(Un)Safe Browsing

Users often accidentally or inadvertently click ma- licious phishing or malware website links, and in doing so they sacrifice secret information and sometimes even fully compromise their devices. These URLs are intelligently scripted to remain inconspicuous over the Internet. In light of the ever increasing number of such URLs, new ingenious strategies have been in- vented to detect them and inform the end user when he is tempted to access such a link. The Safe Browsing technique provides an exemplary service to identify unsafe websites and notify users and webmasters allowing them to protect themselves from harm. In this work, we show how to turn Google Safe Browsing services against itself and its users. We propose several Distributed Denial- of-Service attacks that simultaneously affect both the Google Safe Browsing server and the end user. Our attacks leverage on the false positive probability of the data structures used for malicious URL detection. This probability exists because a trade- off was made between Google's server load and client's memory consumption. Our attack is based on the forgery of malicious URLs to increase the false positive probability. Finally we show how Bloom filter combined with universal hash functions and prefix lengthening can fix the problem

A Privacy Analysis of Google and Yandex Safe Browsing

Google and Yandex Safe Browsing are popular services included in many webbrowsers to prevent users from visiting phishing or malware website links. If Safe Browsing servicesprotect their users from losing private information, they also require that their servers receivebrowsing information on the very same users. In this paper, we present an analysis of Googleand Yandex Safe Browsing services from a privacy perspective. We quantify the privacy providedby these services by analyzing the possibility of re-identifying a URL visited by a client. Wehence challenge Google’s privacy policies where they claim that Google can not recover URLsvisited by its users. Our analysis and experimental results show that Google and Yandex SafeBrowsing can potentially be used as a tool to track specific classes of individuals. Additionally, ourinvestigations on the data currently included in Yandex Safe Browsing provides a concrete set ofURLs/domains that can be re-identified without much effort

Спрощення інтерфейсу роботи з «Google Safe Browsing API»

Керівник: Ободяк В.К., доцен

PPSB: AN OPEN AND PLATFORM FOR PRIVACY PRESERVING SAFE BROWSING

The approach of arising processing advancements, for example, administration situated design and distributed computing has empowered us to perform business benefits all the more productively and viably. In any case, we actually experience the ill effects of unintended security spillages by unapproved activities in business administrations. Firewalls are the most generally sent security system to guarantee the security of private organizations in many organizations and foundations. The viability of security assurance gave by a firewall chiefly relies upon the nature of strategy designed in the firewall. Shockingly, planning and overseeing firewall approaches are frequently mistake inclined because of the perplexing idea of firewall setups just as the absence of methodical examination instruments and devices. In this paper, we speak to a creative approach abnormality the board structure for firewalls, embracing a standard based division method to recognize strategy irregularities and infer viable peculiarity goals. Specifically, we articulate a network based portrayal procedure, giving an instinctive intellectual sense about strategy inconsistency. We additionally examine a proof-of-idea execution of a representation based firewall strategy investigation instrument called Firewall Anomaly Management Environment (FAME). Moreover, we show how effectively our methodology can find and resolve peculiarities in firewall arrangements through thorough trials

An Evasion Attack against ML-based Phishing URL Detectors

Background: Over the year, Machine Learning Phishing URL classification (MLPU) systems have gained tremendous popularity to detect phishing URLs proactively. Despite this vogue, the security vulnerabilities of MLPUs remain mostly unknown. Aim: To address this concern, we conduct a study to understand the test time security vulnerabilities of the state-of-the-art MLPU systems, aiming at providing guidelines for the future development of these systems. Method: In this paper, we propose an evasion attack framework against MLPU systems. To achieve this, we first develop an algorithm to generate adversarial phishing URLs. We then reproduce 41 MLPU systems and record their baseline performance. Finally, we simulate an evasion attack to evaluate these MLPU systems against our generated adversarial URLs. Results: In comparison to previous works, our attack is: (i) effective as it evades all the models with an average success rate of 66% and 85% for famous (such as Netflix, Google) and less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively; (ii) realistic as it requires only 23ms to produce a new adversarial URL variant that is available for registration with a median cost of only $11.99/year. We also found that popular online services such as Google SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that Adversarial training (successful defence against evasion attack) does not significantly improve the robustness of these systems as it decreases the success rate of our attack by only 6% on average for all the models. (iv) Further, we identify the security vulnerabilities of the considered MLPU systems. Our findings lead to promising directions for future research. Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but also highlights implications for future study towards assessing and improving these systems.Comment: Draft for ACM TOP

PhishDef: URL Names Say It All

Phishing is an increasingly sophisticated method to steal personal user information using sites that pretend to be legitimate. In this paper, we take the following steps to identify phishing URLs. First, we carefully select lexical features of the URLs that are resistant to obfuscation techniques used by attackers. Second, we evaluate the classification accuracy when using only lexical features, both automatically and hand-selected, vs. when using additional features. We show that lexical features are sufficient for all practical purposes. Third, we thoroughly compare several classification algorithms, and we propose to use an online method (AROW) that is able to overcome noisy training data. Based on the insights gained from our analysis, we propose PhishDef, a phishing detection system that uses only URL names and combines the above three elements. PhishDef is a highly accurate method (when compared to state-of-the-art approaches over real datasets), lightweight (thus appropriate for online and client-side deployment), proactive (based on online classification rather than blacklists), and resilient to training data inaccuracies (thus enabling the use of large noisy training data).Comment: 9 pages, submitted to IEEE INFOCOM 201