AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (7.4 MB)
Submit Manuscript AI Chat Paper
Show Outline
Show full outline
Hide outline
Show full outline
Hide outline
Open Access

Security and Privacy in Metaverse: A Comprehensive Survey

Department of Software Engineering and Game Development, Kennesaw State University, Atlanta, CA 30060, USA
Department of Computer Science, Georgia State University, Atlanta, CA 30303, USA
Show Author Information


Metaverse describes a new shape of cyberspace and has become a hot-trending word since 2021. There are many explanations about what Meterverse is and attempts to provide a formal standard or definition of Metaverse. However, these definitions could hardly reach universal acceptance. Rather than providing a formal definition of the Metaverse, we list four must-have characteristics of the Metaverse: socialization, immersive interaction, real world-building, and expandability. These characteristics not only carve the Metaverse into a novel and fantastic digital world, but also make it suffer from all security/privacy risks, such as personal information leakage, eavesdropping, unauthorized access, phishing, data injection, broken authentication, insecure design, and more. This paper first introduces the four characteristics, then the current progress and typical applications of the Metaverse are surveyed and categorized into four economic sectors. Based on the four characteristics and the findings of the current progress, the security and privacy issues in the Metaverse are investigated. We then identify and discuss more potential critical security and privacy issues that can be caused by combining the four characteristics. Lastly, the paper also raises some other concerns regarding society and humanity.


D. Pine, Into the metaverse,, 2022.
G. Damiana, A. Magnifico, E. S. Junqueira, L. Nicosia, and M. Wagner, Book review: Multimodal pedagogies in diverse classrooms: Representation, rights and resources, the digital pencil: One-to-one computing for children, the second life herald: The virtual tabloid that witnessed the dawn of the metaverse, the media and international communication, E-Learning and Digital Media, vol. 5, no. 4, pp. 497–507, 2008.
D. A. F. Gui, L. Li, D. Wong, and G. A. Yeung, ‘Good to use for virtual consultation time’: Second Life activities for and beyond the technical and web-based English writing classroom, Metaverse Creativity, vol. 2, no. 1, pp. 57–76, 2012.
A. Boa-Ventura, Virtual worlds and behavioral change,, 2012.
A. G. B. Fisher, Production, primary, secondary and tertiary, Economic Record, vol. 15, no. 1, pp. 24–38, 1939.
W. Hurst, F. R. Mendoza, and B. Tekinerdogan, Augmented reality in precision farming: Concepts and applications, Smart Cities, vol. 4, no. 4, pp. 1454–1468, 2021.
W. Zhu, X. Fan, and Y. Zhang, Applications and research trends of digital human models in the manufacturing industry, Virtual Reality & Intelligent Hardware, vol. 1, no. 6, pp. 558–579, 2019.
Emirates unveils first airline virtual reality app in Oculus store,, 2021.
D. Yang, J. Zhou, R. Chen, Y. Song, Z. Song, X. Zhang, Q. Wang, K. Wang, C. Zhou, J. Sun, et al., Expert consensus on the metaverse in medicine, Clinical eHealth, vol. 5, pp. 1–9, 2022.
J. Thomason, Metaverse, token economies, and non-communicable diseases, Global Health J., vol. 6, no. 3, pp. 164–167, 2022.
F. D. Rose, B. M. Brooks, and A. A. Rizzo, Virtual reality in brain damage rehabilitation: Review, CyberPsychol. Behav., vol. 8, no. 3, pp. 241–262, 2005.
B. Kye, N. Han, E. Kim, Y. Park, and S. Jo, Educational applications of metaverse: Possibilities and limitations, J. Educ. Eval. Health Prof., vol. 18, p. 32, 2021.
A. M. H. Chen, M. E. Kiersma, K. S. Yehle, and K. S. Plake, Impact of an aging simulation game on pharmacy students’ empathy for older adults, Am. J. Pharm. Educ., vol. 79, no. 5, p. 65, 2015.
