See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/281711350

A Critical Analysis of Privacy and Security on Social Media

Conference Paper · April 2015

DOI: 10.1109/CSNT.2015.21

CITATION READS
1 10,795

2 authors:

Sangeeta Kumari Shailendra Singh

Motilal Nehru National Institute of Technology National Institute of Technical Teachers' Training and Research, Bhopal
13 PUBLICATIONS   19 CITATIONS    97 PUBLICATIONS   772 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Green Cloud Computing View project

Optimization technique for support vector machine View project

All content following this page was uploaded by Shailendra Singh on 13 September 2015.

The user has requested enhancement of the downloaded file.

 2015 Fifth International Conference on Communication Systems and Network Technologies

A Critical Analysis of Privacy and Security on Social Media

Sangeeta Kumari Shailendra Singh, Senior Member IEEE

Dept. of Computer Engineering & Application Dept. of Computer Engineering & Application
National Institute of Technical National Institute of Technical
7HDFKHUV¶7UDLQLQJDQG5HVHDUFK 7HDFKHUV¶7UDLQLQJDQG5HVHDUFK
Bhopal, India Bhopal, India
[email protected] [email protected]

Abstract- Privacy and security are the main concern of any growing proliferation and capabilities of mobile devices
social media network sites such as Facebook, Twitter, and may affect privacy [3].
LinkedIn etc. The primary purpose of these sites is to allow
people to share interests, activities, real-life connections. Lack Smartphone enables increasing number of users to
of attention to privacy and security on social media does seem have access to social networking sites where they use 4G
to be odds with the belief as individual responsibility. Network connections to store the data, provide/receive data to/from
virtualization, media independence and FAME etc., are the
social networking sites [4]. In business process modelling,
technologies which are used for protecting WKH XVHU¶V
insider threat harms the organization through the operated
information over the internet. In this paper, we describe
various methods for securing the data with some threats and process. There are various approaches for detecting the
solution. Finally, concludes with a few suggestions as future insider threat like track business processes and provide
research direction. logging information about them. Online monitoring can
facilitate the insider threat mitigation since, unlike other
Keywords: SWT, UsiXML UIDL, GPS, VPSM, FAME, technical approaches [5], it also takes the human factor
threats and solution. into account [5]. In online social media, there is a term
called cross-pollination, in this process pollen is delivered
I. INTRODUCTION
to a flower from different plants, with the plants that are
Now a day, online social websites such as Facebook, different in their genesis [6], in the same way it helps
Twitter and LinkedIn all are the prime sites that are widely social media providers to improve their systems and
accessed on the Internet. Privacy and security are the major develop updated tools for exchange of information across
concerns in IT application like run or install software. The networks. Cross-pollinated networks follow temporal and
LPSRUWDQWFKDOOHQJHLVWRSURWHFW XVHU¶VSHUVRQDOGDWD IURP topological characteristics of the diffusion on online
the unauthorized persons as per law of the land and policies social media [6]. Network virtualization and media
for data rights. The social media network must not disclose independence technology is used to secure the data over
personal data of end-users profile. The privacy challenge is the internet. By means of media independence, there is a
XVXDOO\ VHHQ RQO\ LQ RQH GLUHFWLRQ EHFDXVH D SHUVRQ¶V set of abstract services which is defined for simplifying
privacy is not only attacked from the outside, but in reality network operations to provide mobility aware applications
80% chance of attacks found to be due to human errors. [18].
This happens because the users themselves do not
For mobile device FAME (Face Authentication for
understand the consequences of personal data they have
Mobile Encounters) is an embedded application that
provided. There is a need to develop methodologies for
provides both verification and identification, including
SURWHFWLQJXVHU¶VSHUVRQDOGDWD, like, GPS which is used to
identity management to support social activities [7].
capture the surroundings such as location, motion,
temperature and also other people in the vicinity. Location There are many methods which we are defined in our
awareness plays an important role in context-aware system related work for privacy and security of the data.
such as cameras, gyroscopes, accelerometers,
microphones etc. [1]. II. RELATED WORK

