skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Attention Please: Your Attention Check Questions in Survey Studies Can Be Automatically Answered
Attention check questions have become commonly used in online surveys published on popular crowdsourcing platforms as a key mechanism to filter out inattentive respondents and improve data quality. However, little research considers the vulnerabilities of this important quality control mechanism that can allow attackers including irresponsible and malicious respondents to automatically answer attention check questions for efficiently achieving their goals. In this paper, we perform the first study to investigate such vulnerabilities, and demonstrate that attackers can leverage deep learning techniques to pass attention check questions automatically. We propose AC-EasyPass, an attack framework with a concrete model, that combines convolutional neural network and weighted feature reconstruction to easily pass attention check questions. We construct the first attention check question dataset that consists of both original and augmented questions, and demonstrate the effectiveness of AC-EasyPass. We explore two simple defense methods, adding adversarial sentences and adding typos, for survey designers to mitigate the risks posed by AC-EasyPass; however, these methods are fragile due to their limitations from both technical and usability perspectives, underlining the challenging nature of defense. We hope our work will raise sufficient attention of the research community towards developing more robust attention check mechanisms. More broadly, our work intends to prompt the research community to seriously consider the emerging risks posed by the malicious use of machine learning techniques to the quality, validity, and trustworthiness of crowdsourcing and social computing.  more » « less
Award ID(s):
1936968
PAR ID:
10175639
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
The Web Conference
Page Range / eLocation ID:
1182 to 1193
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; ; ; ; ; et al (, Environmental Research Communications)
    Abstract This study explores the outcomes and impacts of sanitary sewer overflows (SSOs) and basement backups in underserved communities in Baltimore, Maryland. The larger effort is an environmental and community-driven mixed-methods project, however, the research in this manuscript focuses on the household survey portion with residents who have experienced SSOs or sewage backups. Based on the snowball sampling method applied, the resulting residents engaged are predominantly African-American individuals, females, homeowners, and residents between the ages of 50 and 69. Strikingly, 70% of respondents reported that their frequency of SSOs is between moderate to frequent. The findings reveal that SSOs are a pervasive issue affecting residents’ physical and mental health and overall quality of life. Despite residents’ perceptions that their household infrastructure is in good condition, the recurring nature of SSOs highlights systemic problems within the city’s aging sewer systems, urging a deeper understanding of the social and structural vulnerabilities involved. This research calls attention to the importance of comprehensive interventions, including effective risk communication strategies and substantial investment in infrastructure rehabilitation, to mitigate the risks posed by SSOs and promote long-term resilience in urban environments. Additionally, it emphasizes the importance of community-driven research in addressing engineering, urban planning, and public health challenges with particular support for the most affected populations. 
    more » « less
  2. ; ; ; ; ; (, 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW))
    Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks. 
    more » « less
  3. ; ; ; ; ; (, 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW))
    Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization’s development tools and infrastructure including the development environment. We considered various SSC attacks on stolen codesign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks. 
    more » « less
  4. ; ; ; (, AI Magazine)
    Abstract Machine unlearning is a cutting‐edge technology that embodies the privacy legal principle of the right to be forgotten within the realm of machine learning (ML). It aims to remove specific data or knowledge from trained models without retraining from scratch and has gained significant attention in the field of artificial intelligence in recent years. However, the development of machine unlearning research is associated with inherent vulnerabilities and threats, posing significant challenges for researchers and practitioners. In this article, we provide the first comprehensive survey of security and privacy issues associated with machine unlearning by providing a systematic classification across different levels and criteria. Specifically, we begin by investigating unlearning‐based security attacks, where adversaries exploit vulnerabilities in the unlearning process to compromise the security of machine learning (ML) models. We then conduct a thorough examination of privacy risks associated with the adoption of machine unlearning. Additionally, we explore existing countermeasures and mitigation strategies designed to protect models from malicious unlearning‐based attacks targeting both security and privacy. Further, we provide a detailed comparison between machine unlearning‐based security and privacy attacks and traditional malicious attacks. Finally, we discuss promising future research directions for security and privacy issues posed by machine unlearning, offering insights into potential solutions and advancements in this evolving field. 
    more » « less
  5. ; (, International Journal of High Speed Electronics and Systems)
    As the crisis of confidence and trust in overseas foundries arises, the industry and academic community are paying increasing attention to Printed Circuit Board (PCB) security. PCB, the backbone of any electronic system hardware, always draws attackers’ attention as it carries system and design information. Numerous ways of PCB tampering (e.g., adding/replacing a component, eavesdropping on a trace and bypassing a connection) can lead to more severe problems, such as Intellectual Property (IP) violation, password leaking, the Internet of Things (IoT) attacks or even more. This paper proposes a technique of active self-defense PCB modules with zero performance overhead. Those protection modules will only be activated when the boards are exposed to the attacks. A set of PCBs with proposed protection modules is fabricated and tested to prove the effectiveness and efficiency of the techniques. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email