SlideShare ist ein Scribd-Unternehmen logo

Vulnerabilities and attacks targeting social networks and industrial control systems

ijcsa
ijcsa

Vulnerability is a weakness, shortcoming or flaw in the system or network infrastructure which can be used by an attacker to harm the system, disrupt its normal operation and use it for his financial, competitive or other motives or just for cyber escapades. In this paper, we re-examined the various types of attacks on industrial control systems as well as on social networking users. We have listed which all vulnerabilities were exploited for executing these attacks and their effects on these systems and social networks. The focus will be mainly on the vulnerabilities that are used in OSNs as the convertors which convert the social network into antisocial network and these networks can be further used for the network attacks on the users associated with the victim user whereby creating a consecutive chain of attacks on increasing number of social networking users. Another type of attack, Stuxnet Attack which was originally designed to attack Iran’s nuclear facilities is also discussed here which harms the system it controls by changing the code in that target system. The Stuxnet worm is a very treacherous and hazardous means of attack and is the first of its kind as it allows the attacker to manipulate real-time equipment.

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 DOI:10.5121/ijcsa.2014.4113 133 Vulnerabilities and Attacks Targeting Social Networks and Industrial Control Systems Dharmendra Singh1 , Rakhi Sinha2 , Pawan Songara3 and Dr. Rakesh Rathi4 1,4 Department of Computer Engineering, Govt. Engineering College, Ajmer 2 Department of Information Technology, Govt. Engineering College, Ajmer 3 Aricent Group Of Industries, Gurgaon Abstract: Vulnerability is a weakness, shortcoming or flaw in the system or network infrastructure which can be used by an attacker to harm the system, disrupt its normal operation and use it for his financial, competitive or other motives or just for cyber escapades. In this paper, we re-examined the various types of attacks on industrial control systems as well as on social networking users. We have listed which all vulnerabilities were exploited for executing these attacks and their effects on these systems and social networks. The focus will be mainly on the vulnerabilities that are used in OSNs as the convertors which convert the social network into antisocial network and these networks can be further used for the network attacks on the users associated with the victim user whereby creating a consecutive chain of attacks on increasing number of social networking users. Another type of attack, Stuxnet Attack which was originally designed to attack Iran’s nuclear facilities is also discussed here which harms the system it controls by changing the code in that target system. The Stuxnet worm is a very treacherous and hazardous means of attack and is the first of its kind as it allows the attacker to manipulate real-time equipment. Keywords: Online social networks, JPGvirus, Stuxnet worm, reverse social engineering attacks, Facebook application. 1. INTRODUCTION The popularity of online social networks (OSN) [1] is vastly growing in today’s world. The online communities developed by the OSNs are growing environments on the web to support modern interaction among the people around the Globe. Online social networks are very beneficial for the people for keeping in touch with friends, family members and other acquaintances, for research collaboration, data sharing, social campaigning and other constructive purposes. There are various social networks which are put to different purposes according to their usability. Some are used for professional and business collaborations like LinkedIn [2] and XING [3], whereas there are other OSNs like Facebook [4], Twitter [5], MySpace [6] and Orkut [7] which are primarily used for informal friendly interactions, photo and video sharing and entertainment. The massive acceptance of OSNs by the users provides opportunity to the attackers to create and launch new exploit and attacks every day. The growing popularity of facebook in turn, makes it a popular website vulnerable to reverse engineering attacks [8] and identity thefts and may turn a social network into an antisocial network. Antisocial network is the platform for the execution of
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 134 malicious threats as well as it provides unauthorized accesses like Denial of Service attack, propagation of malware etc. A very large distributed database is used for OSNs and this acts as an advantage to make exploitation ideal because OSNs include community of users that share the same interests in the form of applications. These users share the same applications with the help of platform openness. This openness results in a user installing the application which is malicious and infected. These above characteristics give attackers the chance to manipulate that user to act as antisocial against all the internet users which are connected to the victim user. In upcoming sections of this paper, the properties of Facebook which is a Real World Social Network are discussed and then the study about utilization of these properties to launch attacks on facebook users is explained. This survey paper also discusses about Stuxnet [9] which is an intelligently designed worm and uses some vulnerability in print spoolers and removable drives to make its way through windows based systems but ultimately targets industrial control systems. Industrial Control systems (ICS) used for a variety of industrial processes like manufacturing and refining, power generation, water management etc. [14] This type of critical infrastructure is managed by cyber-physical systems like SCADA [15] and use of internet based technologies to manage SCADA systems make them more susceptible to network based attacks with the intention to modify the code structure of PLCs (Programmable Logic Controllers). 2. BACKGROUND: A. Social Network Large number of people in the world use social networking sites like Facebook, LinkedIn in their daily life. Facebook is the fastest social networking site which is surfed very much across the globe [10]. Developers of the Facebook developed a platform and a large collection of applications for this website to make it more effective and interesting to the naive Facebook users. Users use these applications on facebook and share them according to common interests in their groups or communities and also invite their friends to share the application. Many applications are malicious and harmful among these applications which can affect the users’ personal information and also affect their friends in the same facebook community. B. Puppetnets Puppetnet [11] is an application which is used for the exploitation purpose of World Wide Web. There are different types of links included in the web page which can include many malicious links in between that can be used to harm the users on social networking sites like facebook, LinkedIn etc. Adversary or malicious user can also make special pages that include many malicious attacks and if the user downloads the malicious data from these links or pages, then the adversary can get benefit out of it. C. Statistical Distribution of infected machines by Stuxnet Worm in different countries of the world: When the Stuxnet worm was created, figures pointed out high rate of infection at some specific sites. But when the worm’s behaviour was discovered, there was a notable decrease in number of infections in the same areas. The following pie chart [16] and table [16] shows percentage of infected systems by Stuxnet worm since 2010 for top 14 countries. The most affected country is
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 135 Iran followed by mostly Asian countries. United States has only a small percentage of this infection. The high infection rate in some regions and low rate in the others depends on many factors, one of which is good quality security software is being used or not that is, in Asian countries most people like to use the free or trial versions of antivirus software that do not provide maximum protection against malware, malicious websites and they do not provide robust firewalls and shields. Figure1: Pie Chart depicting the percentage spread of Stuxnet Worm infection across the globe Table 1: Percentage of Stuxnet Worm infection across the globe D. Phases to create and host a facebook application: Facebook, a very popular social networking website includes a provision which allows the software developers around the globe to develop simple applications which then execute along with facebook network and can access user data such as friends’ list, inbox etc [12]. To create a facebook application, a developer application is required to be added to the facebook account of the developer and the development environment can be chosen from the various
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 136 facebook compatible environments like PHP, JavaScript, Flash/Action Script and Connect. The facebook non-compliant environments are Android, ASP.NET, ASP (VB Script, Jscript ), Cocoa, Cold- Fusion, C++, C#, D, Emacs Lisp, Erlang, Google Web Toolkit, Java, Lisp, Perl, Python, Ruby on Rails, Smalltalk,TcI, VB.NET, and Windows Mobile. The client libraries of the above frameworks are not yet supported by facebook but are likely to be added to facebook client libraries in future. The three essentials to be performed to implement and submit a facebook application are: i. A third-party web server where the hosted application will reside. ii. A facebook client library that is installed on hosting server. iii. A relational database management solution like MySQL for storing application user database. a. Registering a facebook application: A developer registers his creation in the form of facebook application by submitting a form specifying the details like application name and description, Canvas page URL and Canvas callback URL. A canvas page URL is the introductory page of a facebook application to which a user is redirected when he chooses to open a particular application whereas; the canvas callback URL is the location of the application on its host server. The developer then receives a confirmation from the facebook development team if the application is selected and included in the global facebook application directory from where the facebook users can now explore and add the application to their account. Some facebook elements that come handy to serve the purpose of easy application development are: i. Facebook Markup Languag (FBML): FBML as the name suggests, is derived from HTML and includes tags with following syntax: <fb: tagName/>. With the help of FBML, the application communicates with user profile to request user data. ii. Facebook Query Language (FQL): Various tables have been supplied by facebook to be queried for social user data. iii. Facebook JavaScript (FBJS): FBJS allows facebook application developers to use JavaScript, AJAX objects, animation libraries and other client libraries to develop versatile facebook applications. iv. Facebook API: APIs provide HTTP based communication with facebook API REST server and enables the developer to gather a particular user’s profile information. b. FBML canvas page redirection mechanism: The FBML canvas page redirection mechanism flow is shown in the above figure[17]. Firstly, a facebook user requests an application from the facebook server. In order to redirect the user’s browser to the application’s canvas URL, Facebook server asks for the call-back URL from the hosting server through an HTTP post request for retrieving the FBML of the canvas page. If some data is needed by the web hosting server, then it also sends an HTTP GET request to the Facebook REST server. After completion of these API method calls, the hosting server creates and returns the FBML of the requested application page to the Facebook server. The facebook server then translates this FBML into HTML and provides it to the user’s browser.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 137 Figure2: How an application page is displayed on a user’s browser E. Phases of Stuxnet: Stuxnet is the most sophisticated and dangerous worm that was introduced in July 2010, by attacking Iran’s nuclear facilities. Stuxnet affects approximately 60% of that attack on Iran as reported by Director of security response. According to the study done by Security experts in Iran, Stuxnet basically affects the Uranium facility due to which its rotational speed increases and decreases and as a result violates its normal behaviour. Stuxnet worm basically works in two phases: In first phase that is the “Propagation phase”, it propagates through the files and updates them. After that, in the second phase that is called the “Injection phase”, it searches for its actual target that is i-e Siemens WinCC control and monitoring systems. After finding them, it starts to deviate them from their normal behaviour. We have introduced those three vulnerabilities above that can be simulated through Metasploit framework. This framework can also be used to write code for different types of vulnerabilities. The following Figure[16] shows these phases: The Stuxnet rootkit spreads itself in four ways: with the help of flash drives or USB drives, while sharing data on networks or through print spooler or RPC vulnerability. Figure 3: Two Phases of Stuxnet Worm