Resource-sharing is very common in social media. In social media, many techniques are existing for the
Users are able to see all the resources for access but some better privacy and security.
are private or public. User Interface Description Language
(UIDL) allows the designers to develop multi-modal and A. Preserving Privacy in Context-Aware Systems
multi-platform User Interfaces UIs [2]. In social media

978-1-4799-1797-6/15 $31.00 © 2015 IEEE 602

DOI 10.1109/CSNT.2015.21
 Pramod Jagtap et al.[1] realized that previously system which is both for security and privacy-oriented
mainly focused on location, but the later new model is used technologies [2].
with more inclusive and higher level notion of context
which consider users location, devices and the other
inferred activities in which user are engaged. For privacy  

and security, the key element is the use of collaborative
 
information sharing where device shares and integrate 
knowledge about their context. For this use of Semantic
Web Technologies and building a prototype system that  
aggregates information from a variety of sensors- phone,
online sources and infers the dynamic user context.

Information is accessed by privileged users and denying
access to illegal user. Varied the number of users in a
group list [1] and noted the time taken access by the system  
to provide access levels for the requester [1].

Below we consider some points to protect the sensed Reification Abstraction

data and access by only the authorized users:
Figure 1. Four layer conceptual frameworks [2].

x To see if the system satisfies a basic criteria [1] by

The above Figure 1 described the level of abstraction
allowing access from privileged user and restricting
RIWKH8,¶V
illegal user,
x To test whether the actual computing time of [1] a) The Tasks & Concepts: This layer describes the
reasoning over mobile devices is acceptable. XVHU¶V tasks and domain-oriented concepts to carry out
x To find scales with different size of user these tasks.
information. b) The Abstract UI: This layer describes the
abstract containers and individual components of the UI
B. Privacy and Security in Multi-modal User Interface and the container group the subtasks according to task
Modeling for Social Media model structural patterns, identification of semantic
relationships and the cognitive load analysis [2].
In this paper [2] they focus on security and privacy c) The Concrete UI: It defines the widget layouts
issues in UI modelling for this they use Cameleon and the interface navigation. It abstracts Final UI into a
5HIHUHQFH )UDPHZRUN &5) WR GHYHORS 8,¶V   7KH UI definition and also considered as a rectification of an
UsiXML has the following set of models to support the Abstract UI with respect to platform [2].
conceptual modelling of UIs. d) The Final UI: It represents the operational UI
running on a particular computing platform by execution
x The taskModel represents the decomposition [2].
between tasks into subtasks and also temporal
relationships among tasks. C. Big Data Privacy Issues in Public Social Media
x The domainModel describes the classes of the
objects manipulated by the user while interacting In this paper [3] they are using a GPS-enabled mobile
with the system. device user can activate the watchdog client to locally track
x The mappingModel collects the inter-model his position during times considers relevant to his privacy,
relationships that are semantically related. then device may request privacy watchdog to show him
x The contextModel describes the user, the media whenever the user is interested in the state of his
environment and the platform of the application. online privacy, the watchdog service can be operated in
three different ways [3]:
Many of these models suffer from lack of applicability
x First type would be by regular user account, it is
in the context in support of security and privacy in the
able to see all public pictures, but also all restricted
UI at different abstraction levels at the same time.
pictures in scope but visible to the user. Social
Because of this they adapt the PriS conceptual model
network knows when and where they are [3] and

603
 the clientele who wish to protect their online way that insider attacks are detected in a short
privacy. time period.
x The second type of watchdog does not require a x Combine technical and behavioural
user account to do search and can be queried monitoring: It increases the effectiveness of
anonymously. It would have smaller scope and can insider threat detection. Alert sharing and
only access publicly available media. trusted teams that are authorized to access all
x Third type would be stand-alone service which can data within the organization.
be operated by a third party like an indexing, x Use external source of information: It suggests
search machine, which crawls publicly available the use of external information sources.
media and is metadata and allows this database to
query. They focus on further enhancing existing monitoring
tools by combining external sources of information (such
These different types of watchdog service are used to as social media) with technical and behavioral patterns.
reduce the number of relevant pieces of media a user needs
to keep an eye on if they dRQ¶WZDQWXQFRQWUROOHGPHGLDRI
themselves to be online [3].
Social media
D. Privacy-Preserving Mobile Accesses for Virtual
Private Social Media


Author proposed [4] a Virtual Private Social Media

(VPSM) technique based on location and time dependent to
protect the relationship of followers and followees. The   

 
authorization policy is defined to access the media services
and action together with the notion of propagatability,
location and time range. The main aim of this paper to 

"#$
control user accesses to subgroups of social media resource $

dynamically to the location and time and also determine

whether to allow follow or not [4].
 

 
E. Insider Threat: Enhancing BPM through Social !
Media
Figure 20RQLWRULQJV\VWHP¶Varchitecture [5].

Dimitris Gritzalis et al. [5] focused to the insider

In this Figure 2, output comes in the form of potential
WKUHDW PHDQV LQVLGHUV SDUWLFLSDWLQJ LQ DQ RUJDQL]DWLRQ¶V
incident alerts and the risk that characterizes the
business process who depending on their motives, may
processes of the organization.
harm to the organization. They proposed a structural
method that combined monitoring at the process level with
F. FAME: Face Authentication for Mobile Encounter
psychosocial monitoring through social media [5@&(57¶V
research has focused on analyzing a large number of insider In this paper [7] they found Face Authentication for
threats which are defined below with diagram: Mobile Encounters as an embedded application for mobile
devices using Android, it provides verification and identity
x Monitoring the organization: It collects management that support social activities, for example,
information on the status of insider threats and finding doubles in a social network. FAME consists of anti-
incident with the organization. spoofing, image acquisition [7], face segmentation [7], face
x Monitoring employees: These results should be detection, feature extraction and face matching [7] with the
secured and used solely for the purpose of help of these it shows user acceptance, acceptability, ease
optimizing resources not for discriminating of use, reliability, privacy and security [7].
purposes.
x Use optimized monitoring: Organization
should configure their infrastructure in such

604
 training set would have [9] been twice the size of a number
Face Matching Acquisition
of existing links in each community.

Feature Segmentation
Extraction

Best Template Spoofing

Selection Detection

Figure 3. FAME Architecture [7]

The circular pattern in Figure 3. shows that after a

negative response, a second attempt is automatically started
by a system which is transparent to the user [7].
Figure 4. Facebook co-worker community social network [9]

G. Evaluating potentials of Internet and Web-based

SocialTV in the light of privacy. In above Figure 4 they refer to Facebook's underlying
friendship graph in which classifiers are evaluated for a
Mohamed Bourimi et al. [8] reported the methods for
evaluating the potentials of SocialTV by considering end- small community of co-workers that according to their
XVHUV¶ SULYDF\ EDVHG RQ ODE DQG ILHOG WULDOV A web based Facebook profile pages worked for the same well-
prototype allowed the different [8] forms of collaboration known high-tech company [9]. Facebook users may
and social interaction related to different SocialTV create a personal profile, add friends, and communicate
scenarios was developed and used as a high-fidelity with other members [9]. Because the friendship link
prototype for evaluating the scenarios and gathered the new between two [9] members must be reciprocal, there is a
requirements. The prototype allowed for both centralized mutual connection exist between the link of member A
[8] as well as decentralized solutions [8]. and member B. Therefore, These co-workers'
community network graph [9] contained 410 nodes and
H. Links Reconstruction attack: Using Link Prediction
635 links; it was obtained using a web crawler at the
Algorithms to Compromise Social Networks Privacy
beginning of January2012.
Michael Fire [9] solved the link prediction algorithm For these, they use the F-measures and area under
to compromise social network [9] in which there are curve measures with the rotation forest algorithm
different methods for predicting link in social networks which is used for testing community data sets. This
and test it on different types of social network method is only for user's connection to others with high
communities in order to reconstruct XVHU¶V links. Proposes accuracy and for hides the user's privacy [9].
a link reconstruction attack, because they think in previous
method there is some less security for the chance of I. Classifying Trust/Distrust Relationships in Online
unauthorized attacks. So this method is based on machine Social Networks.
learning classifier trained on a small set of easy to compute
topological features. They created two sets: one is easy In this paper [10] authors address the problem of
training set and another is hard training set for each creating a framework for the trust inference and proposed a
community in which both contains 50% positive and 50% model based on graph mining techniques and used this
negative links. Positive links are those that exist within the model for predicting the truest sign of a given set of edged
community and negative links do not exist. In easy training of the network. Also infer the trust/distrust relationships in
set, negative links are [9] created by randomly chooses two those relational environments that cannot be described by
nodes that have not linked between them. In hard training simply using the classical social balance theories of
set, negative links are created by choosing two nodes in triangles and also shows the better performance [10].
the community that have a distance of two from each other.
Due to the small size of each community, the size of each

