A Comprehensive Approach to Undermining Search Result Poisoning.

摘要

Black hat search engine optimization (SEO), the practice of manipulating search results, has long been used by attackers to abuse search engines. In one such instance, search result poisoning, attackers siphon off large volumes of user traffic from organic search through organized efforts called SEO campaigns, and monetize the resulting traffic through scams ranging from sales of illicit goods to malware distributions. Entire ecosystems exist, each consisting of multiple campaigns poisoning on behalf of the same type of funding scam (e.g., counterfeit luxury goods).;These campaigns are supported by two low-level mechanisms: poisoned search results (PSRs) and an SEO botnet. Disguised as a typical search result, PSRs in reality entrap unsuspecting users and direct them to scams. To prolifically generate PSRs, campaigns use an SEO botnet of compromised sites.;Although interventions designed to disrupt search poisoning exist (e.g., demoting PSRs, seizing domain names), they tend to treat individual symptoms rather than address root causes. Thus, these reactive approaches are expensive and offer marginal benefit, leading to impractical and limited defenses.;In this dissertation, I present a framework to understand and address the root causes of search result poisoning. In support, I analyze search poisoning from three perspectives: PSRs, SEO botnets, and an ecosystem. Additionally, I synthesize insights acquired while examining lower-level mechanisms (PSRs, SEO botnets) into a comprehensive understanding capable of impacting the attacker's high level operation -- their SEO campaign.;From the point-of-view of PSRs, I explore modern cloaking to characterize the role of this black hat SEO technique in supporting PSRs. Then, by infiltrating an SEO botnet, I characterize the composition of an SEO botnet and how attackers generate PSRs at large scale. Lastly, I evaluate the effectiveness of current interventions in disrupting SEO campaigns found in the counterfeit luxury goods ecosystem.;In the end, I present a "bottom-up" approach to understanding and addressing the root causes of search result poisoning. Using a framework constructed from my analyses of lower-level mechanisms, I provide a methodology for identifying campaigns and their infrastructure that provides the improved targeting required for more robust, comprehensive, and systematic intervention.