IJIRST International Journal for Innovative Research in Science & Technology| Volume 3 | Issue 10 | March 2017

ISSN (online): 2349-6010

Identification of Malicious Facebooks

Applications
Eshan Bhatt
Department of Information Technology
K.J. Somaiya Institute of Engineering & Information
Technology, Sion, Mumbai, Maharashtra, India.
Smit Kotadia
Department of Information Technology
K.J. Somaiya Institute of Engineering & Information
Technology, Sion, Mumbai, Maharashtra, India.

Abstract
Our given paper is based on web security for Facebook users that access and use Facebook applications and are unaware of the
security threats that these applications pose. In the given paper we identify such malicious applications not only based on their
general characteristics, but also the specific parameters of the applications, identified based on the study. Malicious applications
[1] can be identified and the user that wishes to access the particular application is alerted even before the application is installed
on to the user profile. This prevents the users security from being harmed by the application. Also the proposed system
identifies the malicious applications that are not very popular unlike the existing system. The malicious applications harm the
security and the privacy of the vast user base of the social networking giant- Facebook, and this is points that have been taken
into consideration in the given paper.
Keywords: Malicious, Applications, malignant, spam, online social network
_______________________________________________________________________________________________________

I. INTRODUCTION

Social networking websites have now become a very important aspect of the modern times. The advantages of social networking
websites range from easy access to data to a connection with a person who is thousands of miles away. Nevertheless, where there
are advantages, lies about risks with it. After looking at the inexorable growth of social networking giants like Facebook, the
unscrupulous hackers have now directed their attention towards the massive user base of almost 500 million users of Facebook
and have started attacking users private data and for the same, hackers use the element of Facebooks Applications as the
medium to attack the users [3]. The amount and detail of private data stored in user profiles on these networks makes an
attractive target for marketing companies, spammers, spear phishers, and identity thieves. In the given paper, we strain to find
out and answer the question that is it possible to discover the malicious Facebooks applications from the non-malicious
applications? Facebook applications are a vital part of Facebook. Different categories of applications exist, from games to utility
based. However, besides the usefulness of these applications, lie certain unseen risks like the users private data fetching and
posting some content without the consent of the user. Based on the study, we know that the characteristics of the malicious and
non-malicious applications differ significantly, and in the proposed system, we identify these characteristics, using which we
identify [2] the different applications as malicious and non-malicious.

II. SURVEY

Based on the report and investigation of existing system, the previous system used to identify the malicious applications on the
Facebook only after they have performed their intended actions on the user's wall. However, the initial users still get affected.
However, we have added an additional feature than the previous one. In the proposed system, we are able to identify the
malicious application even before the users allow the application and give permission to the application for using it. Once the
application got the permission set required by the hacker, they post content on the user wall. Neither the existing system have
any sort of service through which the user could know before using the application, that whether it is benign or not. Even if the
user wants to check whether the application actually existed in Facebook or not, the user had to submit the application id to
Facebook and thus check it. A primary study to calculate and analyze spam campaigns launched on online social networks. They
calculated a huge anonymized dataset of asynchronous wall messages in between Facebook users. System detected generally
200,000 malicious wall posts with embedded URLs, originating from more than 57,000 user accounts. The study revealed that
the 97% of the malicious accounts were compromised accounts [8]. Also a way to identify that whether the application is
malicious or benign, the user takes the help of the community ratings, which are not reliable for identifying privacy risks a
application creates [9]. Also, the study reveals that 60% of the malicious applications get at least one hundred thousand clicks
[10]. In this system, we are alerting the user to even before the application is installed on to the particular user profile. Thus,
preventing the user from the hackers intent to hurt the users privacy or any other malicious intent. Also, the application is not
just classified based the posts that application puts up on behalf of the user, but it also identifies the parameters of the application
based on which the application can be classified as safe or not safe. These parameters are also decided based on the study that
has been attempted on a raft of applications. Since the given system identifies the application before it gets installed into the

All rights reserved by www.ijirst.org 135

 Identification of Malicious Facebooks Applications
(IJIRST/ Volume 3 / Issue 10/ 023)

profile of user, there is no chance that the users privacy data can be harmed by the application or the hacker. Thus, giving
premium security to the users profile on Facebook.