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 138 3. Experimental Evaluation 3.1 Experimental Evaluation for facebook: 3.1.1 OSN as DDoS Platform Social websites like Facebook can be exploited or infected through Distributed Denial of Service attack [13] by any malicious application which generates self-executable files on victim’s system. When a user works on the system or opens a file, image etc, which has the hidden self-executable files, these files are spread in the whole system. The collection of computers that generate harmful files upon running malicious application on Facebook is called JPGvirus. 3.1.2 Experimental Setup This consists of creating a JPGvirus but it does not affect any facebook user. A common application of facebook is Photo album creation. When a facebook user clicks on a photo, it gets opened. The attack is preceded in the following way: Special FBML tags are inserted into the code, so whenever a user visits that page, a self-executable file named windows.exe is created inside Windows folder in C Drive of PC. A simple C program is created in the desired directory. Its executable is generated and is attached to image file with JPG extension. FBML tag <fb:iframe/> is used to include the hidden frames in HTML’s code. A technique which is discussed later is used to protect the privacy of a facebook user and prevent the extraction of information from the image requests that are made by user’s system compromised by malicious applications. Possible misuses in the fashion of Puppetnets: I. Host Scanning In this technique, hosts are scanned by the attacker for finding out an open port. Whenever the attacker finds an open port, he will send an HTTP request. II. Embedded Self-Signed Java Applets The common idea used in this is that java applets are embedded inside the developer’s applications and use this technique to create malicious self-signed applets which initiate the attack by asking the user to upload a file through a common file selector on their system. When the user uploads some file, then that self-signed applet has full control over the disk and accesses the user’s local disk. III. Personal Information Leakage The facebook enables the users to have full control over the information provided by it. User can also apply some privacy settings to keep their data private but the attacker can get the personal information provided by the user and use them to create fake profiles or access their accounts by using their personal information if the users install the malicious applications created by attacker. IV. Malware Propagation Malware can be propagated by the facebook applications if the server is exploited by URL embedded attack vector. When the user uses this application which is infected, this malware will be propagated. V. URL Scanner Cloaking In this technique, requests coming from some specific users can be filtered by facebook URL scanning system and the attacker then feed the customers with unwanted information or data. Content forging is yet another method of attacking in facebook.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 139 3.2 Experimental evaluation for Stuxnet: All of the three vulnerabilities caused by Stuxnet worm are defined below. This can be understood by an architectural diagram in which C&C server behaves as Backtrack 4 and Metasploit Framework acts as USB: 3.2.1 MS08_067_netapi (Server Service) This type of vulnerability is caused by Stuxnet by spreading itself through network either by file sharing or through shared folders. The PC which has been infected through this worm is connected to network and has the shared folder. When the other system on the network wants to access that shared folder, this vulnerability exploits that system also, through this shared folder or file. 3.2.2 MS10_061_spoolss (Print Spooler Server) The Print Spooler vulnerability caused by Stuxnet worm is MS10-061. This worm affects the systems that share a common printer. The effects due to this worm are done in basically two steps: injection phase and execution phase. Injection phase involves copying infected files into directory and execution phase does the main work of infection by impersonating a client, for instance, by sending two files in place of a single file. 3.2.3 MS10_046_dllloader (.LNK Vulnerability) When C&C server gives some specific commands, the coding of some system that is connected to it, gets changed. Then, at the time of execution, it will start giving alerts. Metasploit framework is an important tool that is commonly used to exploit different windows vulnerabilities. It is the first way in which Stuxnet rootkit distributes itself to other systems and infects them. According to the given architecture, this vulnerability is exploited to system containing Keil and proteous. Due to C&C server, the coding of system is changed and then the final output of that system will also be changed. It basically loads the icons of files from CPL Windows control panel and changes the file location info field in .LNK header. In this way, attacker finally succeeds in gaining the access to sensitive information when user proceeds to that malicious path. The above discussed three vulnerabilities can be simulated by using Metasploit Framework integrated with Linux Backtrack 4 in the below figure[9]. Basically, security professionals and researchers use Metasploit framework to exploit vulnerabilities, perform penetration testing. Backtrack is an extension of Linux which is particularly designed for performing functions aimed at maintaining network security for security professionals.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 140 Figure 4: Network Setup for the Transmission of Stuxnet Worm to the Target System 3.3 Defenses against JPGvirus and Stuxnet vulnerabilities The JPGvirus and Stuxnet vulnerabilities explained in this paper can be handled vigilantly by adopting following safety techniques: 3.3.1 Measures against JPGvirus A. Facebook’s Network Security System Facebook uses some inbuilt checks for blocking such malicious scripts. If some profile is caught posting such type of links, it is warned for deactivation by facebook security team. Figure 5: Steps for security check by Websense for a facebook internal link B. Websense Security Checks Websense is a popular computer security firm with which facebook has negotiated so that whenever a link is posted or clicked within facebook, it is examined by Websense ThreatSeeker Cloud and if it comes from an untrusted source, a warning message is shown to the user.
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 141 But due to the dynamic nature of the web content, Websense can only check links after posting; it cannot stop them from being posted. This flow can be understood from the figure[17] that is shown above. 3.3.2 Measures against Stuxnet Worm Some possible precautions to avoid the Stuxnet vulnerabilities from propagating are: A. MS10_061_spoolss vulnerability can be prevented by not allowing any executable file to be printed by printer. And if any executable file is allowed to be printed, it should have filename less than 10 characters. B. MS10_046_dllloader vulnerability can be prevented by not creating shortcut file of internet explorer. 4. CONCLUSION The number of social networking users is increasing day by day all over the world which makes these OSNs more susceptible to the reverse social engineering attacks, one of which is done with the help of JPGvirus discussed in this paper. We surveyed on how the attackers can take advantage of the facebook feature that is, third-party web servers are used to host the facebook applications. If the facebook applications will be hosted from the authentic facebook’s servers, then these JPGvirus attacks will lose much of their power. Another type of worm which was considered here is Stuxnet worm, which was mainly designed to cause the malfunctioning of nuclear power plants. It was designed so well that the system administrator was unaware till its last stage when most of the intended damage was already done and its disastrous effects could not be reversed. Finally, we aim to provide an understanding about how social network users can be cautious against the reverse social engineering attacks by understanding how a JPGvirus works and as far as Stuxnet worm is concerned above measures can help in maintaining computer system safety to a large extent. REFERENCES [1] D. Boyd and N.B. Ellison “social network sites” Definition, History, and scholarship”, J Computer- Mediated Commun., vol 13, No.1, 2007. [2] LinkedIn-Relationships Matter, http://www.linkedin.com. [3] XING-Social Network for Business Professionals. http://www.xing.com. [4] Facebook-Connect and share with the people in your life; http://www.facebook.com. [5] Twitter-Social site for professional communities; http://www.facebook.com. [6] MySpace, http://www.myspace.com. [7] Orkut, http://www.orkut.com. [8] “Reverse Social Engineering Attacks” Aleksandr Matrosov, Senior Virus Researcher Eugene Rodionov, Rootkit Analyst David Harley, Senior Research Fellow Juraj Malcho, Head of Virus Laboratory [9] “SWAM: Stuxnet Worm Analysis in Metasploit”, Rahat Masood, Um-e-Ghazia, Dr. Zahid Anwar, “Department of Computing School of Electrical Engineering and Computer Science (SEECS)”, National University of Science and Technology (NUST) Islamabad, Pakistan. [10] A. Mislove, M. Marcon, K. P. Gummadi, P. Drushcel, and B. Bhattacharjee. Measurement and Analysis of Online Social Networks. In IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet Measurement, pages 29_42, New York, NY, USA, 2007. ACM. [11] V. T. Lam, S. Antonatos, P. Akritidis, and K.G. Anagnostakis. Puppetnets: misusing web browsers as a distributed attack infrastructure. Tn CCS '06: Proceedings of the 13th ACM conference on Computer and Communications Security, pages 221_234, New York, NY, USA, 2006. ACM
International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 142 [12] Facebook Wiki for Developers, http://wiki.developerforce.com/page/ Facebook Toolkit.. [13] “DoS and DDoS Attack’s Possibility Verification on Streaming Media Application” CHEN LeiSoftware School FUDAN University Shanghai, China YE Dejian* Software School FUDAN University Shanghai,China2008 [14] S. Karnouskos, “Cyber-Physical Systems in the SmartGrid,” in IEEE 9th International Conference on July July 2011. [15] S. Karnouskos and A. W. Colombo, “Architecting the next generation of service-based SCADA/DCS system of systems,” in 37th Annual Conference of the IEEE Industrial Electronics Society (IECON 2011), Melbourne, Australia., 7–10 Nov 2011. [Online]. Available: http//sites.google.com/site/karnouskos/files/2011 IECON ngSCADA.pdf [16] Stuxnet Under the Microsope, Security Report, Revision 1.31 by Juraj Malcho, Head of Virus Laboratory, eset laboratories, US. [17] Vulnerabilities in Social Networking Sites by Pratibha Jagnere published under 2nd IEEE International Conference on Parallel, Distributed and Grid Computing, 2012 Authors Dharmendra Singh has completed his bachelor’s in technology from Stani Memorial College of Engineering and Technology Jaipur. He is currently pursuing M.Tech from Government Engineering College, Ajmer. His research interests include Network Security and Cyber warfare. Rakhi Sinha has obtained her bachelor's degree in technology from Govt. Women's Engineering College, Ajmer. She is currently pursuing her master’s from Govt. Engineering College, Ajmer. Her research interests include Cyber Espionage and Sabotage. Dr. Rakesh Rathi is currently serving as Assistant Professor in the Department of Computer Engineering in Government Engineering College, Ajmer. He is a CISCO certified academy instructor and is a member of several professional societies. He has taught in various institutions for about 13 years with 6 years of post graduate teaching. He has co-authored and supervised many international and national publications in conferences and journals.

