Abstract
Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees' systems. Finally, we discuss security defenses that can be adopted to defend against socioware.
Original language | English |
---|---|
Pages (from-to) | 415-426 |
Number of pages | 12 |
Journal | IEEE Systems Journal |
Volume | 11 |
Issue number | 2 |
DOIs | |
State | Published - Jun 2017 |
Bibliographical note
Publisher Copyright:© 2007-2012 IEEE.
Keywords
- Attack
- cybercrime
- insider threats
- malware
- online social networks (OSNs)
- vulnerability
ASJC Scopus subject areas
- Control and Systems Engineering
- Information Systems
- Computer Science Applications
- Computer Networks and Communications
- Electrical and Electronic Engineering