TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

TWC SBE：TTP 选项：中：协作：EPICA：赋予人们克服信息控制和攻击的能力

• 批准号: 1409635
• 负责人: Wenke Lee
• 金额: $ 110万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-08-01 至 2018-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1409635&HistoricalAwards=false
• 关键词: TWC; SBE; TTP; Option; Medium

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.This project also develops defense-in-depth countermeasures against pollution attacks. These include new server-side mechanisms to prevent the various cross-site-request-forgery schemes that allow an attacker to insert actions. The defense mechanisms also include a distributed data collection, measurement and analysis framework to detect anomalies in browsing behaviors and information contents that are indicative of pollution of user profiles or population preferences. The new information analysis techniques use machine learning and natural language processing to identify differences (e.g., missing information) that are significant or important to a user. The project also develops tools to alert users and guide them to understand and repair profiles, and studies regulatory models to incentivize the industry to adopt a more transparent practice.This project develops an evaluation framework to facilitate the development and adoption of technologies. The evaluation plan includes user studies involving real, diverse user groups on the Internet.To transition technologies to practice, this project makes the tools freely available, and deploys data collection and measurement systems on the Internet. This project also educates users about pollution attacks and engages with users to improve the usability of the tools.

该项目研究代表性个性化服务的安全性，例如搜索引擎、新闻聚合器和在线定向广告，并识别服务组件中的漏洞，这些漏洞可被污染攻击利用来传递攻击者想要的内容。该项目还开发了防御措施——深入开展污染防治攻坚战。其中包括新的服务器端机制，以防止允许攻击者插入操作的各种跨站点请求伪造方案。防御机制还包括分布式数据收集、测量和分析框架，用于检测浏览行为和信息内容中的异常情况，这些异常情况表明用户配置文件或人群偏好受到污染。新的信息分析技术使用机器学习和自然语言处理来识别对用户来说重要或重要的差异（例如，丢失的信息）。该项目还开发工具来提醒用户并指导他们理解和修复配置文件，并研究监管模型以激励行业采取更透明的做法。该项目开发了一个评估框架以促进技术的开发和采用。评估计划包括涉及互联网上真实、多样化用户群体的用户研究。为了将技术转化为实践，该项目免费提供工具，并在互联网上部署数据收集和测量系统。该项目还教育用户有关污染攻击的知识，并与用户互动以提高工具的可用性。