• No results found

Finding Malicious Applications on Facebook Using FRAppE

N/A
N/A
Protected

Academic year: 2020

Share "Finding Malicious Applications on Facebook Using FRAppE"

Copied!
10
0
0

Loading.... (view fulltext now)

Full text

(1)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1502

Finding Malicious Applications on Facebook

Using FRAppE

N. Praveen Kumar1, K.V SRINIVAS RAO 2

. 1PG Scholar, Dept of CSE, Prakasam Engineering College, Prakasam(Dt),Kandukur AP,India. 2Asst Professor, Dept of CSE, Prakasam Engineering College, Prakasam(Dt),Kandukur,AP,

India.

ABSTRACT :

Nowadays use of social networking web site like Facebook, Twitter, Google+

(2)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1503

I. INTRODUCTION

In the Internet era, multimedia content is massively produced and distributed. In order to efficiently locate content in a large-scale database, content-based search techniques have been developed. They are used by content based information retrieval (CBIR) [1] systems to complement conventional keyword-based techniques in applications such as near-duplicate detection, automatic annotation, recommendation, etc. In such a typical scenario, a user could provide a retrieval system with a set of criteria or examples as a query; the system returns relevant information from the database as an answer. Recently, with the emergence of new applications, an issue with content-based search has arisen sometimes the query or the database contains privacy-sensitive information [3][1]. In a networked environment, the roles of the database owner, the database user, and the database service provider can be taken by different parties, who do not necessarily trust each other. A privacy issue arises when an untrusted party wants to access the private information of another party. In that case, measures should be taken to protect the corresponding information.

(3)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1504

on the Internet. OSN services have deled all regional, cultural, and language boundaries, and provided every Internet user on the planet with an equal opportunity to speak, and be heard. Nearly 25% of the world's population uses at least one social media service today. 1 People across the globe actively use social media platforms like Twitter and Facebook for spreading information, or learning about real world events these days. A recent study revealed that social media activity increases up to 200 times during major events like elections, sports, or natural calamities [Szell et al. 2014]. This swollen activity contains a lot of information about the events, but is also prone to severe abuse like spam, misinformation, and rumour propagation, and has thus drawn great attention from the computer science research community. Since this stream of information is generated and consumed in real time, and by common users, it is hard to extract useful and actionable content, and later out unwanted feed. Twitter, in particular, has been widely studied by researchers during real-world events [Becker et al. 2011; Hu et al. 2012; Kwak et al. 2010; Sakaki et al. 2010; Weng and Lee 2011]. However, few studies have

looked at the content spread on social media platforms other than Twitter to study real-world events [Chen and Roy 2009; Hille and Bakker 2013; Osborne et al. 2012]. Surprisingly, there has been little work on studying content on Facebook during real world events [Westling 2007], which is five times bigger than Twitter in terms of the number of monthly active users. Range of research attempts which would help to explore malicious content spread on Facebook during events. In particular, we look at three distinct areas, viz. a) the Facebook social graph, b) attack and detection techniques with respect to malicious content on Facebook, and c) analysis of events using online social media data. Then, we look at the various limitations that Facebook poses, which makes event analysis, and detection of malicious content on this network a hard problem. Towards the end, we discuss the implications and research gaps in identifying and analysing malicious user generated content on Facebook during events.

II.LITERATURE SURVEY

(4)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1505

we use within this kind of report.

2. 1 Fb Blog

Fb makes it possible for third-party builders to offer companies to help it isconsumers with Fb Facebooks. As opposed to usual pc along with touch screen phone Facebooks, installation of a Fb software by way of user does not require an individual getting along with doingan Facebooklication binary. As an alternative, every time a user provides a Fb softwareto help her page, an individual funds the Facebooklication form server: (a)concur to get into a subset in the data detailed for the user’sFb page (e. h., your user’s mail address), along with (b) concerto execute selected activities for an individual (e. h., a chance to article for the user’s wall). Fb funds these kind of permissions to help almost any software simply by handing a great Oath 3. 0 [4] symbol towards the software server for every single user who installations the Facebooklication form. Then, the Facebooklication form can certainly gain access to your data along with perform your explicitly-permitted activities for an individual. Represents your methods interested in your set up along with procedure of an Fb software. Operation associated with malevolent Facebooks.

Destructive Fb Facebooks typically run the following.

Step1: Online hackers encourage consumers to install your iPhone Facebook, generally along with some false assure (e. h., totally free iPads).

Step 2: The moment a user installations your iphone Facebook, that redirects an individual to a website in which the user can be asked for to execute jobs, such as performing a review, all over again while using lure associated with false rewards.