Empfohlen

Detecting Malicious Facebook Applications
Detecting Malicious Facebook ApplicationsDetecting Malicious Facebook Applications
Detecting Malicious Facebook Applications1crore projects
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET Journal
 
identifying malevolent facebook requests
identifying malevolent facebook requestsidentifying malevolent facebook requests
identifying malevolent facebook requestsINFOGAIN PUBLICATION
 
Enhancement of Privacy and User Interaction in a Social Network with the Aid ...
Enhancement of Privacy and User Interaction in a Social Network with the Aid ...Enhancement of Privacy and User Interaction in a Social Network with the Aid ...
Enhancement of Privacy and User Interaction in a Social Network with the Aid ...rahulmonikasharma
 
How to Make the Most of the Post and Beat the Tweet: Social Media 101
How to Make the Most of the Post and Beat the Tweet: Social Media 101How to Make the Most of the Post and Beat the Tweet: Social Media 101
How to Make the Most of the Post and Beat the Tweet: Social Media 101Jason Rhode
 
Social networking-website-security-mitigation
Social networking-website-security-mitigationSocial networking-website-security-mitigation
Social networking-website-security-mitigationbipinsunar
 
A survey early detection of
A survey early detection ofA survey early detection of
A survey early detection ofijcsa
 
A survey on cloud security issues and techniques
A survey on cloud security issues and techniquesA survey on cloud security issues and techniques
A survey on cloud security issues and techniquesijcsa
 

