research-article

Understanding the Manipulation on Recommender Systems through Web Injection

Authors:

Sushil JajodiaAuthors Info & Claims

IEEE Transactions on Information Forensics and Security, Volume 15

Pages 3807 - 3818

https://doi.org/10.1109/TIFS.2019.2954737

Published: 01 January 2020 Publication History

Abstract

Recommender systems have been increasingly used in a variety of web services, providing a list of recommended items in which a user may have an interest. While important, recommender systems are vulnerable to various malicious attacks. In this paper, we study a new security vulnerability in recommender systems caused by <italic>web injection</italic>, through which malicious actors stealthily tamper any unprotected in-transit HTTP webpage content and force victims to visit specific items in some web services (even running HTTPS), <italic>e</italic>.<italic>g</italic>., YouTube. By doing so, malicious actors can promote their targeted items in those web services. To obtain a deeper understanding on the recommender systems of our interest (including YouTube, Yelp, Taobao, and 360 App market), we first conduct a measurement-based analysis on several real-world recommender systems by leveraging machine learning algorithms. Then, web injection is implemented in three different types of devices (<italic>i</italic>.<italic>e</italic>., computer, router, and proxy server) to investigate the scenarios where web injection could occur. Based on the implementation of web injection, we demonstrate that it is feasible and sometimes effective to manipulate the real-world recommender systems through web injection. We also present several countermeasures against such manipulations.

References

[1]

X. Xing, W. Meng, D. Doozan, A. C. Snoeren, N. Feamster, and W. Lee, “Take this personally: Pollution attacks on personalized services,” in Proc. USENIX Secur. Symp., 2013, pp. 671–686.

[2]

G. Yang, N. Z. Gong, and Y. Cai, “Fake co-visitation injection attacks to recommender systems,” in Proc. NDSS, 2017, pp. 1–15.

[3]

W. Zeller and E. W. Felten, “Cross-site request forgeries: Exploitation and prevention,” New York Times, pp. 1–13, Oct. 10, 2008.

[4]

A. Sudhodanan, R. Carbone, L. Compagna, N. Dolgin, A. Armando, and U. Morelli, “Large-scale analysis & detection of authentication cross-site request forgeries,” in Proc. IEEE Eur. Symp. Secur. Privacy, Apr. 2017, pp. 350–365.

[5]

P. Covington, J. Adams, and E. Sargin, “Deep neural networks for YouTube recommendations,” in Proc. 10th ACM Conf. Recommender Syst., 2016, pp. 191–198.

[6]

J. Davidsonet al., “The YouTube video recommendation system,” in Proc. 4th ACM Conf. Recommender Syst., 2010, pp. 293–296.

[7]

G. Linden, B. Smith, and J. York, “Amazon.com recommendations: Item-to-item collaborative filtering,” IEEE Internet Comput., vol. 7, no., pp. 76–80, Jan./Feb. 2003.

Digital Library

[8]

H. Zhu, H. Xiong, Y. Ge, and E. Chen, “Mobile app recommendations with security and privacy awareness,” in Proc. 20th Int. Conf. Knowl. Discovery Data Mining, 2014, pp. 951–960.

[9]

B. Liu, D. Kong, L. Cen, N. Z. Gong, H. Jin, and H. Xiong, “Personalized mobile app recommendation: Reconciling app functionality and user privacy preference,” in Proc. 8th ACM Int. Conf. Web Search Data Mining, 2015, pp. 315–324.

[10]

K. Lang, “NewsWeeder: Learning to filter netnews,” in Machine Learning Proceedings. Amsterdam, The Netherlands: Elsevier, 1995, pp. 331–339.

[11]

R. J. Mooney and L. Roy, “Content-based book recommending using learning for text categorization,” in Proc. 5th ACM Conf. Digit. Libraries, 2000, pp. 195–204.

[12]

P. Resnick, N. Iacovou, M. Suchak, P. Bergstrom, and J. Riedl, “GroupLens: An open architecture for collaborative filtering of netnews,” in Proc. ACM Conf. Comput. Supported Cooperat. Work, 1994, pp. 175–186.

[13]

Y. Koren, R. Bell, and C. Volinsky, “Matrix factorization techniques for recommender systems,” Computer, vol. 40, no. 8, pp. 30–37, Aug. 2009.

