Online Social Networks Security: Threats, Attacks, and Future Directions

  • Ja’far AlqatawnaEmail author
  • Alia Madain
  • Ala’ M. Al-Zoubi
  • Rizik Al-Sayyed


A list of well-known Online Social Networks extend to hundreds of available sites with hundreds of thousands, millions, and even billions of registered accounts; for instance, Facebook as of April 2016 has around two billion active users. Online Social Networks made a difference in many people’s lives and helped in opening avenues that were not possible before. However, as in any success story there is a downside. Cyber-attacks that used to have a small or limited effect can now have a huge distributed effect through utilizing those social network sites. Some attacks are more apparent than others in this context; hence this chapter discusses how serious attacks are possible in online social networks and what has been done to encounter them. It will discuss privacy, Sybil attacks, social engineering, spam, malware, botnet attacks, and the trade-off between services, security, and users’ rights.


Social Network Site Online Social Network Identity Theft Social Graph Mobile Social Networking 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Adusumalli SK, Vatsavayi VK, Vadisala J (2014) A study of privacy attacks on social network data. J Glob Res Comput Sci 5(7):12–18Google Scholar
  2. 2.
    Ahmed F, Abulaish M (2012) An mcl-based approach for spam profile detection in online social networks. In: 11th International conference on trust, security and privacy in computing and communications (TrustCom), 2012. IEEE, pp 602–608Google Scholar
  3. 3.
    Alqatawna J (2015) An adaptive multimodal biometric framework for intrusion detection in online social networks. IJCSNS Int J Comput Sci Netw Secur 15(4):19–25Google Scholar
  4. 4.
    Alqatawna J, Faris H, Jaradat K, Al-Zewairi M, Adwan O (2015) Improving knowledge based spam detection methods: the effect of malicious related features in imbalance data distribution. Int J Commun Netw Syst Sci 8:118–129Google Scholar
  5. 5.
    Alvisi L, Clement A, Epasto A, Lattanzi S, Panconesi A (2013) Sok: the evolution of sybil defense via social networks. In: 2013 IEEE Symposium on security and privacy (SP), pp 382–396Google Scholar
  6. 6.
    Athanasopoulos E, Makridakis A, Antonatos S, Antoniades D, Ioannidis S, Anagnostakis KG, Markatos EP (2008) Antisocial networks: turning a social network into a botnet. In: Information security. Springer, New york, pp 146–160Google Scholar
  7. 7.
    Backstrom L, Dwork C, Kleinberg J (2007) Wherefore art thou r3579x?: anonymized social net- works, hidden patterns, and structural steganography. In: Proceedings of the 16th international conference on World Wide Web. ACM, pp 181–190Google Scholar
  8. 8.
    Backstrom L, Leskovec J (2011) Supervised random walks: predicting and recommending links in social networks. In: Proceedings of the fourth ACM international conference on web search and data mining, WSDM’11. ACM, New York, NY, USA, pp 635–644Google Scholar
  9. 9.
    Baden R, Bender A, Spring N, Bhattacharjee B, Starin D (2009) Persona: an online social net- work with user-defined privacy. SIGCOMM Comput Commun Rev 39(4):135–146CrossRefGoogle Scholar
  10. 10.
    Beach A, Gartrell M, Han R (2009) Solutions to security and privacy issues in mobile social networking. In: Computational science and engineering, 2009, CSE’09, vol. 4, pp 1036–1042Google Scholar
  11. 11.
    Benevenuto F, Rodrigues T, Cha M, Almeida V (2012) Characterizing user navigation and in- teractions in online social networks. Inf Sci 195:1–24CrossRefGoogle Scholar
  12. 12.
    Beutel A, Xu W, Guruswami V, Palow C, Faloutsos C (2013) Copycatch: stopping group attacks by spotting lockstep behavior in social networks. In: Proceedings of the 22nd interna- tional conference on World Wide Web international World Wide Web conferences steering committee, pp 119–130Google Scholar
  13. 13.
    Bilge L, Strufe T, Balzarotti D, Kirda E (2009) All your contacts are belong to us: automated identity theft attacks on social networks. In: Proceedings of the 18th international conference on World Wide Web, WWW’09. ACM, New York, NY, USA, pp 551–560Google Scholar
  14. 14.
    Biskup J (2009) Security in computing systems: challenges, approaches and solutions, anonymization. Springer, Heidelberg, pp 513–525Google Scholar
  15. 15.
    Bodriagov O, Buchegger S (2011) Encryption for peer-to-peer social networks. In: Third inernational conference on privacy, security, risk and trust (PASSAT) and social computing (socialcom), 2011. IEEE, pp 1302–1309Google Scholar
  16. 16.
