The Internet has evolved into an essential medium that permeates most aspects of our lives. We consume information and entertainment online, cultivate relationships, exchange ideas, and handle business transactions. Not surprisingly, this new medium has also attracted malicious elements who seek to use the Internet to take advantage of others. Information manipulation is a new, emerging frontier in cyber security. Information manipulation denotes all attempts by adversaries to distort information with the goal to influence opinion, thought, or action. It can take many shapes and forms, from blatant attacks, such as search-poisoning, to misinformation, such as bogus on-line reviews, and more subtle distortion, such as personalized search and biased news. Unlike more traditional attacks, which typically aim to take control of computational resources or sensitive data, information manipulation targets human minds and their ideas. Left unchecked, information manipulation can harm our economy, culture, and democracy. In this research project, the PIs aim to systematically study the ways in which attackers can manipulate information along its flow from the source where it is created to the recipient. Of particular interest are systems that help to discover, organize, and present information to users. These systems, such as search engines and news portals, reach large audiences and act as filters that often determine what content users will see or not. Thus, attackers can achieve significant leverage when successfully manipulating the filter mechanisms to their benefit. As one example, attackers can carry out search engine poisoning attacks to trick search engines into ranking their content higher than it should be based on its organic value. However, attackers do not need to target search engines directly; it is also possible to manipulate ranking by targeting users of search engines and their search history. Based on the study and analysis of attacks, the PIs will develop general detection approaches to identify when systems are under attack. This information can then be leveraged to design appropriate countermeasures.
EAGER: Attacking (and Defending) Information