2.Inference Attack on Browsing History of Twitter Users Using Public Click Analytics and Twitter Metadata With Overlapping Information

A SYNOPIS REPORT ON Inference Attack On Browsing History Of Twitter Users Using Public Click Analytics And Twitter Metadata Or Derivation Attack On Browsing History Of Twitter Users Using Public Click Analytics And Twitter Metadata Using

Abstract : Today ,twitter is the most important online social network service for altering information (tweets) among companies and friends, Because Twitter restricts the length of messages, many Twitter users use URL shortening services, such as bit.ly and goo.gl , to share long URLs with friends . Twitter users mostly use URL shortening services to provide short alias of a long URL for sharing it via tweets and public click analytics of shortened URLs. The public click analytics is provided in an combined form to preserve the privacy of individual users. In this paper, i have propose attack techniques inferring who clicks which shortened URLs on Twitter using the public information: Twitter metadata and public click analytics with overlapping information. The browser history stealing attacks, this attacks only publicly available information provided by Twitter and URL shortening services. The output if this working is that the attack can adjusted Twitter users’ privacy with high accuracy.

Keywords: Twitter; URL shortening service; Inference; Privacy leak; Novel Attack Techniques Introduction: Twitter in the most important online service for altering the information or messages (tweet), in the world 140 million user created account on twitter and most important thing is that 340 million messages delivered regularly on twitter. The URL shortening services which provide a short alias of a long URL it is useful service for Twitter users who want to share long URLs via tweets (140-character tweets containing only texts). The famous URL shortening services like bit.ly and goo.gl also provide shortened URLs’ public click analytics consisting of the number of clicks and referrers of visitors. URL shortening services provide an combined form to protect the privacy of visitors from attackers. Example : Alice, updates her messages using the official Twitter client application for iPhone, “Twitter for iPhone” will be included in the source field of the corresponding metadata. Moreover, Alice may disclose on her profile page that she lives

in the USA or activate the location service of a Twitter client application to automatically fill the location field in the metadata. Using this information, we can determine that Alice is an iPhone user who lives in the USA. The simple inference attack that can estimate individual visitors using public metadata provided by Twitter. The main advantage of the preceding inference attack over the browser history stealing attacks is that it only demands public information. In this paper, we propose novel attack methods for inferring whether a specific user clicked on certain shortened URLs on Twitter. The aim of these attacks is to know which URLs are clicked on by target users. To Introduce the attack methods: (i) an attack to know who click on the URL and (ii) an attack to know which URLs are clicked . To examine the attack , there are two methods (1) To find a number of Twitter users who distribute URLs, and investigate the click analytics of the distributed URLs and the metadata of the followers of the Twitter users. (2) To create monitoring accounts that monitor messages from all followings of target users to collect all shortened URLs that the target users may click on it. Then monitor the click analytics of those shortened URLs and compare them with the metadata of the target user. Recently to stop these attack is very important for everyone. Related Work: Project Name 1) ““You might also like:” Privacy risks of collaborative filtering,”

2) “Timing privacy,”

attacks

on

web

Author Name

Proposed System

This Paper We Refer to

A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov,

In this paper we develop algorithms which take a moderate amount of auxiliary information about a customer and infer this customer's transactions from temporal changes in the public outputs of a recommender system. Our inference attacks are passive and can be carried out by any Internet user.

Idea about Privacy risks of collaborative filtering.

E. W. Felten and M. A. Schneider,

This paper presents a novel timing attack method to sniff users' browsing histories without executing any scripts. Our method is based on the fact that when a resource is loaded from the local cache, its rendering process should

The evaluation shows that our method can effectively sniff users' browsing histories with very high precision. We believe that modern browsers protected by script-blocking

begin earlier than when it is loaded from a remote website. We leverage some Cascading Style Sheets (CSS) features to indirectly monitor the rendering of the target resource. 3) “Tweet, tweet, retweet: Conversational aspects of rewetting on twitter,”

4) “I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata,”

techniques are still likely to suffer serious privacy leakage threats.

D. Boyd, S. Golder, and G. Lotan,

In the proposed system we examines the practice of retweeting as a way by which participants can be "in a conversation." While retweeting has become a convention inside Twitter, participants retweet using different styles and for diverse reasons. We highlight how authorship, attribution, and communicative fidelity are negotiated in diverse ways.

We highlight how authorship, attribution, and communicative fidelity are negotiated in diverse ways. Using a series of case studies and empirical data, this paper maps out retweeting as a conversational practice.

Jonghyuk Song, Sangho Lee, Jong Kim

Only use public information provided by URL shortening services and Twitter; i.e., click analytics and Twitter metadata. We determine whether a target user visits a shortened URL by correlating the publicly available information. Our approach does not need complicated techniques or assumptions such as script injection, phishing, malware intrusion or DNS monitoring. All we need is publicly available information.

practical attack technique that can infer who clicks what shortened URLs on Twitter.

5) “Inferring Privacy Information From Social Networks ?”

6) “Scriptless Timing Attacks onWeb Browser Privacy,”

7) “Protecting Browser State from Web Privacy Attacks”

8) “Protecting Browsers from Cross-Origin CSS Attacks,”

9) “Web Browser History Detection as a Real-World Privacy Threat”

Jianming He1, Wesley W. Chu1, and Zhenyu (Victor) Liu2

take both social network structures and in°uence strength of social relations into consideration.

Investigated the problem of privacy inference in social networks. Using Bayesian networks

Bin Liang, Wei You, Liangkun Liu, Wenchang Shi

To perform an elaborated investigation to reveal additional exploitable browser mechanisms. With more dynamic and interactive features introduced in browsers in present times

Presented a new timing attack method for sniffing users’ browsing histories

Collin Jackson, Dan Boneh, Andrew Bortz, John C Mitchell

Propose that a general same-origin principle should be applied uniformly across di_erent types of information stored on a web user's machine. We also develop ways for users to limit tracking, in the form of browser extensions that are available for download.

presents some more powerful tracking methods based on caching various kinds of _les.

Lin-Shung Huang, Chris Evans, Zack Weinberg, Collin Jackson

stricter content handling rules that completely block the attack, as long as the targeted web site does not make certain errors

present a general form of this attack that can be made to work in any browser that supports CSS, even if JavaScript is disabled or unsupported.

Artur Janc1 and Lukasz Olejnik2

the pioneering the data acquisition of history-based user preferences

analyze the impact of CSS-based history detection and demonstrate the feasibility of conducting practical attacks with minimal resources

10) “A Topic-focused Trust Model for Twitter”

Liang Zhao

Experiments on Twitter event detection demonstrated that our method can effectively extract trustworthy tweets while excluding rumors and noise. In addition, a comparative performance analysis demonstrated that our method outperforms existing supervised learning schemes using tweets manually labelled or tweets generated based on keyword matching as the training set.

Utilizing credible news reports to infer trustworthiness of tweets exhibiting contextual similarity in textual, spatial and temporal features

Existing System : In this paper, we proposed an inference attack that infers shortened URLs that are clicked on by the target user. All the information needed in our attack is public information; that is, the click analytics of URL shortening services and Twitter metadata. Both information are public and can be accessed by anyone. We combined two pieces of public information with inferred candidates. To evaluate our system, we crawled and monitored the click analytics of URL shortening services and Twitter data. Throughout the experiments, we have shown that our attack can infer the candidates in the majority of cases. To the best of our knowledge, this is the first study that infers URL visiting history on Twitter. We also proved that if an attacker knows some information about the target user, he could determine whether the target user clicks on the shortened URL. Disadvantages of Existing System:

1) The periodic monitoring and matching have a limitation because Twitter does not officially provide personal information about users such as country, browsers, and platforms. 2) URL is an essential service for Twitter users who want to share long URLs via tweets having length restriction. Proposed System: To propose novel attack methods for inferring whether a specific user clicked on certain shortened URLs on Twitter. As shown in the preceding simple inference attack, our attacks rely on the combination of publicly available information: click analytics from URL shortening services and metadata from Twitter. The goal of the attacks is to know which URLs are clicked on by target users. We introduce two different attack methods: (i) an attack to know who click on the URLs updated by target users and (ii) an attack to know which URLs are clicked on by target users. To perform the first attack, we find a number of Twitter users who frequently distribute shortened URLs, and investigate the

click analytics of the distributed shortened URLs and the metadata of the followers of the Twitter users. To perform the second attack, we create monitoring accounts that monitor messages from all followings of target users to collect all shortened URLs that the target users may click on. Then monitor the click analytics of those shortened URLs and compare them with the metadata of the target user. Furthermore, To propose an advanced attack method to reduce attack overhead while increasing inference accuracy using the time model of target users, representing when the target users frequently use Twitter. Advantages of Proposed System:

1) To propose novel attack techniques to determine whether a specific user clicks on certain shortened URLs on Twitter. To the best of our knowledge, this is the first study that infers URL visiting history on Twitter. 2) Further decrease attack overhead while increasing accuracy by considering target users’ time models. It can increase the practicality of our attacks so that we demand immediate countermeasures.

Existing System Architecture:

Proposed System Architecture:

Algorithms(Existing System Algorithms) : Propose algorithms to apply our inference attack in general situations. First define user and data models. Let U be user information released by the main service. Let D be a data set released by the third party services. To protect the user’s privacy, third party services provide the online data set D in aggregate form which consist of attributes a, values v and count of them c. Let AU be an attribute set of U and AD be an attribute set of D. We define U, D and their attribute sets as follows: AU = {a | a is an attribute of U} AD = {a | a is an attribute of D} U = {(a:v) | a ЄAU ,v is an value of a, C is the counter of a tuple (a:v) at time t} D = {(a:v,C(t)) | a ЄAD ,v is an value of a, C is the counter of a tuple (a:v) at time t}

Algorithm 1.Inference attack for a target user

Input: AC = AU

AD

u = {(a:v)|a ЄAC ,v is an value of a} and u

U

d(t) = {(a:v,c(t)) | a Є AC ,v is an value of a ,c(t) is the counter of (a:v) a tuple at time t} and Ǝ (a:v,c(t)) ЄD Output: Inferred time the user has used the service History = {} Foreach observation time at t do Δd(t) = {(a:v)| Ǝ(a:v,c(t)) Є d(t) s.t (c(t) - c(t-1)) ≥1} if u

Δ(t) then

history = history U {t:u} end end return history

AU = {a | a is an attribute of U} AD i = {a | a is an attribute of Di} U = {(a:v) | a ЄAU ,v is an value of a, C is the counter of a tuple (a:v) at time t} Di = {(a:v,C(t) i ) | a Є A Di ,v is an value of a, C is the counter of a tuple (a:v) at time t}

Algorithm 2.Inference attack for multiple target user Input: AC = AU Ո AD u1,u2,u3,…..un : n user

ui = {(a:v)|aЄAC ,v is an value of a} and ui

U

d(t) = {(a:v,c(t)) | a ЄAC ,v is an value of a ,c(t) is the counter of tuple (a:v) at time t} and Ǝ(a:v,c(t)) ЄD Output: Inferred time the user

History = {} Foreach observation time at t do Δ d(t) = {(a:v)| Ǝ(a:v,c(t)) Єd(t) s.t (c(t)- c(t-1)) ≥1} If ui

Δ d(t) then

history = history U {t:ui} end end end return history

Algorithm 3.Inference attack with multiple third party services Input: ACi = ACi Ո ADi u = {(a:v)|a Є AU ,v is an value of a} and u

