Social Networks and Web Security and Privacy

Research Statement

Web and social networking applications are essential parts of our daily life. Our research aims to make web and social networking applications secure and privacy-preserving. In particular, we study the social networks and web security and privacy problems that revolve around the data generated by them. For instance, the problems we focus on include, but not limited to, detecting fake, compromised, and fraudulent users in web services, uncovering new privacy attacks (e.g., attribute inference attacks, link inference attacks) to social network users and their defenses, securing recommender systems, as well as developing new user authentication methods for web applications. Our approach leverages data science techniques including machine/deep learning, network science, natural language processing, and optimization. A key challenge of leveraging data science for web and social networks security and privacy is how to incorporate the unique characteristics of the security and privacy problems. We are interested in developing new data science techniques to address the unique challenges of the security and privacy problems in social networks and web applications.


Attribute and link inference attacks and their defenses

We develop new machine learning techniques to infer social network users' private attributes (e.g., location, sexual orientation, political view) and hidden social relationships, using users' seemingly innocent data shared publicly in social networks. We also develop defenses for these privacy attacks.


We develop new de-anonymization attacks using users' writing style and social network structure.

Detecting Sybils, e.g., fake accounts, compromised accounts, and spammers

We develop new machine learning methods to detect fraudulent users in web services. Our methods leverage users' social network structure and behavior.

Secure and privacy-preserving recommender systems

Recommender system is an important component of many web applications to provide personalized services. We uncover new vulnerabilities of recommender systems, based on which an attacker can abuse recommender systems. Moreover, we propose defenses against such attacks.

User authentication

Web users rely on user authentication to protect their accounts. We develop new user authentication methods for web applications and devices (e.g., smartphone, IoT).

Location privacy


  • [Google+ dataset] for attribute inference, link inference, and de-anonymization.