users’ information is to both fake profile attacks and third-party Facebook applications.

English Else

Yangheran Piao,Kai Ye,Xiaohui Cui

DOI: https://doi.org/10.1109/access.2021.3064208

IF: 3.9

2021-01-01

IEEE Access

Abstract:With the rapid development of social networks, users pay more and more attention to the protection of personal information. However, the transmission of users' personal information through social networks will inevitably lead to privacy leakage and make users attacked. A large amount of privacy information can be inferred from the content and social traces published by users, which leads to the rise of privacy inference technology for users in social networks. Social relationship inference and attribute inference are two basic attacks on users' privacy in social networks. This is the first systematic review of privacy inference attacks in social networks. The purpose of this retrospective study is to provide a global summary, summarizing the time trend of the topic, and show the evolution of the topic in the past 15 years. In addition, this paper discusses the trend and development of this topic and finally looks forward to future work. The contribution of our work is helpful for researchers to continue their research in this field.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shiwen Zhang,Xiong Li,Haowen Liu,Yaping Lin,Arun Kumar Sangaiah

DOI: https://doi.org/10.1016/j.scs.2017.12.031

IF: 11.7

2018-01-01

Sustainable Cities and Society

Abstract:Recently, online social networks (OSNs), which can offer many innovative services, are on the rise. As making friends is a basic way to create user's social relationship, friend recommendation is proposed to help users expand their social circles in OSNs. However, traditional friend recommendation process poses several crucial privacy breaches in OSNs, such as identity theft and relationship privacy leakage. Aimed to solve this problem, different from traditional friend recommendation schemes, based on the common interests by characterizing user's social behaviors/activities, we identify the threat model, and then propose a k-degree anonymous friend recommendation (KFR) scheme. Firstly, we abstract OSN as a hypergraph and then propose an edge segmentation algorithm to hide user's identity privacy and social relationship privacy. Subsequently, based on users' common interests, we design a similarity calculation algorithm. Finally, combined the similarity calculation algorithm with the segmentation tree (ST) technique, a novel k-degree anonymous friend recommendation scheme is proposed. The experiments carried out on real datasets show that the proposed scheme is scalable and effective.

M. Shariatnasab,F. Shirani,Z. Anwar

DOI: https://doi.org/10.48550/arXiv.2202.05895

2022-02-12

Abstract:This work considers the fundamental privacy limits under active fingerprinting attacks in power-law bipartite networks. The scenario arises naturally in social network analysis, tracking user mobility in wireless networks, and forensics applications, among others. A stochastic growing network generation model -- called the popularity-based model -- is investigated, where the bipartite network is generated iteratively, and in each iteration vertices attract new edges based on their assigned popularity values. It is shown that using the appropriate choice of initial popularity values, the node degree distribution follows a power-law distribution with arbitrary parameter $\alpha>2$, i.e. fraction of nodes with degree $d$ is proportional to $d^{-\alpha}$. An active fingerprinting deanonymization attack strategy called the augmented information threshold attack strategy (A-ITS) is proposed which uses the attacker's knowledge of the node degree distribution along with the concept of information values for deanonymization. Sufficient conditions for the success of the A-ITS, based on network parameters, are derived. It is shown through simulations that the proposed attack significantly outperforms the state-of-the-art attack strategies.

Social and Information Networks,Databases,Information Theory

Fukang Liu,Guorui Wu,Yang Liu

DOI: https://doi.org/10.1145/3377644.3377648

2020-01-01

Abstract:Friend recommendation systems is widely applied in the context of online social networks (OSNs). Such systems aim to expand users' social network to increase users' engagement with related OSNs. However, during the cold-start stage, in which situation no sufficient information could be used to provide recommendation to new users, social relationships among existing users might be disclosed. As existing users' social relationship might be used to provide recommendation for new users. In this paper, we solve such privacy problem by applying a privacy-preserving friend recommendation mechanism. The novelty of this mechanism lies in its combination of deep learning and differential privacy method. The balance of privacy preservation and social recommendation is achieved by introducing node2vec to generate users' latent features, then performing the information fusion with Heterogeneous Information Networks (HIN), and finally using deep neural network (DNN) which accords with differential privacy to make privacy-preserving recommendations. The mechanism is experimented on a real dataset Higgs Twitter Dataset. The result shows that our method can achieve certain balance to obtain good effect of recommendation without disclosing users' privacy.

Xingping Xian,Tao Wu,Yanbing Liu,Wei Wang,Chao Wang,Guangxia Xu,Yonggang Xiao

DOI: https://doi.org/10.1016/j.knosys.2020.106674

2021-04-01

Abstract:<p>The increasing popularity and diversity of social media sites have resulted in an emergent number of available social networks. These social networks are now the source of information for third-party consumers, such as researchers and advertisers, to understand user social activities. In a privacy-preserving viewpoint, a full assessment of social relationships between individuals may violate privacy. Different network structure perturbation methods have been proposed to limit the disclosure of sensitive user data. However, despite the proliferation of these methods, currently, there are no robustness studies on the methods for link prediction-based hidden inference structure. In this study, we survey the state-of-the-art network structure perturbation methods for privacy-preservation and the classic link prediction methods for structure inference. To restore the perturbed network structure effectively, we propose a novel Multi-Layer Linear Coding-based link prediction method (MLLC) with a closed-form solution. Furthermore, we provide vulnerability analysis on network structure perturbation methods in the context of link prediction-based structure inference. We also compare the methods on the preservation of utility metrics for social network analysis, where a structure perturbation method is preferred if the metrics of the perturbed network are similar to those of the original network. Our experimental study indicates that the MLLC algorithm outperforms conventional methods for hidden structure inference, and that it is important to provide robustness to network structure perturbation methods against these attacks.</p>

computer science, artificial intelligence