Georgia Institute of Technology Georgia Institute of Technology

Research Horizons

Georgia Tech's Research Horizons Magazine

Finding What Doesn’t Belong

Map shows the geolocation distributions of infected sponsored top-level domains across 141 countries. (Credit: Xiaojing Liao, Georgia Tech)


By detecting semantic inconsistencies in content, researchers have developed a new technique for identifying promotional infections of websites operated by government and educational organizations. Such attacks use code embedded in highly ranked sites to drive traffic to sketchy websites selling items like fake drugs, counterfeit handbags, and plagiarized term papers.

The new technique, known as Semantic Inconsistency Search (SEISE), uses natural language processing to spot differences between a compromised site’s expected content and malicious advertising and promotional code. For example, a university site wouldn’t be expected to promote online gambling, and a military site shouldn’t be selling counterfeit drugs.

Using SEISE, the researchers found 11,000 infected sites among noncommercial, top-level sponsored education, government, and military domains worldwide, and they are working to extend the method to other domains.


Researchers found 11,000 infected sites among non-commercial top-level sponsored .edu, .gov, and .mil domains worldwide and are working to extend the method to other domains.

“The basic idea behind promotional infection is to attack websites that are highly ranked and to leverage their importance to promote various things, most of them illegal,” explained Raheem Beyah, who is the Motorola Foundation Professor and Associate Chair for Strategic Initiatives and Innovation in Georgia Tech’s School of Electrical and Computer Engineering. “The bad content is nested into the prominent site to leverage the traffic of that domain. That gives the attackers a doorway to whatever they are promoting.”

The research was supported by the U.S. National Science Foundation and the Natural Science Foundation of China. It was described in a presentation at the IEEE Symposium on Security and Privacy in San Jose, California. SEISE was developed by researchers from the Georgia Institute of Technology, Indiana University, and Tsinghua University in China. — John Toon

Subscribe to Research Horizons
Get the latest Georgia Tech research news through our free print magazine, monthly electronic newsletter, and Twitter feed.


Georgia Tech is home to more than 2,500 faculty members who conduct scientific and engineering research in hundreds of different research areas.

Related Stories

Read More
Read More
Read More

Media Contacts

John Toon

John Toon

Director of Research News
Phone: 404.894.6986

Anne Wainscott-Sargent

Research News
Phone: 404-435-5784

Subscribe & Connect

Follow Us on Twitter:


RSS Feeds

Subscribe to our RSS Feeds with your favorite reader.

Email Newsletter

Sign up to receive our monthly email newsletter.

Research Horizons Magazine

Sign up for a free subscription to Research Horizons magazine.