M. Taubert, L. Webber, T. Hamilton, M. Carr, and M. Harvey, Virtual reality videos used in undergraduate palliative and oncology medical teaching: Results of a pilot study, BMJ Support. Palliat. Care, vol. 9, no. 3, pp. 281–285, 2019.
D. Alexander, T. Nguyen, P. Keller, J. Orlosky, S. Brown, E. Wood, O. Ezenwoye, and W. Jirau-Rosaly, Design of visual deficit simulation for integration into a geriatric physical diagnosis course, in Proc. of the 2020 IEEE Conf. Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW), Atlanta, GA, USA, 2020, pp. 838–839.
Y. J. Li, C. Ducleroir, T. I. Stollman, and E. Wood, Parkinson’s disease simulation in virtual reality for empathy training in medical education, in Proc. of the 2021 IEEE Conf. Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW), Lisbon, Portugal, 2021, pp. 56–59.
T. Huynh-The, Q. V. Pham, X. Q. Pham, T. T. Nguyen, Z. Han, and D. S. Kim, Artificial intelligence for the metaverse: A survey,, 2022.
The full potential of a military metaverse,, 2022.
US military pioneers metaverse experiences that are amazingly sophisticated,, 2022.
L. Kugler, Non-fungible tokens and the future of art, Commun. ACM, vol. 64, no. 9, pp. 19–20, 2021.
Non-fungible token market size, share, trends, and forecast 2030,, 2022.
K. Elshazly, Y. Fouad, M. Saleh, and A. Sewisy, A survey of SQL injection attack detection and prevention, J. Comput. Commun., vol. 2, pp. 1–9, 2014.
L. Qian, Z. Zhu, J. Hu, and S. Liu, Research of SQL injection attack and prevention technology, in Proc. of the 2015 Int. Conf. Estimation, Detection and Information Fusion, Harbin, China, 2015, pp. 303–306.
X. Bai, L. Hu, Z. Song, F. Chen, and K. Zhao, Defense against DNS man-in-the-middle spoofing, in Proc. 2011 Int. Conf. Web Information Systems and Mining, Taiyuan, China, 2011, pp. 312–319.
N. Karapanos and S. Capkun, On the effective prevention of TLS man-in-the-middle attacks in web applications, in Proc. 23r⁢d USENIX Conf. Security Symposium, San Diego, CA, USA, 2014, pp. 671–686.
M. Azrour, J. Mabrouki, A. Guezzaz, and Y. Farhaoui, New enhanced authentication protocol for internet of things, Big Data Mining and Analytics, vol. 4, no. 1, pp. 1–9, 2021.
S. Chessa, R. Di Pietro, E. Ferro, G. Giunta, and G. Oligeri, Mobile application security for video streaming authentication and data integrity combining digital signature and watermarking techniques, in Proc. of the 2007 IEEE 65th Vehicular Technology Conf., Dublin, Ireland, 2007, pp. 634–638.
M. Hayashi and Á. Vázquez-Castro, Physical layer security protocol for poisson channels for passive man-in-the-middle attack, IEEE Trans. Inform. Forensics Secur., vol. 15, pp. 2295–2305, 2020.
B. Bhushan, G. Sahoo, and A. K. Rai, Man-in-the-middle attack in wireless and computer networking—A review, in Proc. of the 2017 3rd Int. Conf. Advances in Computing, Communication & Automation (ICACCA) (Fall), Dehradun, India, 2017, pp. 1–6.
G. A. Di Lucca, A. R. Fasolino, M. Mastoianni, and P. Tramontana, Identifying cross site scripting vulnerabilities in web applications, in Proc. 6t⁢h IEEE Int. Workshop on Web Site Evolution, Chicago, IL, USA, 2004, pp. 71–80.
E. Kirda, N. Jovanovic, C. Kruegel, and G. Vigna, Client-side cross-site scripting protection, Comput. Secur., vol. 28, no. 7, pp. 592–604, 2009.
Y. Fang, Y. Li, L. Liu, and C. Huang, DeepXSS: Cross site scripting detection based on deep learning, in Proc. 2018 Int. Conf. Computing and Artificial Intelligence, Chengdu, China, 2018, pp. 47–51.