Empfohlen

Detecting Malicious Facebook Applications
Detecting Malicious Facebook ApplicationsDetecting Malicious Facebook Applications
Detecting Malicious Facebook Applications1crore projects
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET Journal
 
identifying malevolent facebook requests
identifying malevolent facebook requestsidentifying malevolent facebook requests
identifying malevolent facebook requestsINFOGAIN PUBLICATION
 
Enhancement of Privacy and User Interaction in a Social Network with the Aid ...
Enhancement of Privacy and User Interaction in a Social Network with the Aid ...Enhancement of Privacy and User Interaction in a Social Network with the Aid ...
Enhancement of Privacy and User Interaction in a Social Network with the Aid ...rahulmonikasharma
 
How to Make the Most of the Post and Beat the Tweet: Social Media 101
How to Make the Most of the Post and Beat the Tweet: Social Media 101How to Make the Most of the Post and Beat the Tweet: Social Media 101
How to Make the Most of the Post and Beat the Tweet: Social Media 101Jason Rhode
 
Social networking-website-security-mitigation
Social networking-website-security-mitigationSocial networking-website-security-mitigation
Social networking-website-security-mitigationbipinsunar
 
A survey early detection of
A survey early detection ofA survey early detection of
A survey early detection ofijcsa
 
A survey on cloud security issues and techniques
A survey on cloud security issues and techniquesA survey on cloud security issues and techniques
A survey on cloud security issues and techniquesijcsa
 
Persian arabic document segmentation based on hybrid approach
Persian arabic document segmentation based on hybrid approachPersian arabic document segmentation based on hybrid approach
Persian arabic document segmentation based on hybrid approachijcsa
 
Nocs performance improvement using parallel transmission through wireless links
Nocs performance improvement using parallel transmission through wireless linksNocs performance improvement using parallel transmission through wireless links
Nocs performance improvement using parallel transmission through wireless linksijcsa
 
Modeling of manufacturing of a field effect transistor to determine condition...
Modeling of manufacturing of a field effect transistor to determine condition...Modeling of manufacturing of a field effect transistor to determine condition...
Modeling of manufacturing of a field effect transistor to determine condition...ijcsa
 
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...ijcsa
 
Some alternative ways to find m ambiguous binary words corresponding to a par...
Some alternative ways to find m ambiguous binary words corresponding to a par...Some alternative ways to find m ambiguous binary words corresponding to a par...
Some alternative ways to find m ambiguous binary words corresponding to a par...ijcsa
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Accelerating the ant colony optimization by
Accelerating the ant colony optimization byAccelerating the ant colony optimization by
Accelerating the ant colony optimization byijcsa
 
Impact of HeartBleed Bug in Android and Counter Measures
Impact of HeartBleed Bug in Android and Counter Measures Impact of HeartBleed Bug in Android and Counter Measures
Impact of HeartBleed Bug in Android and Counter Measures ijcsa
 
Implementation and performance evaluation of
Implementation and performance evaluation ofImplementation and performance evaluation of
Implementation and performance evaluation ofijcsa
 
Web log data analysis by enhanced fuzzy c
Web log data analysis by enhanced fuzzy cWeb log data analysis by enhanced fuzzy c
Web log data analysis by enhanced fuzzy cijcsa
 
Comparative study of augmented reality
Comparative study of augmented realityComparative study of augmented reality
Comparative study of augmented realityijcsa
 
Labview with dwt for denoising the blurred biometric images
Labview with dwt for denoising the blurred biometric imagesLabview with dwt for denoising the blurred biometric images
Labview with dwt for denoising the blurred biometric imagesijcsa
 
Robust face recognition by applying partitioning around medoids over eigen fa...
Robust face recognition by applying partitioning around medoids over eigen fa...Robust face recognition by applying partitioning around medoids over eigen fa...
Robust face recognition by applying partitioning around medoids over eigen fa...ijcsa
 
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...ijcsa
 
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnnAutomatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnnijcsa
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
Energy efficient mac protocols for wireless sensor network
Energy efficient mac protocols for wireless sensor networkEnergy efficient mac protocols for wireless sensor network
Energy efficient mac protocols for wireless sensor networkijcsa
 
Hagi
HagiHagi
HagiTom Aikins
 
Le Normandie
Le NormandieLe Normandie
Le NormandieTom Aikins
 
Bed Supperclub
Bed SupperclubBed Supperclub
Bed SupperclubTom Aikins
 
Exploring machine learning techniques for fake profile detection in online so...
Exploring machine learning techniques for fake profile detection in online so...Exploring machine learning techniques for fake profile detection in online so...
Exploring machine learning techniques for fake profile detection in online so...IJECEIAES
 
Vertex – The All in one Web Application
Vertex – The All in one Web ApplicationVertex – The All in one Web Application
Vertex – The All in one Web ApplicationIRJET Journal
 

Weitere ähnliche Inhalte

Andere mochten auch

Persian arabic document segmentation based on hybrid approach
Persian arabic document segmentation based on hybrid approachPersian arabic document segmentation based on hybrid approach
Persian arabic document segmentation based on hybrid approachijcsa
 
Nocs performance improvement using parallel transmission through wireless links
Nocs performance improvement using parallel transmission through wireless linksNocs performance improvement using parallel transmission through wireless links
Nocs performance improvement using parallel transmission through wireless linksijcsa
 
Modeling of manufacturing of a field effect transistor to determine condition...
Modeling of manufacturing of a field effect transistor to determine condition...Modeling of manufacturing of a field effect transistor to determine condition...
Modeling of manufacturing of a field effect transistor to determine condition...ijcsa
 
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...ijcsa
 
Some alternative ways to find m ambiguous binary words corresponding to a par...
Some alternative ways to find m ambiguous binary words corresponding to a par...Some alternative ways to find m ambiguous binary words corresponding to a par...
Some alternative ways to find m ambiguous binary words corresponding to a par...ijcsa
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityijcsa
 
Accelerating the ant colony optimization by
Accelerating the ant colony optimization byAccelerating the ant colony optimization by
Accelerating the ant colony optimization byijcsa
 
Impact of HeartBleed Bug in Android and Counter Measures
Impact of HeartBleed Bug in Android and Counter Measures Impact of HeartBleed Bug in Android and Counter Measures
Impact of HeartBleed Bug in Android and Counter Measures ijcsa
 
Implementation and performance evaluation of
Implementation and performance evaluation ofImplementation and performance evaluation of
Implementation and performance evaluation ofijcsa
 
Web log data analysis by enhanced fuzzy c
Web log data analysis by enhanced fuzzy cWeb log data analysis by enhanced fuzzy c
Web log data analysis by enhanced fuzzy cijcsa
 
Comparative study of augmented reality
Comparative study of augmented realityComparative study of augmented reality
Comparative study of augmented realityijcsa
 
Labview with dwt for denoising the blurred biometric images
Labview with dwt for denoising the blurred biometric imagesLabview with dwt for denoising the blurred biometric images
Labview with dwt for denoising the blurred biometric imagesijcsa
 
