TY - GEN
T1 - Stalking Online
T2 - 2nd ACM Conference on Data and Application Security and Privacy, CODASPY'12
AU - Yang, Yuhao
AU - Lutes, Jonathan
AU - Li, Fengjun
AU - Luo, Bo
AU - Liu, Peng
N1 - Funding Information:
Bo Luo was partially supported by NSF OIA-1028098 and University of Kansas General Research Fund 2301420. Peng Liu was partially supported by AFOSR FA9550-07-1-0527 (MURI), ARO W911NF-09-1-0525 (MURI), NSF CNS-0905131 and NSF CNS-0916469.
Publisher Copyright:
© 2012 ACM.
PY - 2012
Y1 - 2012
N2 - With the extreme popularity of Web and online social networks, a large amount of personal information has been made available over the Internet. On the other hand, advances in information retrieval, data mining and knowledge discovery technologies have enabled users to efficiently satisfy their information needs over the Internet or from large-scale data sets. However, such technologies also help the adversaries such as web stalkers to discover private information about their victims from mass data. In this paper, we study privacy-sensitive information that are accessible from the Web, and how these information could be utilized to discover personal identities. In the proposed scenario, an adversary is assumed to possess a small piece of "seed"information about a targeted user, and conduct extensive and intelligent search to identify the target over both the Web and an information repository collected from the Web. In particular, two types of attackers are modeled, namely tireless attackers and resourceful attackers. We then analyze detailed attacking mechanisms that could be performed by these attackers, and quantify the threats of both types of attacks to general Web users. With extensive experiments and sophisticated analysis, we show that a large portion of users with online presence are highly identifiable, even when only a small piece of (possibly inaccurate) seed information is known to the attackers.
AB - With the extreme popularity of Web and online social networks, a large amount of personal information has been made available over the Internet. On the other hand, advances in information retrieval, data mining and knowledge discovery technologies have enabled users to efficiently satisfy their information needs over the Internet or from large-scale data sets. However, such technologies also help the adversaries such as web stalkers to discover private information about their victims from mass data. In this paper, we study privacy-sensitive information that are accessible from the Web, and how these information could be utilized to discover personal identities. In the proposed scenario, an adversary is assumed to possess a small piece of "seed"information about a targeted user, and conduct extensive and intelligent search to identify the target over both the Web and an information repository collected from the Web. In particular, two types of attackers are modeled, namely tireless attackers and resourceful attackers. We then analyze detailed attacking mechanisms that could be performed by these attackers, and quantify the threats of both types of attacks to general Web users. With extensive experiments and sophisticated analysis, we show that a large portion of users with online presence are highly identifiable, even when only a small piece of (possibly inaccurate) seed information is known to the attackers.
UR - http://www.scopus.com/inward/record.url?scp=85016667581&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85016667581&partnerID=8YFLogxK
U2 - 10.1145/2133601.2133607
DO - 10.1145/2133601.2133607
M3 - Conference contribution
AN - SCOPUS:85016667581
SN - 9781450310918
T3 - CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
SP - 37
EP - 48
BT - CODASPY'12 - Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery
Y2 - 7 February 2012 through 9 February 2012
ER -