X. Chen and K. Michael, Privacy issues and solutions in social network sites, IEEE Technol. Soc. Mag., vol. 31, no. 4, pp. 43–53, 2012.
V. V. H. Pham, S. Yu, K. Sood, and L. Cui, Privacy issues in social networks and analysis: A comprehensive survey, IET Netw., vol. 7, no. 2, pp. 74–84, 2018.
C. Niu, Z. Zheng, F. Wu, S. Tang, X. Gao, and G. Chen, Unlocking the value of privacy: Trading aggregate statistics over private correlated data, in Proc. 24t⁢h ACM SIGKDD Int. Conf. Knowledge Discovery & Data Mining, London, UK, 2018, pp. 2031–2040.
Z. Cai, X. Zheng, J. Wang, and Z. He, Private data trading towards range counting queries in internet of things, IEEE Trans. Mob. Comput., .
Z. Cai and Z. He, Trading private range counting over big IoT data, in Proc. of the 2019 IEEE 39th Int. Conf. Distributed Computing Systems (ICDCS), Dallas, TX, USA, 2019, pp. 144–153.
B. Walek and O. Pektor, Data mining of job requirements in online job advertisements using machine learning and SDCA logistic regression, Mathematics, vol. 9, no. 19, pp. 2475–2475, 2021.
X. Liao, D. Zheng, and X. Cao, Coronavirus pandemic analysis through tripartite graph clustering in online social networks, Big Data Mining and Analytics, vol. 4, no. 4, pp. 242–251, 2021.
D. Goel and A. K. Jain, Mobile phishing attacks and defence mechanisms: State of art and open research challenges, Comput. Secur., vol. 73, pp. 519–544, 2018.
N. Mangaokar and A. Prakash, Dispelling misconceptions and characterizing the failings of deepfake detection, IEEE Secur. Priv., vol. 20, no. 2, pp. 61–67, 2022.
S. S. Khalil, S. M. Youssef, and S. N. Saleh, iCaps-Dfake: An integrated capsule-based model for deepfake image and video detection, Future Internet, vol. 13, no. 4, p. 93, 2021.
L. Sweeney, k-anonymity: A model for protecting privacy, Int. J. Unc. Fuzz. Knowl. Based Syst., vol. 10, no. 5, pp. 557–570, 2002.
A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam, L-diversity: Privacy beyond k-anonymity, ACM Trans. Knowl. Discov. Data, vol. 1, no. 1, p. 3es, 2007.
C. Dwork, Differential privacy: A survey of results, in Proc. 5t⁢h Int. Conf. Theory and Applications of Models of Computation, Xi’an, China, 2008, pp. 1–19.
Z. Chen, A. Fu, Y. Zhang, Z. Liu, F. Zeng, and R. H. Deng, Secure collaborative deep learning against GAN attacks in the internet of things, IEEE Internet Things J., vol. 8, no. 7, pp. 5839–5849, 2021.
M. Sun, G. Singh, and P. Y. Chiang, Anti-Gan: Discriminating 3D reconstructed and real faces for robust facial identity in anti-spoofing generator adversarial network, in Proc. of the 2020 IEEE Int. Symp. Signal Processing and Information Technology (ISSPIT), Louisville, KY, USA, 2020, pp. 1–8.
S. Gressin, The equifax data breach: What to do, Federal Trade Commission,, 2017.
H. Hammouchi, O. Cherqi, G. Mezzour, M. Ghogho, and M. E. Koutbi, Digging deeper into data breaches: An exploratory data analysis of hacking breaches over time, Procedia Comput. Sci., vol. 151, pp. 1004–1009, 2019.
L. Cheng, F. Liu, and D. Yao, Enterprise data breach: Causes, challenges, prevention, and future directions, WIREs Data Min. Knowl. Discov., vol. 7, no. 5, p. e1211, 2017.
Y. Shapira, B. Shapira, and A. Shabtai, Content-based data leakage detection using extended fingerprinting, arXiv preprint arXiv: 1302.2028, 2013.