III. TECHNOLOGY USED IN EXISTING SYSTEM

There are many ways that hackers can benefit from a malicious app:
1) The app can reach large numbers of users and their friends to spread spam [7],
2) The app can obtain users personal information such as email address, home town, and gender, and
3) The app can re-produce" by making other malicious apps popular. To make matters worse, the deployment of malicious
apps is simplified by ready-to-use toolkits. In other words, there is motive and opportunity, and as a result, there are many
malicious apps spreading on web applications every day.
In the present system, there is an application called as My Page Keeper; which monitors the profiles of the Facebook users and
identifies the malicious url posted by the malicious Facebooks applications on the users wall. Then it marks that application and
badges it as malicious.
There was a study conducted, that consisted a constant monitoring of 91 million posts from 111k Facebooks applications. In
this study, if any applications post was found and identified malicious by My Page Keeper [4], then it marked that application as
malicious. Based on this heuristic, 6350 applications were found malicious. However, it is found that, malicious applications that
were not very famous and did not appear on myriad Facebooks users wall were not classified as malicious. However, the
proposed system identifies this problem and identifies malicious applications even if they are not popular.

IV. SYSTEM ARCHITECTURE OF PROPOSED SYSTEM

Proposed system is divided into two main modules. The first module is identifying application and second one is report the
malicious application to user. The architecture of proposed system is shown in following figure.
Identification of application:
Following are the sequence of steps for identification of apps. The system is initialized by the user. User needs to sign up with
basic details such as email id and password where email id will be a unique primary key. These details are stored in facbook
server. Many users are using facebook so anyone one can upload application in facebook.to upload apps in facebook permission
are needed .accepting these request apps are upload on facebook. For these we used SVM (support vector machine) classifier
method to identify application. SVM classifier detects the application and performing some classifying method. Based on that it
will decide the apps are malicious or not. If malicious apps are found then it will block the application. These malicious apps are
identify by certain parameter [6] .if benign apps are found then it will be accessed by the user.
App Upload Request

App Upload On
Facebook

Classi
fy

Malicious Benign

Block Use Application

Stop

Fig. 1: Flow Diagram of proposed system for identification of application

All rights reserved by www.ijirst.org 136

 Identification of Malicious Facebooks Applications
(IJIRST/ Volume 3 / Issue 10/ 023)

Report Application:
In this client communicate to application server for adding application on the facebook. Application server is act as middleware
between user and facebook server. Application server check the application based on certain parameter and identify that this app
is malicious or benign. If it respond 1M (malicious app) then application server shows alert message on screen [5].

Request Check
Application Malicious
Client server benign
Alert 1M

Fig. 2: Flow Diagram of report application to user

Existing System Proposed System

It allow user to access malicious app on facebook[1]
In existing there is no security of user data
Focuses on identifying malicious applications based on posts
and reviews[]
Cannot prevent attack from unpopular malicious application
Hacker try to advertise application through third party apps
The app can obtain users personal information such as email
address, home town, and gender.
Prevents accessing malicious application
It provides a better security to user data as compared to the existing system
Focuses on quantifying, profiling, and understanding and then classifying
malicious apps
Prevent the malicious attack from hacker.
Restriction of advertisement from third party apps and spamming of
application
System can detect malicious apps with higher accuracy and prevent the
access of private data by the application.

