A

SYNOPIS REPORT
ON
Inference Attack On Browsing History Of Twitter Users Using Public Click
Analytics And Twitter Metadata
Or
Derivation Attack On Browsing History Of Twitter Users Using Public Click
Analytics And Twitter Metadata Using

Abstract :
Today ,twitter is the most important online social network service for altering information (tweets)
among companies and friends, Because Twitter restricts the length of messages, many Twitter users use
URL shortening services, such as bit.ly and goo.gl , to share long URLs with friends . Twitter users
mostly use URL shortening services to provide short alias of a long URL for sharing it via tweets and
public click analytics of shortened URLs. The public click analytics is provided in an combined form to
preserve the privacy of individual users. In this paper, i have propose attack techniques inferring who
clicks which shortened URLs on Twitter using the public information: Twitter metadata and public
click analytics with overlapping information. The browser history stealing attacks, this attacks only
publicly available information provided by Twitter and URL shortening services. The output if this
working is that the attack can adjusted Twitter users privacy with high accuracy.

Keywords:
Twitter; URL shortening service; Inference; Privacy leak; Novel Attack Techniques
Introduction:
Twitter in the most important online service for altering the information or messages (tweet), in the
world 140 million user created account on twitter and most important thing is that 340 million
messages delivered regularly on twitter. The URL shortening services which provide a short
alias of a long URL it is useful service for Twitter users who want to share long
URLs via tweets (140-character tweets containing only texts). The famous URL
shortening services like bit.ly and goo.gl also provide shortened URLs public click
analytics consisting of the number of clicks and referrers of visitors. URL
shortening services provide an combined form to protect the privacy of visitors
from attackers.
Example : Alice, updates her messages using the official Twitter client
application for iPhone, Twitter for iPhone will be included in the source field of
the corresponding metadata. Moreover, Alice may disclose on her profile page that she lives

in the USA or activate the location service of a Twitter client application to automatically fill
the location field in the metadata. Using this information, we can determine that
Alice is an iPhone user who lives in the USA. The simple inference attack that can
estimate individual visitors using public metadata provided by Twitter. The main
advantage of the preceding inference attack over the browser history stealing
attacks is that it only demands public information. In this paper, we propose novel
attack methods for inferring whether a specific user clicked on certain shortened
URLs on Twitter.
The aim of these attacks is to know which URLs are clicked on by target
users. To Introduce the attack methods: (i) an attack to know who click on the
URL and (ii) an attack to know which URLs are clicked . To examine the attack ,
there are two methods (1) To find a number of Twitter users who distribute URLs,
and investigate the click analytics of the distributed URLs and the metadata of the
followers of the Twitter users. (2) To create monitoring accounts that monitor
messages from all followings of target users to collect all shortened URLs that the
target users may click on it. Then monitor the click analytics of those shortened
URLs and compare them with the metadata of the target user. Recently to stop
these attack is very important for everyone.
Related Work:
Project Name
1)
You might also like: Privacy
risks of collaborative filtering,

2)
Timing
privacy,

attacks

on

web

Author Name

Proposed System

This Paper We Refer

to

A. Calandrino,
A. Kilzer, A.
Narayanan, E.
W. Felten, and
V. Shmatikov,

In this paper we develop

algorithms which take a
moderate
amount
of
auxiliary information about
a customer and infer this
customer's
transactions
from temporal changes in
the public outputs of a
recommender system. Our
inference
attacks
are
passive and can be carried
out by any Internet user.

Idea about Privacy risks

of
collaborative
filtering.

E. W. Felten
and M. A.
Schneider,

This paper presents a novel

timing attack method to
sniff
users'
browsing
histories without executing
any scripts. Our method is
based on the fact that when
a resource is loaded from
the
local
cache,
its
rendering process should

The evaluation shows

that our method can
effectively sniff users'
browsing histories with
very high precision. We
believe that modern
browsers protected by
script-blocking

begin earlier than when it is

loaded from a remote
website. We leverage some
Cascading Style Sheets
(CSS) features to indirectly
monitor the rendering of
the target resource.
3)
Tweet,
tweet,
retweet:
Conversational
aspects
of
rewetting on twitter,

4)
I Know the Shortened URLs
You Clicked on Twitter:
Inference Attack using Public
Click Analytics and Twitter
Metadata,

techniques are still

likely to suffer serious
privacy leakage threats.

