deSEO: Combating Search-Result Poisoning

Authors: 

John P. John, University of Washington; Fang Yu and Yinglian Xie, MSR Silicon Valley; Arvind Krishnamurthy, University of Washington; Martín Abadi, MSR Silicon Valley

Abstract: 

We perform an in-depth study of SEO attacks that spread malware by poisoning search results for popular queries. Such attacks, although recent, appear to be both widespread and effective. They compromise legitimate Web sites and generate a large number of fake pages targeting trendy keywords. We first dissect one example attack that affects over 5,000 Web domains and attracts over 81,000 user visits. Further, we develop deSEO, a system that automatically detects these attacks. Using large datasets with hundreds of billions of URLs, deSEO successfully identifies multiple malicious SEO campaigns. In particular, applying the URL signatures derived from deSEO, we find 36% of sampled searches to Google and Bing contain at least one malicious link in the top results at the time of our experiment.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {266521,
author = {John P. John and Fang Yu and Yinglian Xie and Arvind Krishnamurthy and Mart{\'\i}n Abadi},
title = {{deSEO}: Combating {Search-Result} Poisoning},
booktitle = {20th USENIX Security Symposium (USENIX Security 11)},
year = {2011},
address = {San Francisco, CA},
url = {https://www.usenix.org/conference/usenix-security-11/deseo-combating-search-result-poisoning},
publisher = {USENIX Association},
month = aug
}
Download

Presentation Video

Presentation Audio

Links

Paper: 
http://www.usenix.org/events/sec11/tech/full_papers/John.pdf
Slides: 
http://www.usenix.org/events/sec11/tech/slides/john.pdf