Beruflich Dokumente
Kultur Dokumente
SYNOPIS REPORT
ON
Inference Attack On Browsing History Of Twitter Users Using Public Click
Analytics And Twitter Metadata
Or
Derivation Attack On Browsing History Of Twitter Users Using Public Click
Analytics And Twitter Metadata Using
Abstract :
Today ,twitter is the most important online social network service for altering information (tweets)
among companies and friends, Because Twitter restricts the length of messages, many Twitter users use
URL shortening services, such as bit.ly and goo.gl , to share long URLs with friends . Twitter users
mostly use URL shortening services to provide short alias of a long URL for sharing it via tweets and
public click analytics of shortened URLs. The public click analytics is provided in an combined form to
preserve the privacy of individual users. In this paper, i have propose attack techniques inferring who
clicks which shortened URLs on Twitter using the public information: Twitter metadata and public
click analytics with overlapping information. The browser history stealing attacks, this attacks only
publicly available information provided by Twitter and URL shortening services. The output if this
working is that the attack can adjusted Twitter users privacy with high accuracy.
Keywords:
Twitter; URL shortening service; Inference; Privacy leak; Novel Attack Techniques
Introduction:
Twitter in the most important online service for altering the information or messages (tweet), in the
world 140 million user created account on twitter and most important thing is that 340 million
messages delivered regularly on twitter. The URL shortening services which provide a short
alias of a long URL it is useful service for Twitter users who want to share long
URLs via tweets (140-character tweets containing only texts). The famous URL
shortening services like bit.ly and goo.gl also provide shortened URLs public click
analytics consisting of the number of clicks and referrers of visitors. URL
shortening services provide an combined form to protect the privacy of visitors
from attackers.
Example : Alice, updates her messages using the official Twitter client
application for iPhone, Twitter for iPhone will be included in the source field of
the corresponding metadata. Moreover, Alice may disclose on her profile page that she lives
in the USA or activate the location service of a Twitter client application to automatically fill
the location field in the metadata. Using this information, we can determine that
Alice is an iPhone user who lives in the USA. The simple inference attack that can
estimate individual visitors using public metadata provided by Twitter. The main
advantage of the preceding inference attack over the browser history stealing
attacks is that it only demands public information. In this paper, we propose novel
attack methods for inferring whether a specific user clicked on certain shortened
URLs on Twitter.
The aim of these attacks is to know which URLs are clicked on by target
users. To Introduce the attack methods: (i) an attack to know who click on the
URL and (ii) an attack to know which URLs are clicked . To examine the attack ,
there are two methods (1) To find a number of Twitter users who distribute URLs,
and investigate the click analytics of the distributed URLs and the metadata of the
followers of the Twitter users. (2) To create monitoring accounts that monitor
messages from all followings of target users to collect all shortened URLs that the
target users may click on it. Then monitor the click analytics of those shortened
URLs and compare them with the metadata of the target user. Recently to stop
these attack is very important for everyone.
Related Work:
Project Name
1)
You might also like: Privacy
risks of collaborative filtering,
2)
Timing
privacy,
attacks
on
web
Author Name
Proposed System
A. Calandrino,
A. Kilzer, A.
Narayanan, E.
W. Felten, and
V. Shmatikov,
E. W. Felten
and M. A.
Schneider,
4)
I Know the Shortened URLs
You Clicked on Twitter:
Inference Attack using Public
Click Analytics and Twitter
Metadata,
D. Boyd, S.
Golder, and G.
Lotan,
We
highlight
how
authorship, attribution,
and
communicative
fidelity are negotiated
in diverse ways. Using
a series of case studies
and empirical data, this
paper
maps
out
retweeting
as
a
conversational practice.
Jonghyuk
Song, Sangho
Lee, Jong Kim
practical attack
technique that can infer
who clicks what
shortened URLs
on Twitter.
5)
Inferring Privacy Information
From Social
Networks ?
6)
Scriptless Timing Attacks
onWeb Browser Privacy,
7)
Protecting Browser State from
Web Privacy Attacks
8)
Protecting Browsers from
Cross-Origin CSS Attacks,
9)
Web Browser History
Detection as a Real-World
Privacy Threat
Jianming He1,
Wesley W.
Chu1, and
Zhenyu
(Victor) Liu2
Investigated the
problem of privacy
inference in social networks. Using Bayesian
networks
Bin Liang,
Wei You,
Liangkun Liu,
Wenchang Shi
To perform an elaborated
investigation
to reveal additional
exploitable browser
mechanisms.
With more dynamic and
interactive features
introduced in
browsers in present times
Collin
Jackson, Dan
Boneh,
Andrew Bortz,
John C
Mitchell
Propose that a
general same-origin
principle should be applied
uniformly
across di_erent types of
information stored on a
web user's
machine. We also develop
ways for users to limit
tracking, in the form of browser
extensions that are
available for
download.
Lin-Shung
Huang, Chris
Evans, Zack
Weinberg,
Collin Jackson
stricter
content handling rules that
completely block the
attack, as
long as the targeted web
site does not make certain
errors
Artur Janc1
and Lukasz
Olejnik2
10)
A Topic-focused Trust Model
for Twitter
Liang Zhao
Experiments on Twitter
event detection
demonstrated that our
method can effectively
extract trustworthy tweets
while excluding rumors and
noise. In addition, a
comparative performance
analysis demonstrated that
our method outperforms
existing supervised learning
schemes using tweets
manually labelled or tweets
generated based on
keyword matching as the
training set.
Existing System :
In this paper, we proposed an inference attack that infers shortened URLs that are clicked on by the
target user. All the information needed in our attack is public information; that is, the click analytics of
URL shortening services and Twitter metadata. Both information are public and can be accessed by
anyone. We combined two pieces of public information with inferred candidates. To evaluate our
system, we crawled and monitored the click analytics of URL shortening services and Twitter data.
Throughout the experiments, we have shown that our attack can infer the candidates in
the majority of cases. To the best of our knowledge, this is the first study that infers URL visiting
history on Twitter. We also proved that if an attacker knows some information about the target user, he
could determine whether the target user clicks on the shortened URL.
Disadvantages of Existing System:
1) The periodic monitoring and matching have a limitation because Twitter does not officially
provide personal information about users such as country, browsers, and platforms.
2) URL is an essential service for Twitter users who want to share long URLs via tweets having
length restriction.
Proposed System:
To propose novel attack methods for inferring whether a specific user clicked on certain shortened
URLs on Twitter. As shown in the preceding simple inference attack, our attacks rely on the
combination of publicly available information: click analytics from URL shortening services and
metadata from Twitter. The goal of the attacks is to know which URLs are clicked on by target users.
We introduce two different attack methods: (i) an attack to know who click on the URLs updated by
target users and (ii) an attack to know which URLs are clicked on by target users. To perform the first
attack, we find a number of Twitter users who frequently distribute shortened URLs, and investigate the
click analytics of the distributed shortened URLs and the metadata of the followers of the Twitter users.
To perform the second attack, we create monitoring accounts that monitor messages from all followings
of target users to collect all shortened URLs that the target users may click on. Then monitor the click
analytics of those shortened URLs and compare them with the metadata of the target user. Furthermore,
To propose an advanced attack method to reduce attack overhead while increasing inference accuracy
using the time model of target users, representing when the target users frequently use Twitter.
Advantages of Proposed System:
1) To propose novel attack techniques to determine whether a specific user clicks on certain shortened
URLs on Twitter. To the best of our knowledge, this is the first study that infers URL visiting
history on Twitter.
2) Further decrease attack overhead while increasing accuracy by considering target users time
models. It can increase the practicality of our attacks so that we demand immediate
countermeasures.