D. Boyd, S.
Golder, and G.
Lotan,

In the proposed system we

examines the practice of
retweeting as a way by
which participants can be
"in a conversation." While
retweeting has become a
convention inside Twitter,
participants retweet using
different styles and for
diverse
reasons.
We
highlight how authorship,
attribution,
and
communicative fidelity are
negotiated in diverse ways.

We
highlight
how
authorship, attribution,
and
communicative
fidelity are negotiated
in diverse ways. Using
a series of case studies
and empirical data, this
paper
maps
out
retweeting
as
a
conversational practice.

Jonghyuk
Song, Sangho
Lee, Jong Kim

Only use public

information provided by
URL shortening
services and Twitter; i.e.,
click analytics and
Twitter metadata. We
determine whether a target
user visits a shortened URL
by correlating the publicly
available information. Our
approach does not
need complicated
techniques or assumptions
such as
script injection, phishing,
malware intrusion or DNS
monitoring. All we need is
publicly available
information.

practical attack
technique that can infer
who clicks what
shortened URLs
on Twitter.

5)
Inferring Privacy Information
From Social
Networks ?

6)
Scriptless Timing Attacks
onWeb Browser Privacy,

7)
Protecting Browser State from
Web Privacy Attacks

8)
Protecting Browsers from
Cross-Origin CSS Attacks,

9)
Web Browser History
Detection as a Real-World
Privacy Threat

Jianming He1,
Wesley W.
Chu1, and
Zhenyu
(Victor) Liu2

take both social network

structures and inuence strength
of social relations into
consideration.

Investigated the
problem of privacy
inference in social networks. Using Bayesian
networks

Bin Liang,
Wei You,
Liangkun Liu,
Wenchang Shi

To perform an elaborated
investigation
to reveal additional
exploitable browser
mechanisms.
With more dynamic and
interactive features
introduced in
browsers in present times

Presented a new timing

attack method
for sniffing users
browsing histories

Collin
Jackson, Dan
Boneh,
Andrew Bortz,
John C
Mitchell

Propose that a
general same-origin
principle should be applied
uniformly
across di_erent types of
information stored on a
web user's
machine. We also develop
ways for users to limit
tracking, in the form of browser
extensions that are
available for
download.

presents some more

powerful tracking
methods based on
caching various kinds
of _les.

Lin-Shung
Huang, Chris
Evans, Zack
Weinberg,
Collin Jackson

stricter
content handling rules that
completely block the
attack, as
long as the targeted web
site does not make certain
errors

present a general form

of this attack
that can be made to
work in any browser
that supports CSS,
even if JavaScript is
disabled or
unsupported.

Artur Janc1
and Lukasz
Olejnik2

the pioneering the data

acquisition of history-based
user preferences

analyze the impact of

CSS-based history
detection
and demonstrate the
feasibility of
conducting practical
attacks with minimal
resources

10)
A Topic-focused Trust Model
for Twitter

Liang Zhao

Experiments on Twitter
event detection
demonstrated that our
method can effectively
extract trustworthy tweets
while excluding rumors and
noise. In addition, a
comparative performance
analysis demonstrated that
our method outperforms
existing supervised learning
schemes using tweets
manually labelled or tweets
generated based on
keyword matching as the
training set.

Utilizing credible news

reports to infer
trustworthiness of
tweets exhibiting
contextual similarity in
textual, spatial and
temporal features

Existing System :
In this paper, we proposed an inference attack that infers shortened URLs that are clicked on by the
target user. All the information needed in our attack is public information; that is, the click analytics of
URL shortening services and Twitter metadata. Both information are public and can be accessed by
anyone. We combined two pieces of public information with inferred candidates. To evaluate our
system, we crawled and monitored the click analytics of URL shortening services and Twitter data.
Throughout the experiments, we have shown that our attack can infer the candidates in
the majority of cases. To the best of our knowledge, this is the first study that infers URL visiting
history on Twitter. We also proved that if an attacker knows some information about the target user, he
could determine whether the target user clicks on the shortened URL.
Disadvantages of Existing System:

