Understanding the Manipulation on Recommender Systems through Web Injection

Recommender systems have been increasingly used in a variety of web services, providing a list of recommended items in which a user may have an interest. While important, recommender systems are vulnerable to various malicious attacks. In this paper, we study a new security vulnerability in recommender systems caused by web injection, through which malicious actors stealthily tamper any unprotected in-transit HTTP webpage content and force victims to visit specific items in some web services (even running HTTPS), e.g., YouTube. By doing so, malicious actors can promote their targeted items in those web services. To obtain a deeper understanding on the recommender systems of our interest (including YouTube, Yelp, Taobao, and 360 App market), we first conduct a measurement-based analysis on several real-world recommender systems by leveraging machine learning algorithms. Then, web injection is implemented in three different types of devices (i.e., computer, router, and proxy server) to investigate the scenarios where web injection could occur. Based on the implementation of web injection, we demonstrate that it is feasible and sometimes effective to manipulate the real-world recommender systems through web injection. We also present several countermeasures against such manipulations.

[1]  Paul Covington,et al.  Deep Neural Networks for YouTube Recommendations , 2016, RecSys.

[2]  Enrique Herrera-Viedma,et al.  A hybrid recommender system for the selective dissemination of research resources in a Technology Transfer Office , 2012, Inf. Sci..

[3]  Lei Cen,et al.  Personalized Mobile App Recommendation: Reconciling App Functionality and User Privacy Preference , 2015, WSDM.

[4]  E. Felten,et al.  Cross-Site Request Forgeries : Exploitation and Prevention , 2008 .

[5]  Micah Sherr,et al.  An Extensive Evaluation of the Internet's Open Proxies , 2018, ACSAC.

[6]  Zunping Cheng,et al.  Statistical attack detection , 2009, RecSys '09.

[7]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[8]  J. Bobadilla,et al.  Recommender systems survey , 2013, Knowl. Based Syst..

[9]  Ying Cai,et al.  Fake Co-visitation Injection Attacks to Recommender Systems , 2017, NDSS.

[10]  Vitaly Shmatikov,et al.  "You Might Also Like:" Privacy Risks of Collaborative Filtering , 2011, 2011 IEEE Symposium on Security and Privacy.

[11]  Fillia Makedon,et al.  Analysis of a low-dimensional linear model under recommendation attacks , 2006, SIGIR.

[12]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[13]  Greg Linden,et al.  Amazon . com Recommendations Item-to-Item Collaborative Filtering , 2001 .

[14]  Loriene Roy,et al.  Content-based book recommending using learning for text categorization , 1999, DL '00.

[15]  Bamshad Mobasher,et al.  Towards Trustworthy Recommender Systems : An Analysis of Attack Models and Algorithm Robustness , 2007 .

[16]  Alessandro Armando,et al.  Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[17]  Hui Xiong,et al.  Mobile app recommendations with security and privacy awareness , 2014, KDD.

[18]  Patrick Seemann,et al.  Matrix Factorization Techniques for Recommender Systems , 2014 .

[19]  John Riedl,et al.  Item-based collaborative filtering recommendation algorithms , 2001, WWW '01.

[20]  Huseyin Polat,et al.  Shilling attacks against recommender systems: a comprehensive survey , 2014, Artificial Intelligence Review.

[21]  Eric C. Price,et al.  Browser-Based Attacks on Tor , 2007, Privacy Enhancing Technologies.

[22]  Wenke Lee,et al.  Your Online Interests: Pwned! A Pollution Attack Against Targeted Advertising , 2014, CCS.

[23]  Claudio Soriente,et al.  ProxyTorrent: Untangling the Free HTTP(S) Proxy Ecosystem , 2018, WWW.

[24]  Sotiris Ioannidis,et al.  A Large-scale Analysis of Content Modification by Open HTTP Proxies , 2018, NDSS.

[25]  Bamshad Mobasher,et al.  Detecting Profile Injection Attacks in Collaborative Recommender Systems , 2006, The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE'06).

[26]  Ken Lang,et al.  NewsWeeder: Learning to Filter Netnews , 1995, ICML.

[27]  Bamshad Mobasher,et al.  Defending recommender systems: detection of profile injection attacks , 2007, Service Oriented Computing and Applications.

[28]  Adrienne Porter Felt,et al.  Measuring HTTPS Adoption on the Web , 2017, USENIX Security Symposium.

[29]  Nick Feamster,et al.  Take This Personally: Pollution Attacks on Personalized Services , 2013, USENIX Security Symposium.

[30]  Collin Jackson,et al.  Robust defenses for cross-site request forgery , 2008, CCS.

[31]  Yu He,et al.  The YouTube video recommendation system , 2010, RecSys '10.

[32]  John Riedl,et al.  GroupLens: an open architecture for collaborative filtering of netnews , 1994, CSCW '94.