Robust face recognition by applying partitioning around medoids over eigen fa...
Robust face recognition by applying partitioning around medoids over eigen fa...Robust face recognition by applying partitioning around medoids over eigen fa...
Robust face recognition by applying partitioning around medoids over eigen fa...ijcsa
 
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...ijcsa
 
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnnAutomatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnnijcsa
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computingijcsa
 
Energy efficient mac protocols for wireless sensor network
Energy efficient mac protocols for wireless sensor networkEnergy efficient mac protocols for wireless sensor network
Energy efficient mac protocols for wireless sensor networkijcsa
 
Bed Supperclub
Bed SupperclubBed Supperclub
Bed SupperclubTom Aikins
 

Andere mochten auch (20)

Persian arabic document segmentation based on hybrid approach
Persian arabic document segmentation based on hybrid approachPersian arabic document segmentation based on hybrid approach
Persian arabic document segmentation based on hybrid approach
 
Nocs performance improvement using parallel transmission through wireless links
Nocs performance improvement using parallel transmission through wireless linksNocs performance improvement using parallel transmission through wireless links
Nocs performance improvement using parallel transmission through wireless links
 
Modeling of manufacturing of a field effect transistor to determine condition...
Modeling of manufacturing of a field effect transistor to determine condition...Modeling of manufacturing of a field effect transistor to determine condition...
Modeling of manufacturing of a field effect transistor to determine condition...
 
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
IMPACT OF DIFFERENT SELECTION STRATEGIES ON PERFORMANCE OF GA BASED INFORMATI...
 
Some alternative ways to find m ambiguous binary words corresponding to a par...
Some alternative ways to find m ambiguous binary words corresponding to a par...Some alternative ways to find m ambiguous binary words corresponding to a par...
Some alternative ways to find m ambiguous binary words corresponding to a par...
 
Vulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application securityVulnerability scanners a proactive approach to assess web application security
Vulnerability scanners a proactive approach to assess web application security
 
Accelerating the ant colony optimization by
Accelerating the ant colony optimization byAccelerating the ant colony optimization by
Accelerating the ant colony optimization by
 
Impact of HeartBleed Bug in Android and Counter Measures
Impact of HeartBleed Bug in Android and Counter Measures Impact of HeartBleed Bug in Android and Counter Measures
Impact of HeartBleed Bug in Android and Counter Measures
 
Implementation and performance evaluation of
Implementation and performance evaluation ofImplementation and performance evaluation of
Implementation and performance evaluation of
 
Web log data analysis by enhanced fuzzy c
Web log data analysis by enhanced fuzzy cWeb log data analysis by enhanced fuzzy c
Web log data analysis by enhanced fuzzy c
 
Comparative study of augmented reality
Comparative study of augmented realityComparative study of augmented reality
Comparative study of augmented reality
 
Labview with dwt for denoising the blurred biometric images
Labview with dwt for denoising the blurred biometric imagesLabview with dwt for denoising the blurred biometric images
Labview with dwt for denoising the blurred biometric images
 
Robust face recognition by applying partitioning around medoids over eigen fa...
Robust face recognition by applying partitioning around medoids over eigen fa...Robust face recognition by applying partitioning around medoids over eigen fa...
Robust face recognition by applying partitioning around medoids over eigen fa...
 
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
An ahp (analytic hierarchy process)fce (fuzzy comprehensive evaluation) based...
 
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnnAutomatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
Automatic speech emotion and speaker recognition based on hybrid gmm and ffbnn
 
Security issues in grid computing
Security issues in grid computingSecurity issues in grid computing
Security issues in grid computing
 
Energy efficient mac protocols for wireless sensor network
Energy efficient mac protocols for wireless sensor networkEnergy efficient mac protocols for wireless sensor network
Energy efficient mac protocols for wireless sensor network
 
Hagi
HagiHagi
Hagi
 
Le Normandie
Le NormandieLe Normandie
Le Normandie
 
Bed Supperclub
Bed SupperclubBed Supperclub
Bed Supperclub
 

Ähnlich wie Vulnerabilities and attacks targeting social networks and industrial control systems

Exploring machine learning techniques for fake profile detection in online so...
Exploring machine learning techniques for fake profile detection in online so...Exploring machine learning techniques for fake profile detection in online so...
Exploring machine learning techniques for fake profile detection in online so...IJECEIAES
 
Vertex – The All in one Web Application
Vertex – The All in one Web ApplicationVertex – The All in one Web Application
Vertex – The All in one Web ApplicationIRJET Journal
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Chandrakanth Narreddy
 
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...CSEIJJournal
 
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...CSEIJJournal
 
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONA CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONijasa
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET Journal
 
Threats and Anti-threats Strategies for Social Networking Websites
Threats and Anti-threats Strategies for Social Networking WebsitesThreats and Anti-threats Strategies for Social Networking Websites
Threats and Anti-threats Strategies for Social Networking WebsitesIJCNCJournal
 
Understanding Social Platforms by Version One Ventures
Understanding Social Platforms by Version One VenturesUnderstanding Social Platforms by Version One Ventures
Understanding Social Platforms by Version One VenturesAngela Tran Kingyens
 
My direct a middleware for p2 p mobile social networks
My direct a middleware for p2 p mobile social networksMy direct a middleware for p2 p mobile social networks
My direct a middleware for p2 p mobile social networksIJCNCJournal
 
App ecologies: Mapping apps and their support networks
App ecologies: Mapping apps and their support networksApp ecologies: Mapping apps and their support networks
App ecologies: Mapping apps and their support networkscgrltz
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docxjoyjonna282
 
An Investigation On The Characteristics Of Mobile Applications A Survey Study
An Investigation On The Characteristics Of Mobile Applications A Survey StudyAn Investigation On The Characteristics Of Mobile Applications A Survey Study
An Investigation On The Characteristics Of Mobile Applications A Survey StudySara Perez
 
IRJET- Animal Welfare and Wellness Application using Javascript
IRJET- Animal Welfare and Wellness Application using JavascriptIRJET- Animal Welfare and Wellness Application using Javascript
IRJET- Animal Welfare and Wellness Application using JavascriptIRJET Journal
 
EMPOWERMENT TECHNOLOGIES.pptx
EMPOWERMENT TECHNOLOGIES.pptxEMPOWERMENT TECHNOLOGIES.pptx
EMPOWERMENT TECHNOLOGIES.pptxTedsTV
 
Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Shady A. Alefrangy
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET Journal
 

Ähnlich wie Vulnerabilities and attacks targeting social networks and industrial control systems (20)

Exploring machine learning techniques for fake profile detection in online so...
Exploring machine learning techniques for fake profile detection in online so...Exploring machine learning techniques for fake profile detection in online so...
Exploring machine learning techniques for fake profile detection in online so...
 
Vertex – The All in one Web Application
Vertex – The All in one Web ApplicationVertex – The All in one Web Application
Vertex – The All in one Web Application
 
IJET-V3I2P6
IJET-V3I2P6IJET-V3I2P6
IJET-V3I2P6
 
Insecure trends in web technologies 2009
Insecure trends in web technologies 2009Insecure trends in web technologies 2009
Insecure trends in web technologies 2009
 
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...
 
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...
 