Step:3 The particular iphone Facebook afterwards accesses personal data (e. h., beginning date) on the user’s page, which the cyber-terrorist may use to help revenue.

(5)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1506

help third parties [2] to help at some point revenue your cyber-terrorist.

2. 3 MyPageKeeper

MyPageKeeper [14] is really a Fb iphone Facebook designed for discovering malevolent content upon Fb. The moment a Fb user installations My-PageKeeper, that routinely crawls content on the user’s retaining wall along with reports give. MyPageKeeper and then does Facebookly WEBSITE blacklists in addition to custom classification techniques to determine malevolent content. Our previous perform [41] implies that MyPageKeeper finds malevolent content along with high accuracy—97% associated with content flagged because of it indeed point to help malevolent sites also it incorrectly flags just 0. 005% associated with cancerous content.The key thing to note here's which MyPageKeeper determines cultural spyware and adware for the granularity associated with specific content, without having group together content of almost any given software. Put simply, for every single article that it crawls on the retaining wall as well as reports give of an subscribed user, MyPageKeeper’s determination associated with no matter whether to help a flag which

article does not look at the software in charge of your article. Without a doubt, a sizable small fraction associated with content (37%) supervised simply by MyPage- Keeper aren't published simply by almost any software; a lot of content are made physically by way of user as well as published using a cultural plugin (e. h., by way of user simply clicking ‘Like’ as well as ‘Share’ when using outside website). Actually amongst malevolent content determined simply by MyPageKeeper, 27% do not have a great connected software. MyPageKeeper’s classification largely uses Assistance Vector Machine (SVM) dependent classifier which measures every WEBSITE simply by mixing data extracted from just about all content comprising which WEBSITE. Instances of capabilities found in MyPageKeeper’s classifier include things like a) your presence associated with unsolicited mail keywords such as

(6)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1507

comprising identical URL), along with c) the quantity of ‘Like’s along with comments (malicious content get a lesser number of ‘Like’s along with comments). The moment a WEBSITE can be referred to as malevolent, MyPageKeeper represents just about all content comprising your WEBSITE because malevolent.

2.3 Our Datasets

Within the absence of a middle directory site associated with Fb Facebooks 1, the cornerstone individuals analyze is really a dataset extracted from 3. 2M Fb consumers, who tend to be supervised simply by MyPageKeeper [14]. Our dataset contains 91 mil content coming from 3. 3 mil walls supervised simply by MyPageKeeper above eight weeks coming from Summer 2011 to help Goal 2012. These 91 mil content ended up of 111K Facebooks, which often forms our own first dataset D-Total, because proven within Desk 1. Be aware which, out of the 144M content supervised simply by MyPageKeeper while in this era, below we all think about just those content which involved a nonempty “Facebooklication" discipline from the metadata which Fb colleagues along with every article. The particular D-Sample dataset: Finding malevolent Facebooks. To be able to

(7)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1508

within terms associated with volume of content per software. The particular D-Sample dataset: Such as cancerous Facebooks. To be able to choose an equal volume of cancerous Facebooks on the first D-Total dataset, we all use a couple requirements: (a) probably none in their content ended up determined because malevolent simply by MyPageKeeper, along with (b) these are “vetted" simply by Societal Bakers [19], which often computer monitors your "social marketing success" associated with Facebooks. This yields 5, 750 Facebooks, 90% of which get a user ranking associated with at the very least 3 outside of 5 upon Societal Bakers. To complement your volume of malevolent Facebooks, we all put the very best 523 Facebooks within DTotal (in terms associated with volume of posts) and have a set of 6, 273 cancerous Facebooks. The particular D-Sample dataset (Table 1) may be the unification of theb6, 273 cancerous Facebooks while using 6, 273 malevolent Facebooks.

3. PROPOSED SYSTEM

In this work, we develop FRAppE, a suite of effectual classification techniques for

identifying whether an app is malicious or not. To build FRAppE, we use data from My PageKeeper, a security app in Facebook that monitors the Facebook profiles of 2.2 million users. We analyze 111K apps that made 91 million posts over nine months. This is arguably the first comprehensive study focusing on malicious Facebook apps that focuses on quantifying, profiling, and empathetic malicious apps, and synthesizes this information into an effective detection approach.

Fig 2: Architecture diagram

(8)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1509

diagram Our system will detect weather the submission is malicious or not By using naïve bayes classifier algorithm .As shown in fig App is popped to user and user gives request to server to use this app but before this request is going to proceed we will check whether the application is malicious or not by applying constraints on app (constraints such as is that app have suspicious redirecting url?, app post contents, app close functions etc.). otherwise it will pass that app request to server. Then server gives authorization to user to access that app.

