Take this personally pollution attacks on personalized services
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

Take This Personally: Pollution Attacks on Personalized Services PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on
  • Presentation posted in: General

22 nd USENIX Security (August, 2013). Xinyu Xing, Wei Meng, Dan Doozan , Georgia Institute of Technology Alex C. Snoeren , UC San Diego Nick Feamster , and Wenke Lee, Georgia Institute of Technology. Take This Personally: Pollution Attacks on Personalized Services. Outline.

Download Presentation

Take This Personally: Pollution Attacks on Personalized Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Take this personally pollution attacks on personalized services

22nd USENIX Security

(August, 2013)

Xinyu Xing, Wei Meng, Dan Doozan,

Georgia Institute of Technology

Alex C. Snoeren,

UC San Diego

Nick Feamster, and WenkeLee,

Georgia Institute of Technology

Take This Personally: Pollution Attacks on Personalized Services


Outline

Outline

  • Introduction

  • Overview and Attack Model

  • Pollution Attacks on YouTube

  • Google Personalized Search

  • Pollution Attacks on Amazon

A Seminar at Advanced Defense Lab


Introduction

Introduction

  • Modern Web services are increasingly relying upon personalizationto improve the quality of their customers’ experience.

  • Many services with personalized content log their users’ Web activities.

A Seminar at Advanced Defense Lab


This paper

This paper...

  • We demonstrate that contemporary personalization mechanisms are vulnerable to exploit.

A Seminar at Advanced Defense Lab


Our attack

Our Attack

  • We show that YouTube, Amazon, and Google are all vulnerable to the same class of cross-site scripting attack, which we call a pollution attack, that allows third parties to alter the customized content.

  • A distinguishing feature of our attack is that it does not exploit any vulnerability in the user’s Web browser.

A Seminar at Advanced Defense Lab


Overview and attack model

Overview and Attack Model

  • The main instrument that a service provider can use to affect the content that a user sees is modifying the choice set.

  • When a user issues a query, a service’s personalization algorithmaffects the user’s choice set for that query.

A Seminar at Advanced Defense Lab


Overview and attack model cont

Overview and Attack Model (cont.)

  • In this paper, we focus on how changes to a user’s history can affect the choice set, holding other factors fixed.

  • This attack requires three steps:

    • Model the service’s personalization algorithm.

    • Create a “seed” to pollute the user’s history.

    • Inject the seed with a vector of false clicks.

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Pollution attacks on youtube

Pollution Attacks on YouTube

  • Personalization rule

    • Consider only those videos that the user watched for a long period of time

    • Similar viewing histories

    • Notrecommend a video the user has already watched

    • Two of suggested videos are recommended based upon personalization

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Preparing seed videos

Preparing Seed Videos

Video channel (C)

ΩS

ΩT

A Seminar at Advanced Defense Lab


Inject seed videos

Inject Seed Videos

  • We see the video:

    • http://www.youtube.com/user_watch?plid=<value>&video_id=<value>

  • We watch for a period of time:

    • http://www.youtube.com/set_awesome?plid=<value>&video_id=<value>

A Seminar at Advanced Defense Lab


Experimental design

Experimental Design

A Seminar at Advanced Defense Lab


Evaluation

Evaluation

  • We evaluated the effectiveness of our pollution attacks by logging in as the victim user and viewing 114representative videos.

A Seminar at Advanced Defense Lab


Evaluation new accounts

Evaluation (New Accounts)

  • Successfully

  • we computed

    • the Pearson correlation between the showing frequencies and the lengths of the target videos

      • 0.54 => medium

    • the Pearson correlation between the showing frequencies and the view counts of the target videos

      • 0.23 => moderate

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Evaluation existing accounts

Evaluation (Existing Accounts)

  • For existing channel OnlyyouHappycamp

    • 14 of the 22 volunteers (64%)

    • Ten of our volunteers shared their histories

    • The majority of the videos recommended to users for whom our attacks have low promotion rates have longer lengths and more view counts than our target videos.

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Google personalized search

Google Personalized Search

  • We describe two classes of personalization algorithms:

    • contextual personalization

    • persistent personalization

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Identifying search terms

Identifying Search Terms

  • Contextual Personalization

    • The keywords injected into a user’s search history should be both relevant to the promoting keywordand unique to the website being promoted.

A Seminar at Advanced Defense Lab


Identifying search terms cont

Identifying Search Terms (cont.)

  • Persistent Personalization

    • In this case, the size of the keyword set should be larger than that used for a contextual attack in order to have a greater effect on the user’s search history.

  • An attacker can safely inject roughly 50 keywords a minute using cross-site request forgery.

    • we assume an attacker can inject at most 25keywords into a user’s profile

A Seminar at Advanced Defense Lab


Contextual personalization

Contextual Personalization

Google results

URLs having unique <meta> keywords

30 URLs

5,761 Search Terms from made-in-china.com

30 URLs

URLs having unique <meta> keywords

30 URLs

30 URLs

URLs having unique <meta> keywords

1,739 search terms

151,363 unique URLs

2,136 URLs

A Seminar at Advanced Defense Lab


2 136 urls for contextual personalization

2,136 URLs for Contextual Personalization

A Seminar at Advanced Defense Lab


Persistent personalization

Persistent Personalization

Google results

URLs having unique Google AdWords keywords

30 URLs

551 Search Terms from made-in-china.com

30 URLs

30 URLs

30 URLs

151,363 unique URLs

15,979 URLs

A Seminar at Advanced Defense Lab


Evaluation1

Evaluation

  • Contextual Personalization

44%

1.1%

62.8%

28%

A Seminar at Advanced Defense Lab


Evaluation cont

Evaluation (cont.)

  • Persistent Personalization

17%

4.3%

22.7%

??%

A Seminar at Advanced Defense Lab


Evaluation cont1

Evaluation (cont.)

  • Real Users

    • 97.1% of our 729 previously successful contextual attacks remain successful.

    • Only 77.78% of the persistent pollution attacks that work on fresh accounts achieve similar success

A Seminar at Advanced Defense Lab


Pollution attacks on amazon

Pollution Attacks on Amazon

  • Amazon tailors a customer’s homepage based on the previous purchase, browsing and searching behavior of the user.

  • We focused on the personalized recommendations Amazon generates based on the browsing and searching activities

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Amazon recommendations

Amazon Recommendations

  • Amazon’s personalization is based on history that maintained by the user’s web browser.

    • Session cookie

A Seminar at Advanced Defense Lab


Identifying seed products and terms

Identifying Seed Products and Terms

  • Visit-Based Pollution

    • the attacker visits the Amazon page of the product and retrieves the related products that are shown on Amazon page of the targeted product.

  • Search-Based Pollution

    • An attacker could use a natural language toolkit to automatically extract a candidate keyword set from the targeted product’s name.

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

A Seminar at Advanced Defense Lab


Take this personally pollution attacks on personalized services

Q & A

A Seminar at Advanced Defense Lab


  • Login