breaking captchas on the dark web
play

Breaking CAPTCHAs on the Dark Web Using neural networks to enable - PowerPoint PPT Presentation

Jul 22, 2023 •395 likes •972 views

Breaking CAPTCHAs on the Dark Web Using neural networks to enable scraping RP #62, Kevin Csuka & Dirk Gaastra Supervisor: Yonne de Bruijn, Fox-IT 6 February, 2018 University of Amsterdam Introduction Scraping the Dark Web Useful for

  1. Breaking CAPTCHAs on the Dark Web Using neural networks to enable scraping RP #62, Kevin Csuka & Dirk Gaastra Supervisor: Yonne de Bruijn, Fox-IT 6 February, 2018 University of Amsterdam

  2. Introduction

  3. Scraping the Dark Web Useful for threat intelligence companies 1

  4. Scraping the Dark Web Useful for threat intelligence companies ... sometimes hard to get to. 1

  5. Scraping the Dark Web Useful for threat intelligence companies ... sometimes hard to get to. Mainly the blockades, such as CAPTCHAs, is an issue for the scrapers. 1

  6. CAPTCHA Figure 1: CAPTCHA example • Completely Automated Public Turing test to tell Computer and Humans Apart 2

  7. CAPTCHA Figure 1: CAPTCHA example • Completely Automated Public Turing test to tell Computer and Humans Apart • Test to determine whether the user is human or not 2

  8. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? 3

  9. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? Sub-questions: 1. Impact of solving CAPTCHAs 3

  10. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? Sub-questions: 1. Impact of solving CAPTCHAs 2. Solve CAPTCHAs by using Optical Character Recognition (OCR)? 3

  11. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? Sub-questions: 1. Impact of solving CAPTCHAs 2. Solve CAPTCHAs by using Optical Character Recognition (OCR)? 3. Solving CAPTCHAs by using Machine Learning (ML) 3

  12. Related Work

  13. Related Work 1. Lawrence et al. created their own dark web scraping tool, D-miner; CAPTCHAs were solved by human labor [1] 4

  14. Related Work 1. Lawrence et al. created their own dark web scraping tool, D-miner; CAPTCHAs were solved by human labor [1] 2. Ryan Mitchell demonstrated how to solve CAPTCHAs using Optical Character Recognition with Tesseract [2] 4

  15. Related Work 1. Lawrence et al. created their own dark web scraping tool, D-miner; CAPTCHAs were solved by human labor [1] 2. Ryan Mitchell demonstrated how to solve CAPTCHAs using Optical Character Recognition with Tesseract [2] 3. Torch has previously been used to train a neural network to solve CAPTCHAs by Arun Patala [3] 4

  16. Methods

  17. Methods Two methods to solve the questions: 1. Categorizing dark web websites 2. Breaking CAPTCHAs 5

  18. 1. Categorizing websites 6

  19. 1. Categorizing websites Analysis of 633 dark web websites 6

  20. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? 6

  21. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? • Are there any duplicates? 6

  22. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? • Are there any duplicates? • Which ones block scraping? 6

  23. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? • Are there any duplicates? • Which ones block scraping? • What kind of blockade are they using? 6

  24. 2. Breaking CAPTCHAs 7

  25. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 7

  26. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 7

  27. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 2. Exploiting bugs in the implementation that allow the attacker to bypass the CAPTCHA 7

  28. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 2. Exploiting bugs in the implementation that allow the attacker to bypass the CAPTCHA 3. Character recognition software to solve the CAPTCHA 7

  29. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 2. Exploiting bugs in the implementation that allow the attacker to bypass the CAPTCHA 3. Character recognition software to solve the CAPTCHA 8

  30. 2. Breaking CAPTCHAs - Dataset Testing two common types of CAPTCHA: Figure 2: CAPTCHAs set 1, generated using PHP Figure 3: CAPTCHAs set 2, generated with Python 9

  31. 2. Breaking CAPTCHAs Figure 4: Training the neural network 10

  32. 2. Breaking CAPTCHAs Figure 5: Login web page with generated CAPTCHA 11

  33. 2. Breaking CAPTCHAs Figure 6: Workflow of solving CAPTCHA with TensorFlow via Scrapy 12

  34. Results

  35. 1. Categorizing websites 13

  36. 1. Categorizing websites Figure 7: Percentage of scraping blockade using CAPTCHAs (n = 465 ) 13

  37. 1. Categorizing websites Figure 8: Percentage of scraping blockades using CAPTCHAs (n = 465, n = 55) 14

  38. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract 15

  39. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract Figure 9: Success rate of Tesseract and TensorFlow (n = 1,000), higher is better 15

  40. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract Levenshtein distance : minimal edit distance to get the correct result [5] E.g. kitten to mitten = 1 16

  41. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract Levenshtein distance : minimal edit distance to get the correct result [5] E.g. kitten to mitten = 1 Figure 10: Combined Levenshtein distance, lower is better 16

