This Article 
 Bibliographic References 
 Add to: 
Security Issues in Online Social Networks
July/August 2011 (vol. 15 no. 4)
pp. 56-63
Hongyu Gao, Northwestern University
Jun Hu, Huazhong University of Science and Technology
Tuo Huang, Yale Law School
Jingnan Wang, Northwestern University
Yan Chen, Northwestern University

This article surveys the current state of security issues and available defense mechanisms regarding popular online social networks. It covers a wide variety of attacks and the corresponding defense mechanisms, if available. The authors organize these attacks into four categories — privacy breaches, viral marketing, network structural attacks, and malware attacks — and focus primarily on privacy concerns. They offer an in-depth discussion of each category and analyze the connections among the different security issues involved.

1. R. Gross and A. Acquisti, "Information Revelation and Privacy in Online Social Networks," Proc. ACM Workshop Privacy in the Electronic Soc. (WPES 05), ACM Press, 2005, pp. 71–80.
2. R. Baden et al., "Persona: An Online Social Network with User-Defined Privacy," Proc. ACM SIGCOMM Conf. Data Comm. (SIGCOMM 09), ACM Press, 2009, pp. 135–146.
3. A. Tootoonchian et al., "Lockr: Better Privacy for Social Networks," Proc. 5th Int'l Conf. Emerging Networking Experiments and Technologies (CoNEXT 09), ACM Press, 2009, pp. 169–180.
4. J. Anderson et al., "Privacy-Enabling Social Networking over Untrusted Networks," Proc. 2nd ACM Workshop Online Social Networks (WOSN 09), ACM Press, 2009, pp. 1–6.
5. K. Jump, "A New Kind of Fame," Columbia Missourian,1 Sept. 2005 (updated 21 July 2008); 09/01a-new-kind-of-fame.
6. L. Bilge et al., "All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks," Proc. 18th Int'l Conf. World Wide Web (WWW 09), ACM Press, 2009, pp. 551–560.
7. K. Singh, S. Bhola, and W. Lee, "XBook: Redesigning Privacy Control in Social Networking Platforms," Proc. 18th Usenix Security Symp. (SSYM 09), Usenix Assoc., 2009, pp. 249–266.
8. L. Backstrom, C. Dwork, and J. Kleinberg, "Wherefore Art Thou r3579x?: Anonymized Social Networks, Hidden Patterns, and Structural Steganography," Proc. 16th Int'l Conf. World Wide Web (WWW 07), ACM Press, 2007, pp. 181–190.
9. A. Narayanan and V. Shmatikov, "De-anonymizing Social Networks," Proc. 20th IEEE Symp. Security and Privacy (SP 09), IEEE CS Press, 2009, pp. 173–187.
10. G. Wondracek et al., "A Practical Attack to De-anonymize Social Network Users," Proc. IEEE Symp. Security and Privacy (SP 10), IEEE CS Press, 2010, pp. 223–238.
11. G. Brown et al., "Social Networks and Context-Aware Spam," Proc. ACM Conf. Computer Supported Cooperative Work (CSCW 08), ACM Press, 2008, pp. 403–412.
12. B. Markines, C. Cattuto, and F. Menczer, "Social Spam Detection," Proc. 5th Int'l Workshop Adversarial Information Retrieval on the Web (AIRWeb 09), ACM Press, 2009, pp. 41–48.
13. T.N. Jagatic et al., "Social Phishing," Comm. ACM, vol. 50, no. 10, 2007, pp. 94–100.
14. P. Heymann, G. Koutrika, and H. Garcia-Molina, "Fighting Spam on Social Web Sites: A Survey of Approaches and Future Challenges," IEEE Internet Computing, vol. 11, no. 6, 2007, pp. 36–45.
15. N. Chou et al., "Client-Side Defense against Web-Based Identity Theft," Proc. 11th Ann. Network and Distributed System Security Symp. (NDSS 04), Internet Soc., 2004; PapersChou.pdf.
16. J.R. Douceur, "The Sybil Attack," Proc. Revised Papers from 1st Int'l Workshop Peer-to-Peer Systems (IPTPS 02), LNCS 2429, Springer, 2002, pp. 251–260.
17. M. Castro et al., "Secure Routing for Structured Peer-to-Peer Overlay Networks," ACM SIGOPS Operating Systems Rev., Winter 2002, pp. 299–314.
18. H. Yu et al., "SybilGuard: Defending against Sybil Attacks via Social Networks," IEEE/ACM Trans. Networking, vol. 16, no. 3, 2008, pp. 576–589.
19. P. Maniatis et al., "Preserving Peer Replicas by Rate-Limited Sampled Voting," ACM SIGOPS Operating Systems Rev., vol. 37, no. 5, 2003, pp. 44–59.
20. W. Xu, F. Zhang, and S. Zhu, "Toward Worm Detection in Online Social Networks," Proc. 26th Ann. Computer Security Applications Conf. (ACSAC 10), ACM Press, 2010, pp. 11–20.
21. N. Fitz Gerald, "New Facebook Worm — Don't Click Da' Button Baby!" blog, 23 Nov. 2009, .
22. C. Schmugar, "The Future of Social Networking Sites," McAfee Security J.: Security Vision from McAfee Labs, Fall 2008, pp. 28–30.

Index Terms:
online social networks, structural attacks, malware attacks, security & privacy, survey
Hongyu Gao, Jun Hu, Tuo Huang, Jingnan Wang, Yan Chen, "Security Issues in Online Social Networks," IEEE Internet Computing, vol. 15, no. 4, pp. 56-63, July-Aug. 2011, doi:10.1109/MIC.2011.50
Usage of this product signifies your acceptance of the Terms of Use.