Input: AC = AU
AD
d(t) = {(a:v,c(t)) | a AC ,v is an value of a ,c(t) is the counter of (a:v) a tuple at time t} and (a:v,c(t))
D
Output: Inferred time the user has used the service
History = {}
Foreach observation time at t do
d(t) = {(a:v)| (a:v,c(t)) d(t) s.t (c(t) - c(t-1)) 1}
if u
(t) then
AU = {a | a is an attribute of U}
AD i = {a | a is an attribute of Di}
U = {(a:v) | a AU ,v is an value of a,
C is the counter of a tuple (a:v) at time t}
Di = {(a:v,C(t) i ) | a A Di ,v is an value of a,
C is the counter of a tuple (a:v) at time t}
d(t) = {(a:v,c(t)) | a AC ,v is an value of a ,c(t) is the counter of tuple (a:v) at time t} and (a:v,c(t))
D
Output: Inferred time the user
History = {}
Foreach observation time at t do
d(t) = {(a:v)| (a:v,c(t)) d(t) s.t (c(t)- c(t-1)) 1}
If ui
d(t) then
di (t) = {(a:v,ci(t))|a A Ci ,v is an value of a, ci (t) is the counter of (a:v) a tuple at time t} and (a:v,c i(t))
Di
Output: Inferred time the user has used the service
History = {}
Foreach observation time at t do
i : d i(t) = {(a:v)| (a:v,ci(t)) s.t (ci (t) - ci (t-1)) 1}
if (i : di(t)
u)then
Modules:
1) Profiling Module
2) Monitoring Module
3) Matching Module
Module Description
1) Profiling Module
Profiling module obtains the information of the target user from the target users profile
and timeline.
2) Monitoring Module
The monitoring module extracts the shortened URLs from the tweets posted by the
followings of the target user and monitors the changes in the click analytics of the
shortened URLs. To create a Twitter user (monitoring user) who follows all the
followings of the target user in order to access all tweets that the target user may view.
3) Matching Module
The matching module compares the information about the new visitor with the
information about the target user when the monitoring module notices the changes in
the click analytics. If the matching module infers that the new visitor is the target user,
it includes the corresponding shortened URL in a candidate URL set.
Hardware Specification :
Processor
Speed
- Pentium III
- 1.1 Ghz
RAM
- 256 MB(min)
Hard Disk
- 20 GB
Floppy Drive
- 1.44 MB
Key Board
1)Mouse
Monitor
Software Specification:
Operating System
SVGA
:Windows8.1/95/98/2000/XP
: Tomcat5.0/6.X
Database
Tool
: Mysql 5.0
:Eclipse
Contribution:
1. First, we will work on exact location information on Twitter.
.
2. We are identifying the number of attack and number of attacks user details.
Conclusion :
In this paper, we proposed an inference attack that infers shortened URLs that are clicked on by the
target user. All the information needed in our attack is public information; that is, the click analytics of
URL shortening services and Twitter metadata. Both information are public and can be accessed by
anyone. We combined two pieces of public information with inferred candidates. To evaluate our
system, we crawled and monitored the click analytics of URL shortening services and Twitter data.
Throughout the experiments, we have shown that our attack can infer the candidates in the majority of
cases. To the best of our knowledge, this is the first study that infers URL visiting history on Twitter.
We also proved that if an attacker knows some information about the target user, he could determine
whether the target user clicks on the shortened URL.
References:
[1] J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov, You might also like:
Privacy risks of collaborative filtering, in Proc. IEEE Symp. Secur. Privacy, 2011, pp. 231246.
[2] E. W. Felten and M. A. Schneider, Timing attacks on web privacy, in Proc. 7th ACM Conf.
Comput. Comm. Secur. (CCS), 2000, pp. 2532.
[3] D. Boyd, S. Golder, and G. Lotan, Tweet, tweet, retweet: Conversational aspects of retweeting on
twitter, in Proc. 43rd Hawaii Int.
Conf. Syst. Sci., 2010, pp. 110.
[4] Jonghyuk Song, Sangho Lee, Jong Kim, I Know the Shortened URLs You Clicked on Twitter:
Inference Attack using Public Click Analytics and Twitter
Metadata.
[8] Lin-Shung Huang, Chris Evans, Protecting Browsers from Cross-Origin CSS Attacks.
[9] A. Janc and L. Olejnik, Web browser history detection as a realworld
privacy threat, in Proc. 15th Eur. Conf. Res. Comput. Secur.,
2010, pp. 215231.
[10] Liang Zhao 1, Ting Hua1, Chang-Tien Lu and Ing-Ray Chen, A Topic-focused Trust Model for
Twitter