M. Roesch, Lightweight intrusion detection for networks, in Proc. 13t⁢h USENIX Conf. System Administration, Seattle, WA, USA, 1999, pp. 229–238.
S. Mathew, M. Petropoulos, H. Q. Ngo, and S. Upadhyaya, A data-centric approach to insider attack detection in database systems, in Proc. 13t⁢h Int. Conf. Recent Advances in Intrusion Detection, Ottawa, Canada, 2010, pp. 382–401.
T. E. Senator, H. G. Goldberg, A. Memory, W. T. Young, B. Rees, R. Pierce, D. Huang, M. Reardon, D. A. Bader, E. Chow, et al., Detecting insider threats in a real corporate database of computer usage activity, in Proc. 19t⁢h ACM SIGKDD Int. Conf. Knowledge Discovery and Data Mining, Chicago, IL, USA, 2013, pp. 1393–1401.
E. Costante, D. Fauri, S. Etalle, J. Den Hartog, and N. Zannone, A hybrid framework for data loss prevention and detection, in Proc. of the 2016 IEEE Security and Privacy Workshops, San Jose, CA, USA, 2016, pp. 324–333.
R. M. Bell, Y. Koren, and C. Volinsky, The BellK or solution to the Netflix Prize, KorBell Teams Report to Netflix,, 2007.
D. Wichers and J. Williams, Owasp top-10 2017, OWASP Foundation,, 2017.
O. Peles and R. Hay, One class to rule them all 0-day deserialization vulnerabilities in android, in Proc. 9t⁢h USENIX Conf. Offensive Technologies, Berkeley, CA, USA, 2015, p. 5.
N. Koutroumpouchos, G. Lavdanis, E. Veroni, C. Ntantogian, and C. Xenakis, ObjectMap: Detecting insecure object deserialization, in Proc. 23r⁢d Pan-Hellenic Conf. Informatics, Nicosia, Cyprus, 2019, pp. 67–72.
Y. Huang, X. Guan, H. Chen, Y. Liang, S. Yuan, and T. Ohtsuki, Risk assessment of private information inference for motion sensor embedded IoT devices, IEEE Trans. Emerg. Top. Comput. Intell., vol. 4, no. 3, pp. 265–275, 2020.
Y. Huang, Z. Cai, and A. G. Bourgeois, Search locations safely and accurately: A location privacy protection algorithm with accurate service, J. Netw. Comput. Appl., vol. 103, pp. 146–156, 2018.
X. Zheng and Z. Cai, Privacy-preserved data sharing towards multiple parties in industrial IoTs, IEEE J. Select. Areas Commun., vol. 38, no. 5, pp. 968–979, 2020.
Q. Jiang, J. Ma, C. Yang, X. Ma, J. Shen, and S. A. Chaudhry, Efficient end-to-end authentication protocol for wearable health monitoring systems, Comput. Electr. Eng., vol. 63, pp. 182–195, 2017.
A. K. Das, M. Wazid, N. Kumar, M. K. Khan, K. K. R. Choo, and Y. Park, Design of secure and lightweight authentication protocol for wearable devices environment, IEEE J. Biomed. Health Inform., vol. 22, no. 4, pp. 1310–1322, 2018.
D. Wang and P. Wang, Two birds with one stone: Two-factor authentication with security beyond conventional bound, IEEE Trans. Depend. Secure Comput., vol. 15, no. 4, pp. 708–722, 2018.
S. Qiu, D. Wang, G. Xu, and S. Kumari, Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices, IEEE Trans. Depend. Secure Comput., vol. 19, no. 2, pp. 1338–1351, 2022.
A. Cocioceanu, M. Barbulescu, T. Ivanoaica, M. Raportaru, and A. I. Nicolin, Testing voice-based biometrics authentication platforms for Romanian utterances through infrequent consonant clusters, in Proc. of the 2016 15th RoEduNet Conf.: Networking in Education and Research, Bucharest, Romania, 2016, pp. 1–4.
T. C. Clancy, N. Kiyavash, and D. J. Lin, Secure smartcardbased fingerprint authentication, in Proc. 2003 ACM SIGMM Workshop on Biometrics Methods and Applications, Berkley, CA, USA, 2003, pp. 45–52.