V. EXPECTED RESULTS

1. FacebookNets form large and densely connected groups

2. Posting direct links to other Facebooks

3. Indirect Facebook promotion.

4. Facebooks with the same name often are part of the same FacebookNet.

5. Amazon hosts a third of these indirection websites.

6. Robustness of features.

7. Recommendations to Facebook.

8. Detecting spam accounts.

9. Facebook permission exploitation.

10.Facebook rating efforts.

CONCLUSION AND FUTURE SCOPE

(9)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1510

will continue to dig deeper into this system of malicious apps on Facebook, and we optimism that Facebook will benefit from our endorsements for reducing the menace of hackers on their podium.

REFERENCES

1. Besmer, H. R. Lipford, M. Shehab, and G. Cheek. Social applications: exploring a more secure framework. In SOUPS,2009.

2. C.-C. Chang and C.-J. Lin. LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2, 2011.

3. P. Chia, Y. Yamamoto, and N. Asokan. Is this app safe? A large scale study on application permissions and risk signals. In WWW, 2012.

4. F. J. Damerau. A technique for computer detection and correction of spelling errors. Commun. ACM, 7(3), Mar. 1964.

5. H. Gao, Y. Chen, K. Lee, D. Palsetia, and A. Choudhary. Towards online spam filtering in social networks. In NDSS, 2012. 6. H. Gao, J. Hu, C. Wilson, Z. Li, Y.

Chen, and B. Y. Zhao.Detecting and characterizing social spam campaigns. In IMC, 2010.

7. M. Gjoka, M. Sirivianos, A. Markopoulou, and X. Yang.Poking facebook: characterization of osn

applications. In Proceedings of the first workshop on Online social networks,WOSN, 2008.

8. J. King, A. Lampinen, and A. Smolen. Privacy: Is there anapp for that? In SOUPS, 2011.

9. Le, A. Markopoulou, and M. Faloutsos. Phishdef: Url names say it all. In Infocom, 2010.

10. K. Lee, J. Caverlee, and S. Webb. Uncovering social spammers: social honeypots + machine learning. In SIGIR, 2010.

11. S. Lee and J. Kim. Warningbird: Detecting suspicious urls in twitter stream. In NDSS, 2012.

12. Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove.Analyzing facebook privacy settings: user expectations vs. reality. In IMC, 2011.

13. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker. Beyond blacklists: learning to detect malicious web sites from suspicious urls. In KDD, 2009.

14. Makridakis, E. Athanasopoulos, S. Antonatos, D. Antoniades, S. Ioannidis, and E. P. Markatos.Understanding the behavior of malicious applications in social networks. Netwrk. Mag. of Global Internetwkg., 2010.

(10)

Available online: https://edupediapublications.org/journals/index.php/IJR/ P a g e | 1511

2012.

16. T. Stein, E. Chen, and K. Mangla. Facebook immune system. In Proceedings of the 4th Workshop on Social Network Systems, 2011. 17. G. Stringhini, C. Kruegel, and G.

Vigna. Detecting spammers on social networks. In ACSAC, 2010.

18. K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song. Design and Evaluation of a Real-Time URL Spam Filtering Service. In Proceedings of the IEEE Symposium on Security and Privacy, 2011. 19. N. Wang, H. Xu, and J. Grossklags.

Third-party apps on facebook: privacy and the illusion of control. In CHIMIT, 2011.

Figure

Fig 2: Architecture diagram

References

Related documents

(1) Decrease the initial boiling point or (2) increase the end point of the cat light gas oil; (3) increase the feed to the cat cracker by increasing the crude distilling column

To speak with an AFS Financial Advisor about lowering your monthly mortgage payments … and for your free, no-obligation Rate Quote and Mortgage Comparison … just call

No studies to our knowledge have examined all three health measures (MVPA, sedentary behavior, components of sleep quality) using accelerometers to 1) compare health behaviors

The Borough of Mount Arlington Mayors Wellness Committee, The Mount Arlington Board of Health and The Mount Olive Township Health Department are promoting health and fitness

Trust-Building Training & Programs : Training and coaching on building trust/internal and external customers, trust development, trust based selling, coaching for

At first for designing this system, the disease variables were discriminated and were at the patients' disposal as a questionnaire, and after gathering the relevant data

We have shown how to achieve quality scalabil- ity and optimized rate-distortion performance for the wavelet-based irregular mesh codec EMD+16 which employs octree-based encoding