This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers. This project also develops defense-in-depth countermeasures against pollution attacks. These include new server-side mechanisms to prevent the various cross-site-request-forgery schemes that allow an attacker to insert actions. The defense mechanisms also include a distributed data collection, measurement and analysis framework to detect anomalies in browsing behaviors and information contents that are indicative of pollution of user profiles or population preferences. The new information analysis techniques use machine learning and natural language processing to identify differences (e.g., missing information) that are significant or important to a user. The project also develops tools to alert users and guide them to understand and repair profiles, and studies regulatory models to incentivize the industry to adopt a more transparent practice. This project develops an evaluation framework to facilitate the development and adoption of technologies. The evaluation plan includes user studies involving real, diverse user groups on the Internet. To transition technologies to practice, this project makes the tools freely available, and deploys data collection and measurement systems on the Internet. This project also educates users about pollution attacks and engages with users to improve the usability of the tools.
TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks