臺灣博碩士論文加值系統

線上社群網站在近年來發展迅速，使用者在網站上分享大量的個人資訊，這些豐富的使用者個人資訊十分容易取得，也因此吸引了攻擊者的注意，攻擊者可以收集資訊後偽造使用者身份以發動冒名攻擊，藉此擾亂社群網站內的人際互動運作，雖然目前有一些機制或方法阻擋在線上社群網站中的冒名攻擊，但仍有改善的空間。而在網際網路中，人們一直以來利用電子郵件及即時通訊軟體作為互動溝通的工具，線上社群網站的流行提供了人們在網路上聯繫的另一種管道。在此論文中我們定義了冒名攻擊，並根據使用者在這三種工具上的使用特性及行為，藉此發展出一套針對冒名攻擊的防禦機制，再透過實驗加以印證本機制的可行性。

Chapter 1 Introduction
1.1 Motivation
1.2 Organization
Chapter 2 Related Work
2.1 Defending Identity Theft Attack
2.2 Email Address as An Unique Identifier
2.3 Multi-dimensional Social Network
2.4 Similarity Measures
2.5 Other Attacks on Social Network
Chapter 3 Problem Definition
3.1 System Model
3.2 Problem Description
3.2.1 Scenario 1
3.2.2 Scenario 2
3.2.3 Scenario 3
Chapter 4 The Proposed Scheme
4.1 Challenge
4.2 Login Account As An Identifier
4.3 Friend Network Similarity
Chapter 5 Experiments
5.1 Experiment 1 : The User Behavior Survey
5.1.1 The usage of Email
5.1.2 The usage of the login accounts about on-line social network sites
5.1.3 The usage of the login accounts about Instant Messager
5.1.4 Users’ contacts list
5.1.5 The friend requests
5.1.6 The users’ accounts
5.2 Experiment 2 : The Result of Friend Network Similarity
Chapter 6 Discussion
6.1 Special cases on on-line social network sites
6.2 Friend network similarity issue
6.3 New trends
Chapter 7 Conclusions
7.1 Contribution
7.2 Future Works
Appendix: The Questionnaire of the User Behavior Survey

[1] Alexa: Top 500 Global Sites. http://www.alexa.com/.
[2] Definition of Identity Theft & Attack. http://www.ehow.com/about_5042994_definition-identity-theft-attack.html.
[3] Email and Webmail Statistics. http://www.email-marketing-reports.com/metrics/email-statistics.htm.
[4] Facebook. http://www.facebook.com.
[5] Google+. https://plus.google.com/up/start/?sw=1\&type=st.
[6] Identity Guard. http://www.identityguard.com/.
[7] Identity Theft Protection.org: Keeping personal information always personal. http://www.identitytheftprotection.org/.
[8] LifeLock. http://www.lifelock.com/.
[9] OpenID. http://openid.net/.
[10] Pixnet. http://www.pixnet.net/.
[11] Plurk. http://www.plurk.com/.
[12] Protect my ID. http://www.protectmyid.com/.
[13] Skype. http://www.skype.com.
[14] Stats: Hotmail still on top worldwide; Gmailgets bigger. http://www.geekwire.com/2011/stats-hotmail-top-worldwide-gmail-posts-big-gains.
[15] TrustedID. https://www.trustedid.com/.
[16] Wikipedia: Instant Messaging. http://en.wikipedia.org/wiki/Instant_Messaging.
[17] Windows Live Messager. http://explore.live.com/windows-live-messenger?os=other.
[18] Wretch.cc. http://www.wretch.com/.
[19] Yahoo! Messager. http://messenger.yahoo.com/.
[20] Business Next No.202: Top 100 Popular Websites in Taiwan, 2011. http://www.bnext.com.tw.
[21] M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing social networks for automated user profiling. In Recent Advances in Intrusion Detection, pages 422–441. Springer, 2011.
[22] B.J.L. Berry, L.D. Kiel, and E. Elliott. Adaptive agents, intelligence, and emergent human organization: Capturing complexity through agent-based modeling.
Proceedings of the National Academy of Sciences of the United States of America, 99(Suppl 3):7187, 2002.
[23] L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th international conference on World wide web, pages 551–560. ACM, 2009.
[24] D.M. Boyd and N.B. Ellison. Social network sites: Definition, history, and scholarship. Journal of Computer-Mediated Communication, 13(1):210–230, 2008.
[25] L. Church, J. Anderson, J. Bonneau, and F. Stajano. Privacy stories: Confidence in privacy behaviors through end user programming. In Symposium on Usable Privacy and Security (SOUPS). Citeseer, 2009.
[26] L.A. Cutillo, M. Manulis, and T. Strufe. Security and privacy in online social networks. Handbook of Social Network Technologies and Applications, pages 497–522, 2010.
[27] L. Fang and K. LeFevre. Privacy wizards for social networking sites. In Proceedings of the 19th international conference on World wide web, pages 351– 360. ACM, 2010.
[28] R. Gross and A. Acquisti. Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pages 71–80. ACM, 2005.
[29] C. Jackson, A. Bortz, D. Boneh, and J.C. Mitchell. Protecting browser state from web privacy attacks. In Proceedings of the 15th international conference on World Wide Web, pages 737–744. ACM, 2006.
[30] T.N. Jagatic, N.A. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 50(10):94–100, 2007.
[31] L. Jin, H. Takabi, and J.B.D. Joshi. Towards active detection of identity clone attacks on online social networks. In Proceedings of the first ACM conference on Data and application security and privacy, pages 27–38. ACM, 2011.
[32] M. Maheswaran, B. Ali, H. Ozguven, and J. Lord. Online identities and social networking. Handbook of Social Network Technologies and Applications, pages 241–267, 2010.
[33] M. Mannan and P.C. van Oorschot. Privacy-enhanced sharing of personal content on the web. In Proceeding of the 17th international conference on World Wide Web, pages 487–496. ACM, 2008.
[34] B. Markines, C. Cattuto, F. Menczer, D. Benz, A. Hotho, and G. Stumme. Evaluating similarity measures for emergent semantics of social tagging. In 18th International World Wide Web Conference, pages 641–641. Citeseer, 2009.
[35] E. Spertus, M. Sahami, and O. Buyukkokten. Evaluating similarity measures: a large-scale study in the orkut social network. In Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, pages 678–684. ACM, 2005.
[36] K. Strater and H.R. Lipford. Strategies and struggles with privacy in an online social networking community. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction- Volume 1, pages 111–119. British Computer Society, 2008.
[37] G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A practical attack to deanonymize social network users. In 2010 IEEE Symposium on Security and Privacy, pages 223–238. IEEE, 2010.
[38] K. Zhao, J. Yen, C. Maitland, A. Tapia, and L.M.N. Tchouakeu. A formal model for emerging coalitions under network influence in humanitarian reliefcoordination. In Proceedings of the 2009 Spring Simulation Multiconference, page 10. Society for Computer Simulation International, 2009.
[39] K. Zhao, J. Yen, L.M. Ngamassi, C. Maitland, and A. Tapia. From communication to collaboration: Simulating the emergence of inter-organizational collaboration network. In IEEE International Conference on Social Computing/IEEE International Conference on Privacy, Security, Risk and Trust, pages 413–418. IEEE, 2010.
[40] E. Zheleva and L. Getoor. To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the 18th international conference on World wide web, pages 531–540. ACM, 2009.