[14]

J. Bobadilla, F. Ortega, A. Hernando, and A. Gutiérrez, “Recommender systems survey,” Knowl.-Based Syst., vol. 46, pp. 109–132, Jul. 2013.

Digital Library

[15]

B. Sarwar, G. Karypis, J. Konstan, and J. Riedl, “Item-based collaborative filtering recommendation algorithms,” in Proc. 10th Int. Conf. World Wide Web, 2001, pp. 285–295.

[16]

C. Porcel, A. Tejeda-Lorente, M. Martínez, and E. Herrera-Viedma, “A hybrid recommender system for the selective dissemination of research resources in a technology transfer office,” Inf. Sci., vol. 184, no. 1, pp. 1–19, 2012.

Digital Library

[17]

I. Gunes, C. Kaleli, A. Bilge, and H. Polat, “Shilling attacks against recommender systems: A comprehensive survey,” Artif. Intell. Rev., vol. 42, pp. 767–799, Dec. 2014.

Digital Library

[18]

B. Mobasher, R. Burke, R. Bhaumik, and C. Williams, “Toward trustworthy recommender systems: An analysis of attack models and algorithm robustness,” ACM Trans. Internet Technol., vol. 7, no. 3, p. 23, Oct. 2007.

Digital Library

[19]

N. Hurley, Z. Cheng, and M. Zhang, “Statistical attack detection,” in Proc. 3rd ACM Conf. Recommender Syst., 2009, pp. 149–156.

[20]

R. Burke, B. Mobasher, C. Williams, and R. Bhaumik, “Detecting profile injection attacks in collaborative recommender systems,” in Proc. 8th IEEE Int. Conf. Enterprise Comput., e-Commerce, e-Services, Jun. 2006, p. 23.

[21]

C. A. Williams, B. Mobasher, and R. Burke, “Defending recommender systems: Detection of profile injection attacks,” Service Oriented Comput. Appl., vol. 1, no. 3, pp. 157–170, Nov. 2007.

[22]

S. Zhang, Y. Ouyang, J. Ford, and F. Makedon, “Analysis of a low-dimensional linear model under recommendation attacks,” in Proc. 29th ACM SIGIR Conf. Res. Develop. Inf. Retr., 2006, pp. 517–524.

[23]

J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov, “‘You might also like:’ Privacy risks of collaborative filtering,” in Proc. IEEE Symp. Secur. Privacy, May 2011, pp. 231–246.

[24]

K. Thomaset al., “Ad injection at scale: Assessing deceptive advertisement modifications,” in Proc. IEEE Symp. Secur. Privacy, May 2015, pp. 151–167.

[25]

D. Kravets. (2014). Comcast Wi-Fi Serving Self-Promotional Ads Via JavaScript Injection. [Online]. Available: http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections/threaten-security-net-neutrality/

[26]

D. Coldewey. (2014). Marriott Puts an End to Shady Ad Injection Service. [Online]. Available: http://techcrunch.com/2012/04/09/marriott-puts-an-end-to-shady-ad-injection-service/

[27]

T. G. Abbott, K. J. Lai, M. R. Lieberman, and E. C. Price, “Browser-based attacks on Tor,” in Proc. Int. Workshop Privacy Enhancing Technol. Springer, 2007, pp. 184–199.

[28]

Youtube. [Online]. Available: https://www.youtube.com/

[29]

Yelp. [Online]. Available: https://www.yelp.com/

[30]

Taobao. [Online]. Available: https://www.taobao.com/

[31]

360 App Market. [Online]. Available: http://zhushou.360.cn/

[32]

F. Pedregosaet al., “Scikit-learn: Machine learning in Python,” J. Mach. Learn. Res., vol. 12, pp. 2825–2830, Oct. 2011.

Digital Library

[33]

F. Cholletet al. (2015). Keras. [Online]. Available: https://github.com/fchollet/keras

[34]

H. Welte. (2015). Libnetfilter_Queue Project. [Online]. Available: https://www.netfilter.org/projects/libnetfilter_queue/index.html

[35]

G. Tsirantonakis, P. Ilia, S. Ioannidis, E. Athanasopoulos, and M. Polychronakis, “A large-scale analysis of content modification by open HTTP proxies,” in Proc. Netw. Distrib. Syst. Secur. Symp., 2018, pp. 1–15.

