Research On Several Data-Driven Security And Privacy Problems

The rapid development of the Internet makes mobile-app based online social networks become an indispensable part of people's lives.However,user privacy leakage and security issues are important assessment mechanisms to hinder the development of online social networks and mobile apps.This paper takes a data-driven approach to explore(1)location privacy and de-anonymization of Location-based Social Networks;(2)elite Sybil attacks in User-Review Social Networks and detection mechanisms of fake reviews;(3)malicious behaviors of mobile apps and generation of adversarial examples;(4)the ruling of the most important Internet privacy law of the decade and its realistic execution defects,which are detailed as follows:1.Location-based social networks reported in band distances seemingly protects users' privacy to a much greater extent via using this concentric band approach when reporting distances.We show,nevertheless,that by using fake GPS to carefully place multiple virtual probes,we can still pinpoint the discovered users' locations,even when band-based privacy protection mechanisms are used.We employ the number theory to prove that under some easily satisfiable conditions,we can locate a user within a circle of radius no greater than one meter.Recent anonymous social networks do not report any distance information about the message.We can still use fake GPS to carefully place multiple virtual probes to probe the presence or not presence of the message to infer the approximate origin of the message.We consider two methodologies: a supervised machine learning approach and an unsupervised heuristic approach to prove that anonymous social networks are also susceptible to localization attacks.2.User-Review Social Networks have large-scale elite Sybil attacks.By data analysis,we first demonstrate that Sybil organizations of Dianping utilize a hybrid cascading hierarchy,with the first tier recruiting elite Sybil workers and distributing tasks by Sybil organizers,and with the second tier posting fake reviews for profit by elite Sybil workers.Our results show that reviews from elite Sybil users are more spread out temporally,craft more convincing reviews,and have higher filter bypass rates.We also explore the economic factors for such complex evasive strategies.Finally,we propose a detection system that target elite Sybil users.3.We propose a streaminglized machine learning framework for malware detection.The framework,Storm Droid,demonstrates its accuracy and efficiency in classifying malicious applications,with accuracy up to 94%.Furthermore,we show how the conventional machine learning classifiers can fail against three types of attackers' adversarial examples.To address this threat,we therefore propose a detection system,Kuafu Det,and show it significantly reduces false negatives and boosts the detection accuracy by at least 15%.4.The ruling of Internet privacy law,“Right to be Forgotten”(RTBF),cause that Google and other search engines now delist links to web pages that contain “inadequate,irrelevant or no longer relevant,or excessive” information about that individual.In this paper we take a data-driven approach to study the RTBF in the traditional media outlets,its consequences,and its susceptibility to inference attacks.By studying delisted content,we show how a third party can discover delisted URLs along with the requesters' names as well as unknown delisted links.To measure the presence(or lack of presence)of a Streisand effect,we develop novel metrics and methodology based on Google Trends and Twitter data.Finally,we feel that specific technical execution should be exercised greater caution when creating new laws addressing online privacy.By studying above four directions using data-driven approaches,we expect our study to motivate better privacy and security protection design for the nextgeneration online social networks and mobile apps,and hope the results and observations in this paper can inform lawmakers as they refine Internet privacy in the future.