M. Zulfiqar, F. Syed, M. J. Khan, and K. Khurshid, Deep face recognition for biometric authentication, in Proc. of the 2019 Int. Conf. Electrical, Communication, and Computer Engineering (ICECCE), Swat, Pakistan, 2019, pp. 1–6.
E. Pagnin, C. Dimitrakakis, A. Abidin, and A. Mitrokotsa, On the leakage of information in biometric authentication, in Proc. 15t⁢h Int. Conf. Cryptology in India, New Delhi, India, 2014, pp. 265–280.
Apple Inc., About touch ID advanced security technology,, 2022.
J. Liu, C. Chai, Y. Luo, Y. Lou, J. Feng, and N. Tang, Feature augmentation with reinforcement learning, in Proc. of the 2022 IEEE 38th Int. Conf. Data Engineering (ICDE), Kuala Lumpur, Malaysia, 2022, pp. 3360–3372.
C. Huang, Q. Zhang, D. Guo, X. Zhao, and X. Wang, Discovering association rules with graph patterns in temporal networks, Tsinghua Science and Technology, vol. 28, no. 2, pp. 344–359, 2023.
G. Li, C. Chai, J. Fan, X. Weng, J. Li, Y. Zheng, Y. Li, X. Yu, X. Zhang, and H. Yuan, CDB: Optimizing queries with crowd-based selections and joins, in Proc. 2017 ACM Int. Conf. Management of Data, Chicago, IL, USA, 2017, pp. 1463–1478.
O. Hasan, B. Habegger, L. Brunie, N. Bennani, and E. Damiani, A discussion of privacy challenges in user profiling with big data techniques: The EEXCESS use case, in Proc. of the 2013 IEEE Int. Congress on Big Data, Santa Clara, CA, USA, 2013, pp. 25–30.
X. Y. Li, C. Zhang, T. Jung, J. Qian, and L. Chen, Graph-based privacy-preserving data publication, in Proc. of the 35th Annu. IEEE Int. Conf. Computer Communications, San Francisco, CA, USA, 2016, pp. 1–9.
S. Zhang, H. Yin, T. Chen, Z. Huang, L. Cui, and X. Zhang, Graph embedding for recommendation against attribute inference attacks, in Proc. Web Conf. 2021, Ljubljana, Slovenia, 2021, pp. 3002–3014.
W. Qi, Y. Xu, W. Ding, Y. Jiang, J. Wang, and K. Lu, Privacy leaks when you play games: A novel user-behavior-based covert channel on smartphones, in Proc. of the 2015 IEEE 23rd Int. Conf. Network Protocols (ICNP), San Francisco, CA, USA, 2015, pp. 201–211.
K. Kollnig, A. Shuba, M. Van Kleek, R. Binns, and N. Shadbolt, Goodbye tracking? Impact of iOS app tracking transparency and privacy labels, in Proc. of the 2022 ACM Conf. Fairness, Accountability, and Transparency, Seoul, Republic of Korea, 2022, pp. 508–520.
A. Korolova and V. Sharma, Cross-app tracking via nearby bluetooth low energy devices, in Proc. 8t⁢h ACM Conf. Data and Application Security and Privacy, Tempe, AZ, USA, 2018, pp. 43–52.
Z. Cai and X. Zheng, A private and efficient mechanism for data uploading in smart cyber-physical systems, IEEE Trans. Netw. Sci. Eng., vol. 7, no. 2, pp. 766–775, 2020.
J. Sun, Z. Huang, T. Yang, W. Wang, and Y. Zhang, A system for detecting third-party tracking through the combination of dynamic analysis and static analysis, in Proc. of the IEEE Conf. Computer Communications Workshops, Vancouver, Canada, 2021, pp. 1–6.
F. Cozza, A. Guarino, F. Isernia, D. Malandrino, A. Rapuano, R. Schiavone, and R. Zaccagnino, Hybrid and lightweight detection of third party tracking: Design, implementation, and evaluation, Comput. Netw., vol. 167, p. 106993, 2020.