605
J. Social Networks and Web Security: Implications on III. THREATS AND SOLUTION IN
Open Source Intelligence. ONLINE SOCIAL MEDIA NETWORK

In this paper [11] they highlighted the intelligence aspect In a social media network, threats and the solution
of social media networking and also analysis the events signify are used to protect our data from the fake users and
the influential competence of social media network and improve the privacy solution. There are two types of
additionally they focused on the foundation and the significance threats, one is classic threat and other is modern threats.
of security risks with social networks to protect the confidential Today's attackers can combine these two threats to make
and personal data. the user's privacy more venerable to lethal attack.

K. Compliance of the Facebook Data Use Policy with the

Threats
principles of ISO 29100:2011.

Authors [12] focused on examining the compliance of the .

Classic Modern Combination
Facebook data use policies to the privacy principles specified in threats threats threats
the ISO 29100:2011 standard. It is done by mapping techniques
and enhances [12] the privacy levels in Facebook and Threats
Click
minimizing the possibilities for data breaches and users¶ malware targeting
jacking
children
themselves decide whether they want to share personal data or
not. Fake profiles
spammers
Online
L. Integrating and Mining Virtual Communities across predators
Identity clone
Multiple Online Social Networks: Concepts, Approaches attacks
Phishing
and Challenges. Risky
attacks
behaviour
Interference
In this paper [13] they sum up the current research trends attacks
cyberbullyi
for integrations of virtual communities are shifted from Cross-site
ng
scripting De-
Homogeneous OSNs to Heterogeneous OSNs and SISs. The anonymization
concept of global model was developed for the protection of
Internet
personal privacy and security issues. fraud Face
Recognition

M. $QDO\VLV RI WKUHH WUXVWHG )ULHQGV¶ YXOQHUDELOLW\ Ln

Facebook. Information
leakage

In this paper [14] authors introduced new security Location

leakage
loophole in Facebook that is three trusted friend's vulnerability
in which hacker can recover a legitimate user password to hack
Socware
his account. They provide some solutions to prevent attacker
from exploiting this facility and misuse it as a vulnerability.

N. A Data-Reachability Model for Elucidating Privacy Figure 5. Threats to Online Social Media Networks Users [16].
and Security Risks Related to the Use of Online Social
Networks.
The above Figure 5. shows all the threats which
In this paper [15] authors proposed a data reachability divided into mainly four categories:
model to understand the potential risks in online social
networks. The model easily captured the data extraction x Classic Threats &ODVVLFDO WKUHDWV XVH WKH XVHU¶V
methods through the encoding of a data-reachability matrix in personal information published on social
which each row represents an inference or a data derivation networks WR DWWDFN DQG DOVR DWWDFN WKHLU IULHQG¶V
step. And the model elucidates potential linkages between data personal information. It spreads very fast among
typically exposed within social-media and networking sites. user network [16].
x Modern Threats: It especially targets WRWKH XVHU¶V

606
 personal information. For example, it collects to protect the children from harmful content. There are
information to make fake profile and send request NoScript Security Suite, privacy scanner for Facebook,
to another target user [16]. defensio, algorithm for detecting video spammer from
x Combination Threats: It is a combination of both YouTube, preventing information and location leakage etc.,
classical and modern threats. For example, use all are the solution for threats.
SKLVKLQJDWWDFNWRFROOHFWWKHXVHU¶VSDVVZRUGDQG
posted to another target user by using clickjacking.
There is hidden virus, so when the target user click IV. FUTURE ASPECTS OF SOCIAL MEDIA
on the posted message, it installs [16]. NETWORK WITH CONCLUSION
x Threats Targeting Children: Its targets for the
younger children by chatting with stranger Here, the Table 1 shows, the 5 most popular social
person etc. [16]. networking sites, the number of monthly visitors in
compete rank order [17].