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATIONA CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
A CONCEPTUAL FRAMEWORK OF A DETECTIVE MODEL FOR SOCIAL BOT CLASSIFICATION
 
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
IRJET- App Misbehaviour Check: Development of Virus Modeling, Propagation...
 
Threats and Anti-threats Strategies for Social Networking Websites
Threats and Anti-threats Strategies for Social Networking WebsitesThreats and Anti-threats Strategies for Social Networking Websites
Threats and Anti-threats Strategies for Social Networking Websites
 
Understanding Social Platforms by Version One Ventures
Understanding Social Platforms by Version One VenturesUnderstanding Social Platforms by Version One Ventures
Understanding Social Platforms by Version One Ventures
 
My direct a middleware for p2 p mobile social networks
My direct a middleware for p2 p mobile social networksMy direct a middleware for p2 p mobile social networks
My direct a middleware for p2 p mobile social networks
 
App ecologies: Mapping apps and their support networks
App ecologies: Mapping apps and their support networksApp ecologies: Mapping apps and their support networks
App ecologies: Mapping apps and their support networks
 
Android malware
Android malwareAndroid malware
Android malware
 
Android malware
Android malwareAndroid malware
Android malware
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
 
An Investigation On The Characteristics Of Mobile Applications A Survey Study
An Investigation On The Characteristics Of Mobile Applications A Survey StudyAn Investigation On The Characteristics Of Mobile Applications A Survey Study
An Investigation On The Characteristics Of Mobile Applications A Survey Study
 
IRJET- Animal Welfare and Wellness Application using Javascript
IRJET- Animal Welfare and Wellness Application using JavascriptIRJET- Animal Welfare and Wellness Application using Javascript
IRJET- Animal Welfare and Wellness Application using Javascript
 
EMPOWERMENT TECHNOLOGIES.pptx
EMPOWERMENT TECHNOLOGIES.pptxEMPOWERMENT TECHNOLOGIES.pptx
EMPOWERMENT TECHNOLOGIES.pptx
 
Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0Enhancing communication and cooperation with web 2.0
Enhancing communication and cooperation with web 2.0
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
 

Kürzlich hochgeladen

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Kürzlich hochgeladen (20)

DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Vulnerabilities and attacks targeting social networks and industrial control systems