R. Peres, M. Schreier, D. A. Schweidel, and A. Sorescu, Blockchain meets marketing: Opportunities, threats, and avenues for future research, Int. J. Res. Market., .
L. Ante, The non-fungible token (NFT) market and its relationship with bitcoin and ethereum, FinTech, vol. 1, no. 3, pp. 216–224, 2022.
F. Fang, C. Ventre, M. Basios, L. Kanthan, D. Martinez-Rego, F. Wu, and L. Li, Cryptocurrency trading: A comprehensive survey, Financ. Innov., vol. 8, no. 1, p. 13, 2022.
C. Wang, Z. Cai, and Y. Li, Sustainable blockchain-based digital twin management architecture for IoT devices, IEEE Internet Things J., .
J. Pang, Y. Huang, Z. Xie, J. Li, and Z. Cai, Collaborative city digital twin for the COVID-19 pandemic: A federated learning solution, Tsinghua Science and Technology, vol. 26, no. 5, pp. 759–771, 2021.
Z. Xiong, Z. Cai, C. Hu, D. Takabi, and W. Li, Towards neural network-based communication system: Attack and defense, IEEE Trans. Depend. Secure Comput., .
W. R. Huang, J. Geiping, L. Fowl, G. Taylor, and T. Goldstein, MetaPoison: Practical general-purpose clean-label data poisoning, in Proc. of the 34th Conf. Neural Information Processing Systems, Vancouver, Canada, 2020, pp. 12080–12091.
J. Pang, Y. Huang, Z. Xie, Q. Han, and Z. Cai, Realizing the heterogeneity: A self-organized federated learning framework for IoT, IEEE Internet Things J., vol. 8, no. 5, pp. 3088–3098, 2021.
Z. Xie, Y. Huang, D. Yu, R. M. Parizi, Y. Zheng, and J. Pang, FedEE: A federated graph learning solution for extended enterprise collaboration, IEEE Trans. Ind. Inform., .
R. Leenes, Privacy regulation in the metaverse, in Handbook of Research on Socio-Technical Design and Social Networking Systems, B. Whitworth and A. de Moor, eds. New York, NY, USA: Information Science Reference, 2009, pp. 123–136.
H. Ning, S. Dhelim, M. A. Bouras, A. Khelloufi, and A. Ullah, Cyber-syndrome and its formation, classification, recovery and prevention, IEEE Access, vol. 6, pp. 35501–35511, 2018.
F. Salahdine and N. Kaabouch, Social engineering attacks: A survey, Future Internet, vol. 11, no. 4, p. 89, 2019.
J. Ge, Multiple influences of intelligent technology on network behavior of college students in the metaverse age, J. Environ. Public Health, vol. 2022, p. 2750712, 2022.
Z. Fang, L. Cai, and G. Wang, MetaHuman Creator The starting point of the metaverse, in Proc. of the 2021 Int. Symp. Computer Technology and Information Science (ISCTIS), Guilin, China, 2021, pp. 154–157.
E. Ayiter, Syncretia: A sojourn into the uncanny valley, in New Realities: Being Syncretic, R. Ascott, G. Bast, W. Fiel, M. Jahrmann, and R. Schnell, eds. Vienna, Austria: Springer, 2009, pp. 26–29.
The uncanny valley: The original essay by Masahiro Mori,, 2012.
F. Y. Wang, R. Qin, X. Wang, and B. Hu, MetaSocieties in Metaverse: MetaEconomics and MetaManagement for MetaEnterprises and MetaCities, IEEE Trans. Comput. Soc. Syst., vol. 9, no. 1, pp. 2–7, 2022.
Big Data Mining and Analytics
Pages 234-247
Cite this article:
Huang Y, Li Y(, Cai Z. Security and Privacy in Metaverse: A Comprehensive Survey. Big Data Mining and Analytics, 2023, 6(2): 234-247.








Web of Science






Received: 05 October 2022
Revised: 12 November 2022
Accepted: 16 November 2022
Published: 26 January 2023
© The author(s) 2023.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (