Exploring the Impact of Profile Injection Attacks in Social Tagging Systems ⋆ Maryam Ramezani, J.J. Sandvig, Runa Bhaumik, Tom Schimoler, Robin Burke, Bamshad Mobasher Center for Web Intelligence School of Computing, DePaul University Chicago, Illinois, USA {mramezani,jsandvig,rbhaumik,tschimoler,rburke,mobasher}@cs.depaul.edu Abstract. As in the case of all open and adaptive systems that rely on user input to organize and present content, social tagging systems are vulnerable to spam- ming and profile injection attacks. Malicious users may try to distort the system’s behavior by inserting erroneous or misleading annotations, thus altering the way in which information is presented to legitimate users. Prior work on recommender systems has shown that studying the different attack types, their properties, and their impact, can help us find robust algorithms to make these systems more se- cure. In this paper we present and study two types of potential attacks against tagging systems. Using real data from a popular social tagging Web site, we em- pirically evaluate the impact of these attacks and their variants. Specifically, we consider two variants of an attack (called the overload attack) designed to pro- mote a resource by adding different types of annotations to that resource, and another type of attack (called a piggyback attack) designed to promote a resource by associating it with other resources. We devise specific metrics to measure im- pact of these different attack types. Our results show that current systems are vulnerable to attacks, especially when the attack is focused on a specific target group of users to promote a target resource. 1 Introduction Tagging systems are popular tools for organizing content; they allow users to annotate resources with one or more personalized tags. These social (or collaborative) tagging environments have gained popularity in part because they provide an open social en- vironment for users to share resources and opinions without being hindered by pre- specified concept hierarchies or navigational structures. Social tagging systems are an extension of social recommendation behavior: people share their resource and tag pref- erences with one another, connecting them in an implicit social network. For example, in del.icio.us or Last.fm users can find other users with similar tags or resources and build a network with them. Like other publicly accessible adaptive systems such as collaborative recommender systems, tagging systems present a security problem. Attackers, who cannot be readily ⋆ This work was supported in part by the National Science Foundation Cyber Trust program under Grant IIS-0430303.