TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

TWC SBE：TTP 选项：中：协作：EPICA：赋予人们克服信息控制和攻击的能力

• 批准号: 1409635
• 负责人: Wenke Lee
• 金额: $ 110万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-08-01 至 2018-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1409635&HistoricalAwards=false
• 关键词: TWC; SBE; TTP; Option; Medium

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.This project also develops defense-in-depth countermeasures against pollution attacks. These include new server-side mechanisms to prevent the various cross-site-request-forgery schemes that allow an attacker to insert actions. The defense mechanisms also include a distributed data collection, measurement and analysis framework to detect anomalies in browsing behaviors and information contents that are indicative of pollution of user profiles or population preferences. The new information analysis techniques use machine learning and natural language processing to identify differences (e.g., missing information) that are significant or important to a user. The project also develops tools to alert users and guide them to understand and repair profiles, and studies regulatory models to incentivize the industry to adopt a more transparent practice.This project develops an evaluation framework to facilitate the development and adoption of technologies. The evaluation plan includes user studies involving real, diverse user groups on the Internet.To transition technologies to practice, this project makes the tools freely available, and deploys data collection and measurement systems on the Internet. This project also educates users about pollution attacks and engages with users to improve the usability of the tools.

本项目研究搜索引擎、新闻聚合器、在线定向广告等具有代表性的个性化服务的安全性，识别能够被污染攻击利用来提供攻击者想要的内容的服务组件中的漏洞，并开发针对污染攻击的纵深防御对策。这些措施包括新的服务器端机制，以防止各种跨站点请求伪造方案，允许攻击者插入操作。防御机制还包括分布式数据收集、测量和分析框架，以检测浏览行为和信息内容中的异常，这些异常指示用户简档或人群偏好的污染。新的信息分析技术使用机器学习和自然语言处理来识别差异（例如，缺少信息）对用户来说是重要的或重要的。该项目还开发了提醒用户并指导他们理解和修复配置文件的工具，并研究了激励行业采用更透明做法的监管模式，该项目还开发了一个评估框架，以促进技术的开发和采用。评价计划包括对因特网上真实的、不同的用户群体进行用户研究，为了将技术转化为实践，该项目免费提供工具，并在因特网上部署数据收集和测量系统。该项目还向用户提供有关污染攻击的教育，并与用户互动，以提高工具的可用性。