Search Results (1 - 4 of 4 Results)

Sort By  
Sort Dir
 
Results per page  

Kim, Dae WookData-Driven Network-Centric Threat Assessment
Doctor of Philosophy (PhD), Wright State University, 2017, Computer Science and Engineering PhD
As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume. To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages; and iii) fake AV webpages that offer up-to-date solutions (e.g.,product versions and threat names) to emerging threats. Finally, we built a novel system to detect malicious online social network (OSN) accounts that participate in online promotion events. The goal of our work is to boost the effectiveness of existing detection methods, such as spammer detection and fraud detection. To achieve our goal, our framework that systematically integrates features that characterize malicious OSN accounts based on three of their characteristics: their general behaviors, their recharging patterns, and their currency usage, and then leverages statistical classifier for detection.

Committee:

Junjie Zhang, Ph.D. (Advisor); Adam Robert Bryant, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member); Xuetao Wei, Ph.D. (Committee Member)

Subjects:

Computer Science

Keywords:

network security; fake anti-virus software; intrusion detection; web document analysis; statistical classification; Domain Name System; behavioral fingerprints; privacy; online social networks; virtual currency; malicious accounts

Tan, EnhuaSpam Analysis and Detection for User Generated Content in Online Social Networks
Doctor of Philosophy, The Ohio State University, 2013, Computer Science and Engineering
Recent years have witnessed the success of a number of online social networks (OSNs) and explosive increasing of social media. These social networking and social media sites have attracted a significant number of participants that contribute various types of contents on the Internet, which are generally referred as user generated content (UGC). A well designed UGC network can utilize the wisdom of crowds to collect, organize, and vote user contributed content to generate high quality knowledge with a relatively low cost. However, the open environment of UGC system also makes it easy to be polluted and attacked by spammers and malicious users. How users participate in UGC networks, especially how users contribute content and share content with their friends and other users, is fundamental to spam detection and high quality knowledge discovery. In this dissertation, we investigate two important research issues: (1) discovering user content generation patterns in OSNs, focusing on publicly available content (knowledge sharing), and (2) detecting spam in user generated content based on our discovered patterns. With the access to three large OSN user activity logs, including Yahoo! Blogs, Yahoo! Answers, and Yahoo! Del.icio.us, for a duration of up to 4.5 years, we are able to well analyze the patterns of content generation patterns of social network users in detail. Our analysis consistently shows that users' posting behavior in these networks exhibits strong daily and weekly patterns, but the user active time in these OSNs does not follow commonly assumed exponential distributions. We also show that the user posting behavior in these OSNs follows stretched exponential distributions instead of widely accepted power law distributions. Our discovery lays a foundation for user behavior analysis in social networks, and serves as a ground truth for anomaly detection and anti-spam. Applying the user posting behavior distribution pattern, we further conducted a comprehensive analysis of spamming activities on a large commercial social blog UGC site in 325 days covering over 6 million posts and nearly 400 thousand users. Observing power law distribution instead of our discovered stretched exponential distribution on user contributions, we find it actually indicates serious UGC spam attack activities. Our analysis shows that UGC spammers exhibit unique non-textual patterns, such as posting activities, advertised spam link metrics, and spam hosting behaviors. Based on these non-textual features, we show with commonly used classification methods that a high detection rate could be achieved offline. These results further motivate us to develop a runtime scheme, BARS, to detect spam posts based on these spamming patterns. The experimental results demonstrate the effectiveness and robustness of BARS. To timely detect spam in large social network sites, it is desirable to discover self-tuned, unsupervised schemes that can save the training cost of supervised classification schemes. Identifying the limitations of existing unsupervised detection schemes due to assumptions of spammer behaviors that no longer hold, we design an unsupervised spam detection scheme, called UNIK. Instead of picking out spammers directly, UNIK leverages both the connection-based social graph and the content-based user-link graph to remove non-spammers from the network first, and then clusters spammers with the landing pages they are trying to advertise. Based on highly accurate detection results of UNIK, we further analyze a number of spam campaigns. The result shows that different spammer clusters demonstrate distinct characteristics, implying the ability of UNIK to automatically extract spam signatures.