[36]

D. Perino, M. Varvello, and C. Soriente, “ProxyTorrent: Untangling the free HTTP (S) proxy ecosystem,” in Proc. Conf. World Wide Web, 2018, pp. 197–206.

[37]

A. Mani, T. Vaidya, D. Dworken, and M. Sherr, “An extensive evaluation of the Internet’s open proxies,” in Proc. 34th Annu. Comput. Secur. Appl. Conf., 2018, pp. 252–265.

[38]

A. P. Felt, R. Barnes, A. King, C. Palmer, C. Bentzel, and P. Tabriz, “Measuring HTTPS adoption on the Web,” in Proc. 26th USENIX Secur. Symp., 2017, pp. 1323–1338.

[39]

A. Barth, C. Jackson, and J. C. Mitchell, “Robust defenses for cross-site request forgery,” in Proc. 15th ACM Conf. Comput. Commun. Secur., 2008, pp. 75–88.

[40]

W. Meng, X. Xing, A. Sheth, U. Weinsberg, and W. Lee, “Your online interests: Pwned! A pollution attack against targeted advertising,” in Proc. 2014 ACM SIGSAC Conf. Comput. Commun. Secur., 2014, pp. 129–140.

Cited By

Ge YLiu SFu ZTan JLi ZXu SLi YXian YZhang Y(2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/3652891Online publication date: 13-Apr-2024
https://doi.org/10.1145/3652891
Picazo-Sanchez PEriksson BSabelfeld A(2022)No Signal Left to Chance: Driving Browser Extension Analysis by Download PatternsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567988(896-910)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567988
Yue ZZeng HKou ZShang LWang D(2022)Defending Substitution-Based Profile Pollution Attacks on Sequential RecommendersProceedings of the 16th ACM Conference on Recommender Systems10.1145/3523227.3546770(59-70)Online publication date: 12-Sep-2022
https://dl.acm.org/doi/10.1145/3523227.3546770
Show More Cited By

Index Terms

Understanding the Manipulation on Recommender Systems through Web Injection

Index terms have been assigned to the content through auto-classification.

Recommendations

Single-User Injection for Invisible Shilling Attack against Recommender Systems
CIKM '23: Proceedings of the 32nd ACM International Conference on Information and Knowledge Management

Recommendation systems (RS) are crucial for alleviating the information overload problem. Due to its pivotal role in guiding users to make decisions, unscrupulous parties are lured to launch attacks against RS to affect the decisions of normal users and ...
Poisoning Attacks to Graph-Based Recommender Systems
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

Recommender system is an important component of many web services to help users locate items that match their interests. Several studies showed that recommender systems are vulnerable to poisoning attacks, in which an attacker injects fake data to a ...
Recommender Systems and the Social Web: Leveraging Tagging Data for Recommender Systems

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Information Forensics and Security

IEEE Transactions on Information Forensics and Security Volume 15, Issue

2020

2247 pages

ISSN:1556-6013

Issue’s Table of Contents

1556-6013 © 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 January 2020

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ge YLiu SFu ZTan JLi ZXu SLi YXian YZhang Y(2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/3652891Online publication date: 13-Apr-2024
https://doi.org/10.1145/3652891
Picazo-Sanchez PEriksson BSabelfeld A(2022)No Signal Left to Chance: Driving Browser Extension Analysis by Download PatternsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567988(896-910)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567988
Yue ZZeng HKou ZShang LWang D(2022)Defending Substitution-Based Profile Pollution Attacks on Sequential RecommendersProceedings of the 16th ACM Conference on Recommender Systems10.1145/3523227.3546770(59-70)Online publication date: 12-Sep-2022
https://dl.acm.org/doi/10.1145/3523227.3546770
Zhang XChen JZhang RWang CLiu L(2021)Attacking Recommender Systems With Plausible ProfileIEEE Transactions on Information Forensics and Security10.1109/TIFS.2021.311707816(4788-4800)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1109/TIFS.2021.3117078

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents