Personalized web search by mapping user queries to categories
Proceedings of the eleventh international conference on Information and knowledge management
Proceedings of the 27th annual international ACM SIGIR conference on Research and development in information retrieval
Identifying link farm spam pages
WWW '05 Special interest tracks and posters of the 14th international conference on World Wide Web
Personalizing search via automated analysis of interests and activities
Proceedings of the 28th annual international ACM SIGIR conference on Research and development in information retrieval
Automatic identification of user interest for personalized search
Proceedings of the 15th international conference on World Wide Web
A large-scale evaluation and analysis of personalized search strategies
Proceedings of the 16th international conference on World Wide Web
Web search personalization with ontological user profiles
Proceedings of the sixteenth ACM conference on Conference on information and knowledge management
A session based personalized search using an ontological user profile
Proceedings of the 2009 ACM symposium on Applied Computing
The YouTube video recommendation system
Proceedings of the fourth ACM conference on Recommender systems
Personalizing web search using long term browsing history
Proceedings of the fourth ACM international conference on Web search and data mining
Inferring and using location metadata to personalize web search
Proceedings of the 34th international ACM SIGIR conference on Research and development in Information Retrieval
SURF: detecting and measuring search poisoning
Proceedings of the 18th ACM conference on Computer and communications security
To each his own: personalized content selection based on text comprehensibility
Proceedings of the fifth ACM international conference on Web search and data mining
Probabilistic models for personalizing web search
Proceedings of the fifth ACM international conference on Web search and data mining
| Hi-index | 0.00 |
Modern Web services routinely personalize content to appeal to the specific interests, viewpoints, and contexts of individual users. Ideally, personalization allows sites to highlight information uniquely relevant to each of their users, thereby increasing user satisfaction--and, eventually, the service's bottom line. Unfortunately, as we demonstrate in this paper, the personalization mechanisms currently employed by popular services have not been hardened against attack. We show that third parties can manipulate them to increase the visibility of arbitrary content--whether it be a new YouTube video, an unpopular product on Amazon, or a low-ranking website in Google search returns. In particular, we demonstrate that attackers can inject information into users' profiles on these services, thereby perturbing the results of the services' personalization algorithms. While the details of our exploits are tailored to each service, the general approach is likely to apply quite broadly. By demonstrating the attack against three popular Web services, we highlight a new class of vulnerability that allows an attacker to affect a user's experience with a service, unbeknownst to the user or the service provider.