MAWSEO: Adversarial Wiki Search Poisoning for Illicit Online Promotion
Zilong Lin, Zhengyi Li, Xiaojing Liao, XiaoFeng Wang, Xiaozhong Liu
TL;DR
This work demonstrates that Wiki search poisoning for illicit promotion can be automated as a black-box adversarial attack. It introduces MAWSEO, a two-phase system that first generates Wiki-style promotional paragraphs and then retrieves and inserts them into target articles using a multi-task adversarial passage retrieval framework with four discriminators. Empirical results on a local Wiki platform show MAWSEO achieving substantial rank boosts and evasion of vandalism detectors, while user studies indicate promotional content can reach readers without triggering alarm. The paper also proposes defenses—coherence-based detection and adversarial training—highlighting a path toward more robust Wiki ecosystems and outlining limitations and future directions.
Abstract
As a prominent instance of vandalism edits, Wiki search poisoning for illicit promotion is a cybercrime in which the adversary aims at editing Wiki articles to promote illicit businesses through Wiki search results of relevant queries. In this paper, we report a study that, for the first time, shows that such stealthy blackhat SEO on Wiki can be automated. Our technique, called MAWSEO, employs adversarial revisions to achieve real-world cybercriminal objectives, including rank boosting, vandalism detection evasion, topic relevancy, semantic consistency, user awareness (but not alarming) of promotional content, etc. Our evaluation and user study demonstrate that MAWSEO is capable of effectively and efficiently generating adversarial vandalism edits, which can bypass state-of-the-art built-in Wiki vandalism detectors, and also get promotional content through to Wiki users without triggering their alarms. In addition, we investigated potential defense, including coherence based detection and adversarial training of vandalism detection, against our attack in the Wiki ecosystem.