Committee:

Xiaodong Zhang (Advisor); Feng Qin (Committee Member); Ten H. (Steve) Lai (Committee Member)

Subjects:

Computer Engineering; Computer Science

Keywords:

user generated content; online social networks; user behavior; stretched exponential distribution; spam filtering; spam detection; spam classification; decision tree; social graph; user-link graph; Sybil attack; community detection; BARS; UNIK

Yelne, SamirMeasures of User Interactions, Conversations, and Attacks in a Crowdsourced Platform Offering Emotional Support.
Master of Science in Computer Engineering (MSCE), Wright State University, 2016, Computer Engineering
Online social systems have emerged as a popular medium for people in society to communicate with each other. Among the most important reasons why people communicate is to share emotional problems, but most online social systems are uncomfortable or unsafe spaces for this purpose. This has led to the rise of online emotional support systems, where users needing to speak to someone can anonymously connect to a crowd of trained listeners for a one-on-one conversation. To better understand who, how and when users utilize these systems, and to evaluate their safety, this thesis offers a comprehensive examination of the characteristics of users and their interactions from a massive, leading emotional support platform. From a big data set of millions of conversations across hundreds of thousands of users, the study employs statistical measurement techniques and predictive analytics to shed light about the ways these platforms are utilized, and the extent to which users behave in un-wanting ways. The analysis leads to recommendations on promoting positive system utilization and an understanding of the effectiveness of protections in place to thwart emotional attacks. This work is likely the first to measure the activities and interactions in an online social system for emotional support.

Committee:

Derek Doran, Ph.D. (Advisor); Junjie Zhang, Ph.D. (Committee Member); Tanvi Banerjee, Ph.D. (Committee Member)

Subjects:

Computer Engineering; Computer Science

Keywords:

Online Social Networks; Cyberbullying; Network Analysis; Emotional support system; User behavior

Ruan, YiyeJoint Dynamic Online Social Network Analytics Using Network, Content and User Characteristics
Doctor of Philosophy, The Ohio State University, 2015, Computer Science and Engineering
Online social networks (OSNs) allow Internet users all over the globe to share information, exchange thoughts, and work collaboratively. Not only do OSNs provide a channel of broadcasting real-world events as they unfold, they also enable a convenient way for users to exchange experience and opinions. Understanding the relation among network topology, users, content, and their dynamics can have a significant impact both from a theoretical standpoint as well as from a practical one, for instance, to understand online user behaviors and predict future online activities. In this dissertation, I study the interplay of three important factors that encode most of the OSN dynamics: network structure, user-generated content, and user characteristics. We first present our broader contribution to computer science: the development of two novel graph algorithms for community detection and structural role detection, which are scalable to handle networks containing millions of nodes and edges. Both community and role assignments of nodes generate novel clusterings of OSN users and provide valuable insights into OSN activities, but they are often implicit or even unknown to OSN analysts. We bridge this chasm by designing algorithms that can automatically infer community and role information in large-scale OSN data. Our algorithms are (1) robust in the presence of noise in real-world data, and (2) efficient in processing large network datasets. A key element to both of these contributions is a practical approach for network sparsification which enables efficient processing. Evaluated on various social networks containing hundreds of millions of edges, our algorithms outperform state-of-the-art approaches in terms of the ability of recovering ground truth communities and roles of OSN users. By augmenting the network structure with content information and performing joint inference, our algorithms are able to combat the impact of noise. At the same time, careful design and optimization of our algorithms render them highly efficient when compared with existing approaches, and even non-trivial speedups on some networks. Then we investigate three analytical tasks on OSN activities from the perspective of a user: (1) predicting user engagement in online discussion, (2) understanding the divergence of user-generated content, and (3) identifying patterns in the shift of user sentiment over time. Underpinning this effort are scalable mechanisms to infer important topological characteristics of such networks including community affiliation and structural roles, as discussed above. Experiments with large-scale datasets constructed from real OSNs show that our approaches, which incorporate information on network, content, and users, have demonstrated significant improvements over existing work which only focuses on one single aspect. More importantly, the findings from our studies on large-scale OSN data often reflect similar phenomena observed in social networks in the traditional face-to-face setting, making it promising to apply these quantitative approaches in the analysis of a broader spectrum of social networks.

Committee:

Srinivasan Parthasarathy (Advisor); P Sadayappan (Committee Member); Arnab Nandi (Committee Member); Robert Garrett (Committee Member)

Subjects:

Computer Science

Keywords:

data mining; online social networks; graph mining; community detection; structural role detection; sentiment analysis