    Bonneau J, Preibusch S (2010) Economics of information security and privacy. the privacy jungle:on the market for data protection in social networks. Springer, Boston, pp 121–167Google Scholar
  17. 17.
    Boshmaf Y, Muslukhov I, Beznosov K, Ripeanu M (2013) Design and analysis of a social botnet. Comput Netw 57(2):556–578Google Scholar
  18. 18.
    Chakraborty M, Pal S, Pramanik R, Chowdary CR (2016) Recent developments in social spam detection and combating techniques: a survey. Inf Process ManagGoogle Scholar
  19. 19.
    Cheng SM, Ao WC, Chen PY, Chen KC (2011) On modeling malware propagation in generalized social networks. IEEE Commun Lett 15(1):25–27Google Scholar
  20. 20.
    Chester S, Srivastava G (2011) Social network privacy for attribute disclosure attacks. In: 2011 International conference on advances in social networks analysis and mining (ASONAM). IEEE, pp 445–449Google Scholar
  21. 21.
    Cutillo LA, Molva R, Strufe T (2009) Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun Mag 47(12):94–101CrossRefGoogle Scholar
  22. 22.
    Danezis G, Mittal P (2009) Sybilinfer: detecting sybil nodes using social networks. In: NDSS. San Diego, CAGoogle Scholar
  23. 23.
    Farina P, Cambiaso E, Papaleo G, Aiello M (2016) Are mobile botnets a possible threat? the case of slowbot net. Comput Secur 58:268–283CrossRefGoogle Scholar
  24. 24.
    Fernandes DAB, Soares LFB, Gomes JV, Freire MM, Inácio PRM (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170Google Scholar
  25. 25.
    Fire M, Tenenboim L, Lesser O, Puzis R, Rokach L, Elovici Y (2011) Link prediction in social networks using computationally efficient topological features. In: Third inernational conference on privacy, security, risk and trust (PASSAT) and social computing (SocialCom), 2011 IEEE, pp 73–80Google Scholar
  26. 26.
    Gao H, Hu J, Huang T, Wang J, Chen Y (2011) Security issues in online social networks. IEEE Int Comput 15(4):56–63CrossRefGoogle Scholar
  27. 27.
    Goolsby R, Shanley L, Lovell A (2013) On cybersecurity, crowdsourcing, and social cyber-attack. Technical. Report, DTIC documentGoogle Scholar
  28. 28.
    Graffi K, Mukherjee P, Menges B, Hartung D, Kovacevic A, Steinmetz R (2009) Practical security in p 2p-based social networks. In: 34th Conference on local computer networks, 2009, LCN 2009. IEEE, pp 269–272Google Scholar
  29. 29.
    Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES’05. ACM, New York, NY, USA, pp 71–80Google Scholar
  30. 30.
    Heatherly R, Kantarcioglu M, Thuraisingham B (2013) Preventing private information inference attacks on social networks. IEEE Trans Knowl Data Eng 25(8):1849–1862CrossRefGoogle Scholar
  31. 31.
    Irani D, Balduzzi M, Balzarotti D, Kirda E, Pu C (2011) Reverse social engineering attacks in online social networks. In: Detection of intrusions and malware, and vulnerability assessment. Springer, New York, pp 55–74Google Scholar
  32. 32.
    Jahid S, Nilizadeh S, Mittal P, Borisov N, Kapadia A (2012) Decent: a decentralized architecture for enforcing privacy in online social networks. In: International conference on pervasive computing and communications workshops (PERCOM workshops), 2012. IEEE, pp 326–332Google Scholar
  33. 33.
    Jin L, Chen Y, Wang T, Hui P, Vasilakos AV (2013) Understanding user behavior in online social networks: a survey. IEEE Commun Mag 51(9):144–150CrossRefGoogle Scholar
  34. 34.
    Jin L, Joshi JB, Anwar M (2013) Mutual-friend based attacks in social network systems. Comput secur 37:15–30CrossRefGoogle Scholar
  35. 35.
    Kartaltepe EJ, Morales JA, Xu S, Sandhu R (2010) Applied cryptography and network security In: 8th International conference, ACNS 2010, Beijing, China, June 22--25, 2010. Proceedings, social network-based botnet command-and-control: emerging threats and countermeasures. Springer, Heidelberg, pp 511–528Google Scholar
  36. 36.
    Kaur R, Singh S (2015) A survey of data mining and social network analysis based anomaly detection techniques. Egypt Inf JGoogle Scholar
  37. 37.
    Krishnamurthy B, Wills CE (2009) On the leakage of personally identifiable information via online social networks. In: Proceedings of the 2nd ACM workshop on online social networks, WOSN’09. ACM, New York, NY, USA, pp 7–12Google Scholar
  38. 38.
    Krombholz K, Hobel H, Huber M, Weippl E (2015) Advanced social engineering attacks. J Inf Secur Appl 22:113–122Google Scholar
  39. 39.
    Mouton F, Leenen L, Venter H (2016) Social engineering attack examples, templates and scenarios. Comput Secur 59:186–209CrossRefGoogle Scholar
  40. 40.
    Narayanan A, Shmatikov V (2009) De-anonymizing social networks. In: 30th IEEE Symposium on security and privacy, 2009. IEEE, pp 173–187Google Scholar
  41. 41.
    Puneeth M, Farha JS, Yamini M, Sandhya N (2015) Social engineering on social networking sites. Int J Adv Eng Res Sci (IJAERS) 2(6):58–60Google Scholar
  42. 42.
    Rosenblum D (2007) What anyone can know: the privacy risks of social networking sites. IEEE Secur Priv 5(3):40–49CrossRefGoogle Scholar
  43. 43.
    Truta TM, Campan A, Gasmi A, Cooper N, Elstun A (2011) Centrality preservation in anonymized social networks. In: Proceedings of the international conference on data mining (DMIN11)Google Scholar
  44. 44.
    Tufekci Z (2008) Can you see me now? audience and disclosure regulation in online social network sites. Bull Sci Technol Soc 28(1):20–36CrossRefGoogle Scholar
  45. 45.
    Weber RH, Heinrich UI (2012) Anonymization, limitations of anonymization. Springer, London, pp 45–71Google Scholar
  46. 46.
    Wei W, Xu F, Tan CC, Li Q (2013) Sybildefender: a defense mechanism for sybil attacks in large social networks. IEEE Trans Parall Distrib Syst 24(12):2492–2502CrossRefGoogle Scholar
  47. 47.
    Weir GR, Toolan F, Smeed D (2011) The threats of social networking: old wine in new bottles? Information Security Technical Report. Soc Netw Threats 16(2):38–43Google Scholar
  48. 48.
    Williams J (2010) Social networking applications in health care: threats to the privacy and security of health information. In: Proceedings of the 2010 ICSE workshop on software engineering in health care, SEHC’10. ACM, New York, NY, USA, pp 39–49Google Scholar
  49. 49.
    Wondracek G, Holz T, Kirda E, Kruegel C (2010) A practical attack to de-anonymize social network users. In: IEEE Symposium on security and privacy (SP), 2010, IEEE, pp 223–238Google Scholar
  50. 50.
    Wu F, Shu J, Huang Y, Yuan Z (2016) Co-detecting social spammers and spam messages in microblogging via exploiting social contexts. Neurocomputing (2016)Google Scholar
  51. 51.
    Yan, G.: Peri-watchdog: hunting for hidden botnets in the periphery of online social networks. Comput Netw 57(2):540–555 (2013)Google Scholar
  52. 52.
    Yang Z, Wilson C, Wang X, Gao T, Zhao BY, Dai Y (2011) Uncovering social network sybils in the wild. In: Proceedings of the 2011 ACM SIGCOMM conference on internet measurement conference, IMC’11. ACM, New York, NY, USA, pp 259–268Google Scholar
  53. 53.
    Yu H, Kaminsky M, Gibbons PB, Flaxman A (2006) Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Comput Commun Rev 36(4):267–278CrossRefGoogle Scholar
  54. 54.
    Zhao Z, Feng S, Wang Q, Huang JZ, Williams GJ, Fan J (2012) Topic oriented community detection through social objects and link analysis in social networks. Knowl Based Syst 26:164–173CrossRefGoogle Scholar
  55. 55.
    Zheleva E, Getoor L (2009) To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th International Conference on World Wide Web, WWW’09. ACM, New York, NY, USA, pp 531–540Google Scholar
  56. 56.
    Zhu T, Wang S, Li X, Zhou Z, Zhang R (2013) Structural attack to anonymous graph of social networks. Math Probl Eng 2013Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Ja’far Alqatawna
    • 1
    • 2
    Email author
  • Alia Madain
    • 1
  • Ala’ M. Al-Zoubi
    • 1
  • Rizik Al-Sayyed
    • 1
  1. 1.King Abdulla II School for Information TechnologyUniversity of JordanAmmanJordan
  2. 2.Jordan Information Security & Digital Forensics Research Group (JISDF)AmmanJordan

Personalised recommendations