Use the Trojan that contain hidden click jacking attack TABLE 1. FEATURES OF SOCIAL MEDIA NETWORKING
in which hidden virus are activated, and thus collects the SITES [17].

personal information about users, which is used by the

No. Sites Estimated Compete
attackers. The social privacy protector application which used Unique Rank
to identify fake profiles from a user¶VIULHQGV Monthly
Visitors
Authenticationn Operator Academic pphishing detection 1. Facebook 900,000,000 3
Mechanism
S
Spammer detection
privacy setting 2. Twitter 310,000,000 21
F
Fake profile detection
3. LinkedIn 255,000,000 25
Report users S
Socware
4. Pinterest 250,000,000 27
Solution Cloned
l need pprofile detection
lo
5. GooglePlus+ 120,000,000 32
P
Privacy setting interfaces

P
Preventing information &

Location leakage In the future, the internet has evolved towards high-
bandwidth network architecture offering transparent
Commercial transport services for fixed and mobile applications to
cope with several concerns on different aspects such as
scalability, transparency, mobility, robustness, security,
heterogeneity, quality of service [18], re-configurability,
context-awareness, manageability, data centric,
Internet
Inte N
Norton
orton safee Websense
ebse content
cont Infoglide
Infog united parents
pare economics, etc. [18]. For privacy and security, we built an
Security w
web defense watches net minor child protection
Solution nanny monitor evolutionary solution on current internet architecture for
VG
AVG
Privacy Fix
the upcoming limitations. Loss of intellectual property
McAfee social
cial pprotection and proprietary information may be risks for an
organization [19].

The quality of 3D presentation like depth impression

Figure 6. Solution for online social media and network [16]. is mainly influenced by multimedia features, high-
The above Figure 6 mentions the solution for online movement sections in the video are more sensitive to the
social media network to protect the users and information Quality of Service degradation [20]. In future we may find
from malicious attacks, spammers, fake profiles, scams new types of threats and solution to secure the data more
and other threats by activating the Facebook immune effectively.
system. Internet security solutions can be ensured by AVG,
Avira, Kaspersky, Panda, MacAfee, and Symantec [16] REFERENCES
which provide internet security solutions provided by
[1] Pramod Jagtap, Anupam Joshi, Tim Finin and Laura Zavala,
different companies. Some techniques are used to detect "Preserving Privacy in Context-Aware Systems," Fifth IEEE International
phishing websites and phishing URLs; Net Nanny is software Conference on Semantic Computing, 2011, pp.149-153.