Ud1,d2,….,dn : n data set of the third party services

di (t) = {(a:v,ci(t))|a Є A Ci ,v is an value of a, ci (t) is the counter of (a:v) a tuple at time t} and (a:v,c i(t)) Di Output: Inferred time the user has used the service History = {} Foreach observation time at t do Ոi : d i(t) = {(a:v)| Ǝ (a:v,ci(t)) s.t (ci (t) - ci (t-1)) ≥1} if (Ոi :Δ di(t)

u)then

history = history U{t:u} end end return history

Modules: 1) Profiling Module 2) Monitoring Module 3) Matching Module Module Description 1) Profiling Module Profiling module obtains the information of the target user from the target user’s profile and timeline. 2) Monitoring Module The monitoring module extracts the shortened URLs from the tweets posted by the followings of the target user and monitors the changes in the click analytics of the shortened URLs. To create a Twitter user (monitoring user) who follows all the followings of the target user in order to access all tweets that the target user may view. 3) Matching Module The matching module compares the information about the new visitor with the information about the target user when the monitoring module notices the changes in the click analytics. If the matching module infers that the new visitor is the target user, it includes the corresponding shortened URL in a candidate URL set.

Hardware Specification : Processor Speed

- Pentium –III - 1.1 Ghz

RAM

- 256 MB(min)

Hard Disk

- 20 GB

Floppy Drive

- 1.44 MB

Key Board

- Standard Windows Keyboard

1)Mouse Monitor Software Specification: Operating System

- Two or Three Button Mouse -

SVGA

:Windows8.1/95/98/2000/XP

Programming Language : Java Application Server

: Tomcat5.0/6.X

Database Tool

: Mysql 5.0 :Eclipse

Contribution: 1. First, we will work on exact location information on Twitter. . 2. We are identifying the number of attack and number of attacks user details.

Conclusion : In this paper, we proposed an inference attack that infers shortened URLs that are clicked on by the target user. All the information needed in our attack is public information; that is, the click analytics of URL shortening services and Twitter metadata. Both information are public and can be accessed by anyone. We combined two pieces of public information with inferred candidates. To evaluate our system, we crawled and monitored the click analytics of URL shortening services and Twitter data. Throughout the experiments, we have shown that our attack can infer the candidates in the majority of cases. To the best of our knowledge, this is the first study that infers URL visiting history on Twitter. We also proved that if an attacker knows some information about the target user, he could determine whether the target user clicks on the shortened URL.

References: [1] J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov, ““You might also like:” Privacy risks of collaborative filtering,” in Proc. IEEE Symp. Secur. Privacy, 2011, pp. 231–246. [2] E. W. Felten and M. A. Schneider, “Timing attacks on web privacy,” in Proc. 7th ACM Conf. Comput. Comm. Secur. (CCS), 2000, pp. 25–32. [3] D. Boyd, S. Golder, and G. Lotan, “Tweet, tweet, retweet: Conversational aspects of retweeting on twitter,” in Proc. 43rd Hawaii Int. Conf. Syst. Sci., 2010, pp. 1–10. [4] Jonghyuk Song, Sangho Lee, Jong Kim, “I Know the Shortened URLs You Clicked on Twitter: Inference Attack using Public Click Analytics and Twitter Metadata”.

[5] J. He, W. W. Chu, and Z. V. Liu, “Inferring privacy information from social networks,” in Proc.4th IEEE Int. Conf. Intell. Secur. Informatics, 2006, pp. 154–165. [6] in Liang, Wei You, Liangkun Liu, Wenchang Shi,” Scriptless Timing Attacks onWeb Browser Privacy”.

[7] C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell, “Protecting browser state from web privacy attacks,” in Proc. 15th Int. World Wide Web Conf., 2006, pp. 737–744.

[8] Lin-Shung Huang, Chris Evans,” Protecting Browsers from Cross-Origin CSS Attacks”. [9] A. Janc and L. Olejnik, “Web browser history detection as a realworld privacy threat,” in Proc. 15th Eur. Conf. Res. Comput. Secur., 2010, pp. 215–231. [10] Liang Zhao 1, Ting Hua1, Chang-Tien Lu and Ing-Ray Chen,” A Topic-focused Trust Model for Twitter”