1) The periodic monitoring and matching have a limitation because Twitter does not officially
provide personal information about users such as country, browsers, and platforms.
2) URL is an essential service for Twitter users who want to share long URLs via tweets having
length restriction.
Proposed System:
To propose novel attack methods for inferring whether a specific user clicked on certain shortened
URLs on Twitter. As shown in the preceding simple inference attack, our attacks rely on the
combination of publicly available information: click analytics from URL shortening services and
metadata from Twitter. The goal of the attacks is to know which URLs are clicked on by target users.
We introduce two different attack methods: (i) an attack to know who click on the URLs updated by
target users and (ii) an attack to know which URLs are clicked on by target users. To perform the first
attack, we find a number of Twitter users who frequently distribute shortened URLs, and investigate the

click analytics of the distributed shortened URLs and the metadata of the followers of the Twitter users.
To perform the second attack, we create monitoring accounts that monitor messages from all followings
of target users to collect all shortened URLs that the target users may click on. Then monitor the click
analytics of those shortened URLs and compare them with the metadata of the target user. Furthermore,
To propose an advanced attack method to reduce attack overhead while increasing inference accuracy
using the time model of target users, representing when the target users frequently use Twitter.
Advantages of Proposed System:

1) To propose novel attack techniques to determine whether a specific user clicks on certain shortened
URLs on Twitter. To the best of our knowledge, this is the first study that infers URL visiting
history on Twitter.
2) Further decrease attack overhead while increasing accuracy by considering target users time
models. It can increase the practicality of our attacks so that we demand immediate
countermeasures.

Existing System Architecture:

Proposed System Architecture:

Algorithms(Existing System Algorithms) :

Propose algorithms to apply our inference attack in general situations. First define user and data
models. Let U be user information released by the main service. Let D be a data set released by the
third party services. To protect the users privacy, third party services provide the online data set D in
aggregate form which consist of attributes a, values v and count of them c. Let AU be an attribute set of
U and AD be an attribute set of D. We define U, D and their attribute sets as follows:
AU = {a | a is an attribute of U}
AD = {a | a is an attribute of D}
U = {(a:v) | a AU ,v is an value of a,
C is the counter of a tuple (a:v) at time t}
D = {(a:v,C(t)) | a AD ,v is an value of a,
C is the counter of a tuple (a:v) at time t}

Algorithm 1.Inference attack for a target user

Input: AC = AU

AD

u = {(a:v)|a AC ,v is an value of a} and u

d(t) = {(a:v,c(t)) | a AC ,v is an value of a ,c(t) is the counter of (a:v) a tuple at time t} and (a:v,c(t))
D
Output: Inferred time the user has used the service
History = {}
Foreach observation time at t do
d(t) = {(a:v)| (a:v,c(t)) d(t) s.t (c(t) - c(t-1)) 1}
if u

(t) then

history = history U {t:u}

end
end
return history

AU = {a | a is an attribute of U}
AD i = {a | a is an attribute of Di}
U = {(a:v) | a AU ,v is an value of a,
C is the counter of a tuple (a:v) at time t}
Di = {(a:v,C(t) i ) | a A Di ,v is an value of a,
C is the counter of a tuple (a:v) at time t}

Algorithm 2.Inference attack for multiple target user

Input: AC = AU AD
u1,u2,u3,..un : n user

ui = {(a:v)|aAC ,v is an value of a} and ui

d(t) = {(a:v,c(t)) | a AC ,v is an value of a ,c(t) is the counter of tuple (a:v) at time t} and (a:v,c(t))
D
Output: Inferred time the user

History = {}
Foreach observation time at t do
d(t) = {(a:v)| (a:v,c(t)) d(t) s.t (c(t)- c(t-1)) 1}
If ui

d(t) then

history = history U {t:ui}

end
end
end
return history

Algorithm 3.Inference attack with multiple third party services

Input: ACi = ACi ADi
u = {(a:v)|a AU ,v is an value of a} and u

Ud1,d2,.,dn : n data set of the third party services

di (t) = {(a:v,ci(t))|a A Ci ,v is an value of a, ci (t) is the counter of (a:v) a tuple at time t} and (a:v,c i(t))
Di
Output: Inferred time the user has used the service
History = {}
Foreach observation time at t do
i : d i(t) = {(a:v)| (a:v,ci(t)) s.t (ci (t) - ci (t-1)) 1}
if (i : di(t)

u)then

history = history U{t:u}

end
end
return history

Modules:
1) Profiling Module
2) Monitoring Module
3) Matching Module
Module Description
1) Profiling Module
Profiling module obtains the information of the target user from the target users profile
and timeline.
2) Monitoring Module
The monitoring module extracts the shortened URLs from the tweets posted by the
followings of the target user and monitors the changes in the click analytics of the
shortened URLs. To create a Twitter user (monitoring user) who follows all the
followings of the target user in order to access all tweets that the target user may view.
3) Matching Module
The matching module compares the information about the new visitor with the
information about the target user when the monitoring module notices the changes in
the click analytics. If the matching module infers that the new visitor is the target user,
it includes the corresponding shortened URL in a candidate URL set.

Hardware Specification :
Processor
Speed

- Pentium III
- 1.1 Ghz

RAM

- 256 MB(min)

Hard Disk

- 20 GB

Floppy Drive

- 1.44 MB

Key Board

- Standard Windows Keyboard

1)Mouse
Monitor
Software Specification:
Operating System

- Two or Three Button Mouse

-

SVGA

:Windows8.1/95/98/2000/XP

Programming Language : Java

Application Server

: Tomcat5.0/6.X

Database
Tool

: Mysql 5.0
:Eclipse

Contribution:
1. First, we will work on exact location information on Twitter.
.
2. We are identifying the number of attack and number of attacks user details.

Conclusion :
In this paper, we proposed an inference attack that infers shortened URLs that are clicked on by the
target user. All the information needed in our attack is public information; that is, the click analytics of
URL shortening services and Twitter metadata. Both information are public and can be accessed by
anyone. We combined two pieces of public information with inferred candidates. To evaluate our
system, we crawled and monitored the click analytics of URL shortening services and Twitter data.
Throughout the experiments, we have shown that our attack can infer the candidates in the majority of
cases. To the best of our knowledge, this is the first study that infers URL visiting history on Twitter.
We also proved that if an attacker knows some information about the target user, he could determine
whether the target user clicks on the shortened URL.

References:
[1] J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov, You might also like:
Privacy risks of collaborative filtering, in Proc. IEEE Symp. Secur. Privacy, 2011, pp. 231246.
[2] E. W. Felten and M. A. Schneider, Timing attacks on web privacy, in Proc. 7th ACM Conf.
Comput. Comm. Secur. (CCS), 2000, pp. 2532.
[3] D. Boyd, S. Golder, and G. Lotan, Tweet, tweet, retweet: Conversational aspects of retweeting on
twitter, in Proc. 43rd Hawaii Int.
Conf. Syst. Sci., 2010, pp. 110.
[4] Jonghyuk Song, Sangho Lee, Jong Kim, I Know the Shortened URLs You Clicked on Twitter:
Inference Attack using Public Click Analytics and Twitter
Metadata.

[5] J. He, W. W. Chu, and Z. V. Liu, Inferring privacy information

from social networks, in Proc.4th IEEE Int. Conf. Intell. Secur.
Informatics, 2006, pp. 154165.
[6] in Liang, Wei You, Liangkun Liu, Wenchang Shi, Scriptless Timing Attacks onWeb Browser
Privacy.

[7] C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell, Protecting

browser state from web privacy attacks, in Proc. 15th Int. World
Wide Web Conf., 2006, pp. 737744.

[8] Lin-Shung Huang, Chris Evans, Protecting Browsers from Cross-Origin CSS Attacks.
[9] A. Janc and L. Olejnik, Web browser history detection as a realworld
privacy threat, in Proc. 15th Eur. Conf. Res. Comput. Secur.,
2010, pp. 215231.
[10] Liang Zhao 1, Ting Hua1, Chang-Tien Lu and Ing-Ray Chen, A Topic-focused Trust Model for
Twitter