607
 [2] Mohamed Bourimi, Ricardo Tesoriero, Pedro G. Villanueva, Fatih Service Attributes for 3D Future Internet Multimedia," Fourth IEEE
Karatas and Philipp Schwarte, "Privacy and Security in Multi-modal User International Conference on Cognitive Infocommunication,Dec
Interface Modeling for Social Media," IEEE International Conference on 2013,pp.641-646.
Privacy, Security ,Risk, and Trust, and IEEE International Conference on
Social Computing2011,pp.1364-1371.
[3] Matthew Smith, Christian Szongott, Benjamin Henne and Gabriele von
Voigt, "Big Data Privacy Issues in Public Social Media,´,(((, 2013.
[4] Jong P. Yoon, Christopher M. Frenz, Zhixiong Chen and David Wang,
"Privacy-Preserving Mobile Accesses for Virtual Private Social Media,´ 
IEEE Eighth World Congress on Services, 2012, pp.192-198.
[5] Dimitris Gritzalis, Vasilis Stavrou, Miltiadis Kandias and George
6WHUJLRSRXORV ,QVLGHU 7KUHDW (QKDQFLQJ %30 WKURXJK 6RFLDO 0HGLD´
IEEE, 2014.
[6] Paridhi Jain, Tiago Rodrigues, Gabriel Magno, Ponnurangam
Kumaraguru and Virgilio Almeida, "Cross-Pollination of Information in
2QOLQH 6RFLDO 0HGLD $ &DVH 6WXG\ RQ 3RSXODU 6RFLDO 1HWZRUNV´ ,(((
International Conference on Privacy, Security, Risk, and Trust, and IEEE
International Conference on Social Computing, 2011, pp.477-482.
[7] Silvio Barra, Chiara Galdi, Maria De Marsico and Daniel Riccio,
)$0()DFH$XWKHQWLFDWLRQIRU0RELOH(QFRXQWHU´,(((, 2013.
[8] Mohamed Bourimi,Dhiah el Diehn I. Abou-Tair, Dogan
Kesdogan,Thomas Barth and KaWKULQ +RINH ´(YDOXDWLQJ SRWHQWLDOV RI
Internet and Web-EDVHG 6RFLDO79 LQ WKH OLJKW RI SULYDF\´,IEEE
International Conference on Social Computing/IEEE International
Conference on Privacy,Security,Risk and Trust,2010.pp.1135-1140.
[9] Michael Fire, Gilad .DW] /LRU 5RNDFK DQG <XYDO (ORYLFL´/LQNV
Reconstruction Attack: Using Link Prediction Algorithms to Compromise
6RFLDO1HWZRUNV3ULYDF\´ Springer New York 2013, pp.181-196.
[10] Giacomo Bachi,Michele Coscia,Anna Monreale and Fosca Giannotti,
´&ODVVLI\LQg Trust/Distrust Relationships in Online Social
1HWZRUNV´ASE/IEEE International Conference on Social Computing and
ASE/IEEE International Conference on Privacy,Security,Risk and
Trust,2012,pp.552-557.
>@)DKDG$QVDUL0RQLV$NKODTDQG$5DXI³6RFLDO1etworks and Web
6HFXULW\ ,PSOLFDWLRQV RQ 2SHQ 6RXUFH ,QWHOOLJHQFH´ Second National
Conference on Information Assurance (NCIA), IEEE, 2013,pp.79-82.
>@ $OH[DQGUD 0,&+27$ DQG 6RNUDWLV .DWVLNDV´&RPSOLDQFH RI WKH
Facebook Data Use Policy with the principles of ISO 29100:2011´,(((
2014.
[13] Wu-&KHQ 6X´,QWHJUDWLQJ DQG 0LQLQJ 9LUWXDO &RPPXQLWLHV DFURVV
0XOWLSOH 2QOLQH 6RFLDO 1HWZRUNV FRQFHSWV $SSURDFKHV DQG &KDOOHQJHV´
IEEE, 2014, pp.199-204.
[14] Ahmed Kadhim Noor and Mohammad Abdur 5D]]DTXH´$QDO\VLV RI
WKUHHWUXVWHG)ULHQGV¶YXOQHUDELOLW\LQ)DFHERRN´ International Conference
on Advanced Computer Science Applications and Technologies, IEEE,
2013, pp.300-303.
[15] Sadie Creese,Michael Goldsmith,Jason R.C. Nurse and Elizabeth
PhillipV´$ 'DWD-Reachability Model for Elucidating Privacy and Security
Risks Related to the Use of Online Social Networks´ (OHYHQWK
International Conference on Trust, Security and Privacy in Computing and
Communications,IEEE,2012,pp.1124-1131.
[16] Michael Fire, Roy Goldschmidt and Yuval Elovici´ Online Social
1HWZRUNV 7KUHDWV DQG 6ROXWLRQV´, IEEE Communication Surveys &
Tutorials, Fourth Quarter 2014, pp.2019-2036.
[17] (2015) the eBusiness MBA Guide Social Networking Sites [Online].
[18] Jesus Alcober,Xavier Hesselbach,Antonio de la Oliva,Andres
Garcia-Saavedra , David Roldan and Carlos Bock, "Internet Future
Architectures for Network and Media Independent Services and
Protocols,"(ICTON)IEEE, 2013,pp.1-4.
[19] Santosh Krishna Putchala and Krishna Bhat and Anitha R,
"Information Security Challenges in Social Media Interactions,´ ,(((,
July 2013, pp.1-4.
[20] Ivett Kulik, Peter Andras Kara, Tuan Anh Trinh and Laszlo
Bokor, "Analysis of the Relationship between Quality of Experience and

608

View publication stats