funded by the National Science Foundation
researchers: Michael Bailey; Wenke Lee, Nicholas G. Feamster, Hans K. Klein, and Hongyuan Zha (Georgia Tech); and Marshini Chetty (University of Maryland College Park).
Personalized information services on the Internet have an often-overlooked but inherent weakness: their underlying algorithms rely on inputs from the Internet, which is an open environment that provides attackers with opportunities to compromise the integrity of input data and affect the output. Indeed, new attacks are emerging in which attackers pollute users’ individual profiles or generate large-scale user behaviors and hence fake preferences to affect the information contents delivered to users. These input pollution attacks represent serious threats to our society; for example, they may compromise the integrity of e-commerce and even our political process. It is essential to secure the information services that play a critical role in our daily decision-making processes.
This project is a comprehensive effort to counter those information controls and attacks, including research from security, systems, networking, human-computer interaction and usability, machine learning and natural language processing, and policy. In order to help Internet users mitigate the pervasive, harmful effects of those threats, this project will 1) study the security of representative personalized services and on-line targeted advertising, and identify vulnerabilities in service components that can be exploited by pollution attacks; 2) develop defense-in-depth countermeasures to block cross-site forgery request schemes, detect anomalies in browsing behaviors and information contents that are indicative of pollution attacks, alert users and guide them to repair profiles, and incentivize the industry to provide more transparency and protection; 3) evaluate our approach with user studies in order to facilitate the development and adoption of the proposed technologies; and 4) transition results into practice.