V. COMPARISON BETWEEN EXISTING SYSTEM AND PROPOSED SYSTEM.

The detailed study and the analyses of the applications helped us to reach a conclusion in which we were able to identify certain
apocryphal characteristics of the applications which and thus we identified the parameters of the applications for classification.
Also, we identified that the existing system was only able to identify that malicious applications that were already popular among
the users of Facebook and failing to identify the applications that were not so popular. The proposed system identifies this flaw
and acts accordingly.

VI. CONCLUSION

In this paper is written with help of the base paper Detecting Malicious Facebook Applications. Applications present
convenient means for hackers to spread malicious content on Facebook. However, little is understood about the characteristics of
malicious apps and how they operate. In this paper, an analysis of a large entity of malicious Facebook apps is observed and it is
found that malicious apps differ significantly from benevolent apps with respect to some features. For example, malicious apps
are much more likely to share names with other apps, and they typically ask for fewer Permissions than benevolent apps.
Leveraging our observations, System is developed, an accurate SVM classifier for detecting malicious Facebook applications.
We hope that Facebook will benefit from our recommendations for reducing the threaten of hackers on their platform.

ACKNOWLEDGEMENT

We wish to express our sincere gratitude to Mr. Harsh Bhor, Project Guide for providing us an opportunity to do our project
work in Web Security domain. We sincerely thank Mr. Uday Rote, HOD of IT Department and Mr. Harsh Bhor, Project
Coordinator for their guidance and encouragement in carrying out this project work. We also wish to express our gratitude to the
officials and other staff members of K.J Somaiya Institute of Engineering and Information Technology, who rendered their help
during the period of our project work.

REFERENCE
[1] Sazzadur Rahman,Ting-kai Humang,Michalis Faloutsos Detecting malicious facebook application IEEE/ACM Transaction on networking ,IEEE
conference , year 2016,volume-24.
[2] K. Thomas, C. Grier, J. Ma, V. Paxson and D. Song Design and evaluation of a real-time URL spam filtering service, IEEE/ACM symp, in year 2015.
[3] Rahman M S, T.-K. Huang, H. V. Madhyastha, and M. Faloutsos, Efficient and scalable software detection in online social networks, in Proc. USENIX
Security, year 2012
[4] ApP piggybacking example. 31TUhttps://apps.facebook.com/mypageke eper/U31T?status=scam_report_fb_survey_scam_
Converse_shoes_2012_05_17_boQ.
[5] Bitdefender Safego. http: //www.facebook.com/bitdefender.safego.

All rights reserved by www.ijirst.org 137

 Identification of Malicious Facebooks Applications
(IJIRST/ Volume 3 / Issue 10/ 023)

[6] H. Gao et al., Detecting and characterizing social spam campaigns, in Proc. IMC, 2010, pp. 3547.
[7] H. Gao, Y. Chen, K. Lee, D. Palsetia, and A. Choudhary, Towards online spam filtering in social networks, in Proc. NDSS, 2012.
[8] Hongyu Gao, Jun Hu, Christo Wilson,Zhichun Li, Yan Chen, Ben Y. Zhao Detecting and Characterizing Social Spam Campaigns
[9] Pern Hui Chia, Yusuke Yamamoto, N.Asokan Is this App Safe? A Large Scale Study on Application Permissions and Risk Signals .
[10] Sushma Nallamalli, Loya Chandrajit Yadav, Siva Parvathi, Karicharla Prasad A Survey on Detecting Malicious Facebook Applications using FRAppE
[11] G. Cluley The Pink Facebook rogue application and survey scam, 2012 [Online].
[12] G. Stringhini, C. Kruegel, and G. Vigna. Detecting spammers on social networks.
[13] H. Gao, Y. Chen, K. Lee, D. Palsetia, and A. Choudhary. Towards online spam filtering in social networks 2012.
[14] J. King, A. Lampinen, and A. Smolen. Privacy: Is there an app for that? In SOUPS, 2011.
[15] Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove. Analyzing facebook privacy settings: user expectations vs. reality. In IMC, 2011

All rights reserved by www.ijirst.org 138