Security Plan for Acme

Security Plan for Acme

Security Threats to Acme

Systems that automatically adjust themselves to input from users are vulnerable to attack from those same users. Recommendation systems in particular are a common, easy target for attacks for a multitude of reasons, including political, financial or other motivation factors that encourage the promotion or demotion of recommended items. Research from various sources has demonstrated that incorporating trust reputation and explanation feedback can have a positive impact on the robustness, accuracy and user acceptance of recommendation systems (Barber, 2001). Only recently has the subject of collaborative filtering system security been brought to the spotlight. The challenges of evolving attacks, it is natural to see the evolution of tools and their method of use. The attacks today are preparing well in advance. Hackers, organized gang, put by exploiting the failures of the operating machinery, discrete agents. These agents are watching over thousands of machines on the network. Other applications are a little more consistent set up on a smaller number of machines pirated (intermediate) and are waiting to send messages to these agents.

Most of the literature on collaborative filtering discusses performance of the systems rather than security concerns. However, it appears the issue of security will be a critical concern for both system designers and system users. Since a user's recommendation is usually calculated based on what other "unknown" individuals have rated, it is a difficult and tiresome task to distinguish between actual, "real" ratings and those ratings produced maliciously. Additionally, in order to perform an extremely successful attack, attackers only need to know a very small amount of information about the system. This makes the task of protecting the collaborative filtering system even more difficult (Delone, 2002).

Noise in itself is a result of imperfect user behavior and various collection processes that are employed. Two main categories of concerns are considered for recommendation systems, namely natural noise and malicious noise (intentional attacks). Natural noise is a class of noise which relates to the methods by which collaborative filtering systems obtain user preference and ratings. Since humans are subject to error, natural noise should be expected to occur. Certain algorithms and methods exist in the literature for removing natural noise, and hence it is not a major concern for collaborative filtering systems. On the other hand, malicious noise, also known as attacks, is a much more serious consideration (Kohli, 2000).

Type of Threats

This type of noise represents biased noise deliberately placed by an attacker in order to impact the ratings and recommendations of certain products or services. Attackers have a wide array of methods by which to attack a collaborative filtering system. Attackers can form several online identities through multiple registrations with the system. Each of these separate identities is known as an attack profile. In broad terms, there are two fundamental types of attacks; product push attacks and product nuke attacks (Menon, 2003). Here, identified the following 4 attack strategies for product push attacks:

Random attack: In this type of attack, attack profiles are ...