  • 1. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 DOI:10.5121/ijcsa.2014.4113 133 Vulnerabilities and Attacks Targeting Social Networks and Industrial Control Systems Dharmendra Singh1 , Rakhi Sinha2 , Pawan Songara3 and Dr. Rakesh Rathi4 1,4 Department of Computer Engineering, Govt. Engineering College, Ajmer 2 Department of Information Technology, Govt. Engineering College, Ajmer 3 Aricent Group Of Industries, Gurgaon Abstract: Vulnerability is a weakness, shortcoming or flaw in the system or network infrastructure which can be used by an attacker to harm the system, disrupt its normal operation and use it for his financial, competitive or other motives or just for cyber escapades. In this paper, we re-examined the various types of attacks on industrial control systems as well as on social networking users. We have listed which all vulnerabilities were exploited for executing these attacks and their effects on these systems and social networks. The focus will be mainly on the vulnerabilities that are used in OSNs as the convertors which convert the social network into antisocial network and these networks can be further used for the network attacks on the users associated with the victim user whereby creating a consecutive chain of attacks on increasing number of social networking users. Another type of attack, Stuxnet Attack which was originally designed to attack Iran’s nuclear facilities is also discussed here which harms the system it controls by changing the code in that target system. The Stuxnet worm is a very treacherous and hazardous means of attack and is the first of its kind as it allows the attacker to manipulate real-time equipment. Keywords: Online social networks, JPGvirus, Stuxnet worm, reverse social engineering attacks, Facebook application. 1. INTRODUCTION The popularity of online social networks (OSN) [1] is vastly growing in today’s world. The online communities developed by the OSNs are growing environments on the web to support modern interaction among the people around the Globe. Online social networks are very beneficial for the people for keeping in touch with friends, family members and other acquaintances, for research collaboration, data sharing, social campaigning and other constructive purposes. There are various social networks which are put to different purposes according to their usability. Some are used for professional and business collaborations like LinkedIn [2] and XING [3], whereas there are other OSNs like Facebook [4], Twitter [5], MySpace [6] and Orkut [7] which are primarily used for informal friendly interactions, photo and video sharing and entertainment. The massive acceptance of OSNs by the users provides opportunity to the attackers to create and launch new exploit and attacks every day. The growing popularity of facebook in turn, makes it a popular website vulnerable to reverse engineering attacks [8] and identity thefts and may turn a social network into an antisocial network. Antisocial network is the platform for the execution of
  • 2. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 134 malicious threats as well as it provides unauthorized accesses like Denial of Service attack, propagation of malware etc. A very large distributed database is used for OSNs and this acts as an advantage to make exploitation ideal because OSNs include community of users that share the same interests in the form of applications. These users share the same applications with the help of platform openness. This openness results in a user installing the application which is malicious and infected. These above characteristics give attackers the chance to manipulate that user to act as antisocial against all the internet users which are connected to the victim user. In upcoming sections of this paper, the properties of Facebook which is a Real World Social Network are discussed and then the study about utilization of these properties to launch attacks on facebook users is explained. This survey paper also discusses about Stuxnet [9] which is an intelligently designed worm and uses some vulnerability in print spoolers and removable drives to make its way through windows based systems but ultimately targets industrial control systems. Industrial Control systems (ICS) used for a variety of industrial processes like manufacturing and refining, power generation, water management etc. [14] This type of critical infrastructure is managed by cyber-physical systems like SCADA [15] and use of internet based technologies to manage SCADA systems make them more susceptible to network based attacks with the intention to modify the code structure of PLCs (Programmable Logic Controllers). 2. BACKGROUND: A. Social Network Large number of people in the world use social networking sites like Facebook, LinkedIn in their daily life. Facebook is the fastest social networking site which is surfed very much across the globe [10]. Developers of the Facebook developed a platform and a large collection of applications for this website to make it more effective and interesting to the naive Facebook users. Users use these applications on facebook and share them according to common interests in their groups or communities and also invite their friends to share the application. Many applications are malicious and harmful among these applications which can affect the users’ personal information and also affect their friends in the same facebook community. B. Puppetnets Puppetnet [11] is an application which is used for the exploitation purpose of World Wide Web. There are different types of links included in the web page which can include many malicious links in between that can be used to harm the users on social networking sites like facebook, LinkedIn etc. Adversary or malicious user can also make special pages that include many malicious attacks and if the user downloads the malicious data from these links or pages, then the adversary can get benefit out of it. C. Statistical Distribution of infected machines by Stuxnet Worm in different countries of the world: When the Stuxnet worm was created, figures pointed out high rate of infection at some specific sites. But when the worm’s behaviour was discovered, there was a notable decrease in number of infections in the same areas. The following pie chart [16] and table [16] shows percentage of infected systems by Stuxnet worm since 2010 for top 14 countries. The most affected country is
  • 3. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 135 Iran followed by mostly Asian countries. United States has only a small percentage of this infection. The high infection rate in some regions and low rate in the others depends on many factors, one of which is good quality security software is being used or not that is, in Asian countries most people like to use the free or trial versions of antivirus software that do not provide maximum protection against malware, malicious websites and they do not provide robust firewalls and shields. Figure1: Pie Chart depicting the percentage spread of Stuxnet Worm infection across the globe Table 1: Percentage of Stuxnet Worm infection across the globe D. Phases to create and host a facebook application: Facebook, a very popular social networking website includes a provision which allows the software developers around the globe to develop simple applications which then execute along with facebook network and can access user data such as friends’ list, inbox etc [12]. To create a facebook application, a developer application is required to be added to the facebook account of the developer and the development environment can be chosen from the various
  • 4. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 136 facebook compatible environments like PHP, JavaScript, Flash/Action Script and Connect. The facebook non-compliant environments are Android, ASP.NET, ASP (VB Script, Jscript ), Cocoa, Cold- Fusion, C++, C#, D, Emacs Lisp, Erlang, Google Web Toolkit, Java, Lisp, Perl, Python, Ruby on Rails, Smalltalk,TcI, VB.NET, and Windows Mobile. The client libraries of the above frameworks are not yet supported by facebook but are likely to be added to facebook client libraries in future. The three essentials to be performed to implement and submit a facebook application are: i. A third-party web server where the hosted application will reside. ii. A facebook client library that is installed on hosting server. iii. A relational database management solution like MySQL for storing application user database. a. Registering a facebook application: A developer registers his creation in the form of facebook application by submitting a form specifying the details like application name and description, Canvas page URL and Canvas callback URL. A canvas page URL is the introductory page of a facebook application to which a user is redirected when he chooses to open a particular application whereas; the canvas callback URL is the location of the application on its host server. The developer then receives a confirmation from the facebook development team if the application is selected and included in the global facebook application directory from where the facebook users can now explore and add the application to their account. Some facebook elements that come handy to serve the purpose of easy application development are: i. Facebook Markup Languag (FBML): FBML as the name suggests, is derived from HTML and includes tags with following syntax: <fb: tagName/>. With the help of FBML, the application communicates with user profile to request user data. ii. Facebook Query Language (FQL): Various tables have been supplied by facebook to be queried for social user data. iii. Facebook JavaScript (FBJS): FBJS allows facebook application developers to use JavaScript, AJAX objects, animation libraries and other client libraries to develop versatile facebook applications. iv. Facebook API: APIs provide HTTP based communication with facebook API REST server and enables the developer to gather a particular user’s profile information. b. FBML canvas page redirection mechanism: The FBML canvas page redirection mechanism flow is shown in the above figure[17]. Firstly, a facebook user requests an application from the facebook server. In order to redirect the user’s browser to the application’s canvas URL, Facebook server asks for the call-back URL from the hosting server through an HTTP post request for retrieving the FBML of the canvas page. If some data is needed by the web hosting server, then it also sends an HTTP GET request to the Facebook REST server. After completion of these API method calls, the hosting server creates and returns the FBML of the requested application page to the Facebook server. The facebook server then translates this FBML into HTML and provides it to the user’s browser.
  • 5. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 137 Figure2: How an application page is displayed on a user’s browser E. Phases of Stuxnet: Stuxnet is the most sophisticated and dangerous worm that was introduced in July 2010, by attacking Iran’s nuclear facilities. Stuxnet affects approximately 60% of that attack on Iran as reported by Director of security response. According to the study done by Security experts in Iran, Stuxnet basically affects the Uranium facility due to which its rotational speed increases and decreases and as a result violates its normal behaviour. Stuxnet worm basically works in two phases: In first phase that is the “Propagation phase”, it propagates through the files and updates them. After that, in the second phase that is called the “Injection phase”, it searches for its actual target that is i-e Siemens WinCC control and monitoring systems. After finding them, it starts to deviate them from their normal behaviour. We have introduced those three vulnerabilities above that can be simulated through Metasploit framework. This framework can also be used to write code for different types of vulnerabilities. The following Figure[16] shows these phases: The Stuxnet rootkit spreads itself in four ways: with the help of flash drives or USB drives, while sharing data on networks or through print spooler or RPC vulnerability. Figure 3: Two Phases of Stuxnet Worm
  • 6. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 138 3. Experimental Evaluation 3.1 Experimental Evaluation for facebook: 3.1.1 OSN as DDoS Platform Social websites like Facebook can be exploited or infected through Distributed Denial of Service attack [13] by any malicious application which generates self-executable files on victim’s system. When a user works on the system or opens a file, image etc, which has the hidden self-executable files, these files are spread in the whole system. The collection of computers that generate harmful files upon running malicious application on Facebook is called JPGvirus. 3.1.2 Experimental Setup This consists of creating a JPGvirus but it does not affect any facebook user. A common application of facebook is Photo album creation. When a facebook user clicks on a photo, it gets opened. The attack is preceded in the following way: Special FBML tags are inserted into the code, so whenever a user visits that page, a self-executable file named windows.exe is created inside Windows folder in C Drive of PC. A simple C program is created in the desired directory. Its executable is generated and is attached to image file with JPG extension. FBML tag <fb:iframe/> is used to include the hidden frames in HTML’s code. A technique which is discussed later is used to protect the privacy of a facebook user and prevent the extraction of information from the image requests that are made by user’s system compromised by malicious applications. Possible misuses in the fashion of Puppetnets: I. Host Scanning In this technique, hosts are scanned by the attacker for finding out an open port. Whenever the attacker finds an open port, he will send an HTTP request. II. Embedded Self-Signed Java Applets The common idea used in this is that java applets are embedded inside the developer’s applications and use this technique to create malicious self-signed applets which initiate the attack by asking the user to upload a file through a common file selector on their system. When the user uploads some file, then that self-signed applet has full control over the disk and accesses the user’s local disk. III. Personal Information Leakage The facebook enables the users to have full control over the information provided by it. User can also apply some privacy settings to keep their data private but the attacker can get the personal information provided by the user and use them to create fake profiles or access their accounts by using their personal information if the users install the malicious applications created by attacker. IV. Malware Propagation Malware can be propagated by the facebook applications if the server is exploited by URL embedded attack vector. When the user uses this application which is infected, this malware will be propagated. V. URL Scanner Cloaking In this technique, requests coming from some specific users can be filtered by facebook URL scanning system and the attacker then feed the customers with unwanted information or data. Content forging is yet another method of attacking in facebook.
  • 7. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 139 3.2 Experimental evaluation for Stuxnet: All of the three vulnerabilities caused by Stuxnet worm are defined below. This can be understood by an architectural diagram in which C&C server behaves as Backtrack 4 and Metasploit Framework acts as USB: 3.2.1 MS08_067_netapi (Server Service) This type of vulnerability is caused by Stuxnet by spreading itself through network either by file sharing or through shared folders. The PC which has been infected through this worm is connected to network and has the shared folder. When the other system on the network wants to access that shared folder, this vulnerability exploits that system also, through this shared folder or file. 3.2.2 MS10_061_spoolss (Print Spooler Server) The Print Spooler vulnerability caused by Stuxnet worm is MS10-061. This worm affects the systems that share a common printer. The effects due to this worm are done in basically two steps: injection phase and execution phase. Injection phase involves copying infected files into directory and execution phase does the main work of infection by impersonating a client, for instance, by sending two files in place of a single file. 3.2.3 MS10_046_dllloader (.LNK Vulnerability) When C&C server gives some specific commands, the coding of some system that is connected to it, gets changed. Then, at the time of execution, it will start giving alerts. Metasploit framework is an important tool that is commonly used to exploit different windows vulnerabilities. It is the first way in which Stuxnet rootkit distributes itself to other systems and infects them. According to the given architecture, this vulnerability is exploited to system containing Keil and proteous. Due to C&C server, the coding of system is changed and then the final output of that system will also be changed. It basically loads the icons of files from CPL Windows control panel and changes the file location info field in .LNK header. In this way, attacker finally succeeds in gaining the access to sensitive information when user proceeds to that malicious path. The above discussed three vulnerabilities can be simulated by using Metasploit Framework integrated with Linux Backtrack 4 in the below figure[9]. Basically, security professionals and researchers use Metasploit framework to exploit vulnerabilities, perform penetration testing. Backtrack is an extension of Linux which is particularly designed for performing functions aimed at maintaining network security for security professionals.
  • 8. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 140 Figure 4: Network Setup for the Transmission of Stuxnet Worm to the Target System 3.3 Defenses against JPGvirus and Stuxnet vulnerabilities The JPGvirus and Stuxnet vulnerabilities explained in this paper can be handled vigilantly by adopting following safety techniques: 3.3.1 Measures against JPGvirus A. Facebook’s Network Security System Facebook uses some inbuilt checks for blocking such malicious scripts. If some profile is caught posting such type of links, it is warned for deactivation by facebook security team. Figure 5: Steps for security check by Websense for a facebook internal link B. Websense Security Checks Websense is a popular computer security firm with which facebook has negotiated so that whenever a link is posted or clicked within facebook, it is examined by Websense ThreatSeeker Cloud and if it comes from an untrusted source, a warning message is shown to the user.
  • 9. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 141 But due to the dynamic nature of the web content, Websense can only check links after posting; it cannot stop them from being posted. This flow can be understood from the figure[17] that is shown above. 3.3.2 Measures against Stuxnet Worm Some possible precautions to avoid the Stuxnet vulnerabilities from propagating are: A. MS10_061_spoolss vulnerability can be prevented by not allowing any executable file to be printed by printer. And if any executable file is allowed to be printed, it should have filename less than 10 characters. B. MS10_046_dllloader vulnerability can be prevented by not creating shortcut file of internet explorer. 4. CONCLUSION The number of social networking users is increasing day by day all over the world which makes these OSNs more susceptible to the reverse social engineering attacks, one of which is done with the help of JPGvirus discussed in this paper. We surveyed on how the attackers can take advantage of the facebook feature that is, third-party web servers are used to host the facebook applications. If the facebook applications will be hosted from the authentic facebook’s servers, then these JPGvirus attacks will lose much of their power. Another type of worm which was considered here is Stuxnet worm, which was mainly designed to cause the malfunctioning of nuclear power plants. It was designed so well that the system administrator was unaware till its last stage when most of the intended damage was already done and its disastrous effects could not be reversed. Finally, we aim to provide an understanding about how social network users can be cautious against the reverse social engineering attacks by understanding how a JPGvirus works and as far as Stuxnet worm is concerned above measures can help in maintaining computer system safety to a large extent. REFERENCES [1] D. Boyd and N.B. Ellison “social network sites” Definition, History, and scholarship”, J Computer- Mediated Commun., vol 13, No.1, 2007. [2] LinkedIn-Relationships Matter, http://www.linkedin.com. [3] XING-Social Network for Business Professionals. http://www.xing.com. [4] Facebook-Connect and share with the people in your life; http://www.facebook.com. [5] Twitter-Social site for professional communities; http://www.facebook.com. [6] MySpace, http://www.myspace.com. [7] Orkut, http://www.orkut.com. [8] “Reverse Social Engineering Attacks” Aleksandr Matrosov, Senior Virus Researcher Eugene Rodionov, Rootkit Analyst David Harley, Senior Research Fellow Juraj Malcho, Head of Virus Laboratory [9] “SWAM: Stuxnet Worm Analysis in Metasploit”, Rahat Masood, Um-e-Ghazia, Dr. Zahid Anwar, “Department of Computing School of Electrical Engineering and Computer Science (SEECS)”, National University of Science and Technology (NUST) Islamabad, Pakistan. [10] A. Mislove, M. Marcon, K. P. Gummadi, P. Drushcel, and B. Bhattacharjee. Measurement and Analysis of Online Social Networks. In IMC '07: Proceedings of the 7th ACM SIGCOMM conference on Internet Measurement, pages 29_42, New York, NY, USA, 2007. ACM. [11] V. T. Lam, S. Antonatos, P. Akritidis, and K.G. Anagnostakis. Puppetnets: misusing web browsers as a distributed attack infrastructure. Tn CCS '06: Proceedings of the 13th ACM conference on Computer and Communications Security, pages 221_234, New York, NY, USA, 2006. ACM
  • 10. International Journal on Computational Sciences & Applications (IJCSA) Vol.4, No.1, February 2014 142 [12] Facebook Wiki for Developers, http://wiki.developerforce.com/page/ Facebook Toolkit.. [13] “DoS and DDoS Attack’s Possibility Verification on Streaming Media Application” CHEN LeiSoftware School FUDAN University Shanghai, China YE Dejian* Software School FUDAN University Shanghai,China2008 [14] S. Karnouskos, “Cyber-Physical Systems in the SmartGrid,” in IEEE 9th International Conference on July July 2011. [15] S. Karnouskos and A. W. Colombo, “Architecting the next generation of service-based SCADA/DCS system of systems,” in 37th Annual Conference of the IEEE Industrial Electronics Society (IECON 2011), Melbourne, Australia., 7–10 Nov 2011. [Online]. Available: http//sites.google.com/site/karnouskos/files/2011 IECON ngSCADA.pdf [16] Stuxnet Under the Microsope, Security Report, Revision 1.31 by Juraj Malcho, Head of Virus Laboratory, eset laboratories, US. [17] Vulnerabilities in Social Networking Sites by Pratibha Jagnere published under 2nd IEEE International Conference on Parallel, Distributed and Grid Computing, 2012 Authors Dharmendra Singh has completed his bachelor’s in technology from Stani Memorial College of Engineering and Technology Jaipur. He is currently pursuing M.Tech from Government Engineering College, Ajmer. His research interests include Network Security and Cyber warfare. Rakhi Sinha has obtained her bachelor's degree in technology from Govt. Women's Engineering College, Ajmer. She is currently pursuing her master’s from Govt. Engineering College, Ajmer. Her research interests include Cyber Espionage and Sabotage. Dr. Rakesh Rathi is currently serving as Assistant Professor in the Department of Computer Engineering in Government Engineering College, Ajmer. He is a CISCO certified academy instructor and is a member of several professional societies. He has taught in various institutions for about 13 years with 6 years of post graduate teaching. He has co-authored and supervised many international and national publications in conferences and journals.