Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Fake Resume Attacks: Data Poisoning on Online Job Platforms

Michiharu Yamashita, Thanh Tran, Dongwon Lee

TL;DR

This work reveals a vulnerability in online job platforms where data poisoning through fake resumes can skew career-prediction matchmaking. It introduces FRANCIS, an end-to-end framework composed of a probabilistic trajectory generator, reality regulation, an attack module, a target-focused objective function, and a surrogate model to credibly craft fake resumes. Across Tech and Business datasets, FRANCIS markedly degrades or elevates target predictions, achieving substantial improvement rates at modest injection levels and outperforming several baselines, including GPT-4 and DQN. The findings highlight practical risks to both job seekers and employers and call for defense mechanisms to safeguard HR workflows in online platforms.

Abstract

While recent studies have exposed various vulnerabilities incurred from data poisoning attacks in many web services, little is known about the vulnerability on online professional job platforms (e.g., LinkedIn and Indeed). In this work, first time, we demonstrate the critical vulnerabilities found in the common Human Resources (HR) task of matching job seekers and companies on online job platforms. Capitalizing on the unrestricted format and contents of job seekers' resumes and easy creation of accounts on job platforms, we demonstrate three attack scenarios: (1) company promotion attack to increase the likelihood of target companies being recommended, (2) company demotion attack to decrease the likelihood of target companies being recommended, and (3) user promotion attack to increase the likelihood of certain users being matched to certain companies. To this end, we develop an end-to-end "fake resume" generation framework, titled FRANCIS, that induces systematic prediction errors via data poisoning. Our empirical evaluation on real-world datasets reveals that data poisoning attacks can markedly skew the results of matchmaking between job seekers and companies, regardless of underlying models, with vulnerability amplified in proportion to poisoning intensity. These findings suggest that the outputs of various services from job platforms can be potentially hacked by malicious users.

Fake Resume Attacks: Data Poisoning on Online Job Platforms

TL;DR

This work reveals a vulnerability in online job platforms where data poisoning through fake resumes can skew career-prediction matchmaking. It introduces FRANCIS, an end-to-end framework composed of a probabilistic trajectory generator, reality regulation, an attack module, a target-focused objective function, and a surrogate model to credibly craft fake resumes. Across Tech and Business datasets, FRANCIS markedly degrades or elevates target predictions, achieving substantial improvement rates at modest injection levels and outperforming several baselines, including GPT-4 and DQN. The findings highlight practical risks to both job seekers and employers and call for defense mechanisms to safeguard HR workflows in online platforms.

Abstract

While recent studies have exposed various vulnerabilities incurred from data poisoning attacks in many web services, little is known about the vulnerability on online professional job platforms (e.g., LinkedIn and Indeed). In this work, first time, we demonstrate the critical vulnerabilities found in the common Human Resources (HR) task of matching job seekers and companies on online job platforms. Capitalizing on the unrestricted format and contents of job seekers' resumes and easy creation of accounts on job platforms, we demonstrate three attack scenarios: (1) company promotion attack to increase the likelihood of target companies being recommended, (2) company demotion attack to decrease the likelihood of target companies being recommended, and (3) user promotion attack to increase the likelihood of certain users being matched to certain companies. To this end, we develop an end-to-end "fake resume" generation framework, titled FRANCIS, that induces systematic prediction errors via data poisoning. Our empirical evaluation on real-world datasets reveals that data poisoning attacks can markedly skew the results of matchmaking between job seekers and companies, regardless of underlying models, with vulnerability amplified in proportion to poisoning intensity. These findings suggest that the outputs of various services from job platforms can be potentially hacked by malicious users.
Paper Structure (35 sections, 12 equations, 5 figures, 8 tables)

This paper contains 35 sections, 12 equations, 5 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Data Poisoning Attack
  4. Career Prediction
  5. HR-domain Downstream Tasks
  6. Preliminaries
  7. Target Downstream Task
  8. Attack Settings
  9. Attack Scenarios and Objectives
  10. Dataset
  11. Fake Resume Attack Framework
  12. Probabilistic Job Trajectory Generator
  13. Reality Regulation
  14. Attack Module
  15. Objective Function
  16. ...and 20 more sections

Figures (5)

  • Figure 1: An illustration of our fake resume attack.
  • Figure 2: Ecosystem of online job platforms and our attack scenarios. Users create their online accounts by registering their resumes, which are used for the career prediction model to predict their next career. Then, based on the predicted results, users receive the list of recommended companies as a B2C service while recruiters obtain the potential candidate lists as a B2B service. Our attack objects and scenarios are shown in red color. We propose (1) Company Promotion Attack, (2) Company Demotion Attack, and (3) User Promotion Attack. See more details in Section \ref{['sec:Preliminaries']}.
  • Figure 3: An example of a job transition graph.
  • Figure 4: Victim model's improvement rate comparison in the Tech dataset with our attack method, targeting "Small-size" company.
  • Figure 5: Distribution of company (# of employees).