  42. Conclusion

  43. Conclusion • Circumventing CAPTCHAs is necessary to scrape blocked parts of websites 17

  44. Conclusion • Circumventing CAPTCHAs is necessary to scrape blocked parts of websites • Machine Learning is most effective 17

  45. Conclusion • Circumventing CAPTCHAs is necessary to scrape blocked parts of websites • Machine Learning is most effective • However, if immediacy takes precedent over success rate and accuracy, then Tesseract (OCR) might be a better option 17

  46. Future Research

  47. Future Research A more granular analysis of dark web websites: 18

  48. Future Research A more granular analysis of dark web websites: • What content? 18

  49. Future Research A more granular analysis of dark web websites: • What content? • Any content hidden, due to lack of privileges? 18

  50. Future Research Increase readability for Tesseract by ”cleaning up” the image Figure 11: Removing noise from CAPTCHA [6] 19

  51. Future Research Achieve a more efficient training model, by using character segmentation Figure 12: CAPTCHA character segmentation [7] 20

  52. Future Research Try more CAPTCHAs: 21

  53. Future Research Try more CAPTCHAs: • Increased difficulty 21

  54. Future Research Try more CAPTCHAs: • Increased difficulty • If software to generate the CAPTCHAs, including the answers, is not available; send a training set to be solved by human labor. This costs money, $ 1,39 per 1,000 images [8] 21

  55. Questions ? 22

  56. References [1] Lawrence, H., Hughes, A., Tonic, R., & Zou, C. (2017, October). D-miner: A framework for mining, searching, visualizing, and alerting on darknet events. In Communications and Network Security (CNS), 2017 IEEE Conference on (pp. 1-9). IEEE. [2] Mitchell, R. (2015). Web scraping with Python: collecting data from the modern web. ” O’Reilly Media, Inc.”. [3] Arun Patala. https://deepmlblog.wordpress.com/2016/01/03/how- to-break-a-captcha-system/ [4]people.cs.pitt.edu [5]extremetech.com [6]ahm3dibrahim.wordpress.com [7] medium.com [8] http://www.deathbycaptcha.com/ 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Breaking e-Banking CAPTCHAs Shujun Li 1 , Syed Amier Haider Shah 2 , Muhammad Asad Usman Khan 2 ,

Breaking e-Banking CAPTCHAs Shujun Li 1 , Syed Amier Haider Shah 2 , Muhammad Asad Usman Khan 2 ,

ACSAC 26 Breaking e-Banking CAPTCHAs Shujun Li 1 , Syed Amier Haider Shah 2 , Muhammad Asad Usman Khan 2 , Syed Ali Khayam 2 , Ahmad-Reza Sadeghi 3 , Roland Schmitz 4 1 Zukunftskolleg, University of Konstanz, Germany 2 National University of

941 views • 39 slides
The art of breaking and designing captchas Elie Bursztein Session ID: HT02-402 Insert

The art of breaking and designing captchas Elie Bursztein Session ID: HT02-402 Insert

The art of breaking and designing captchas Elie Bursztein Session ID: HT02-402 Insert presenter logo here Session Classification: xxxxxxxxxxxx on slide master. See hidden slide 4 for direc6ons Insert presenter logo here on slide master.

2.36k views • 192 slides
EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic Context I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs Antreas Dionysiou - Department of Computer Science University of Cyprus

867 views • 39 slides
THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING p.1/31 OUTLINE Introduction Higgs sector Tree-level masses EWSB and fine-tuning Supersymmetric spectrum Dark

361 views • 34 slides
Cosmological B L Breaking: (Dark) Matter & Gravitational Waves Wilfried Buchm uller

Cosmological B L Breaking: (Dark) Matter & Gravitational Waves Wilfried Buchm uller

Cosmological B L Breaking: (Dark) Matter & Gravitational Waves Wilfried Buchm uller DESY, Hamburg with Valerie Domcke, Kai Schmitz & Kohei Kamada 1202.6679; 1203.0285, 1210.4105, 1305.3392 GGI, Florence, June 2013 I. B L

508 views • 26 slides
Axion as a Dark matter 20195513 Minsang Yu 1 Contents 1. Spontaneous Symmetry Breaking (SSB) U

Axion as a Dark matter 20195513 Minsang Yu 1 Contents 1. Spontaneous Symmetry Breaking (SSB) U

Axion as a Dark matter 20195513 Minsang Yu 1 Contents 1. Spontaneous Symmetry Breaking (SSB) U 1 A problem 2. 3. Strong CP problem 4. Axion Search 5. Summary 2 1. Spontaneous Symmetry Breaking (SSB) Consider a simple Lagrangian for

492 views • 30 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental

Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental

Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental interactions are parity breaking maybe parity breaking is manifest in new cosmological physics (inflation, dark matter, dark energy, baryogenesis) as

551 views • 37 slides
Animated Captchas And Games For Advertising Suhas Aggarwal IIT Guwahati May 2013 1 Content

Animated Captchas And Games For Advertising Suhas Aggarwal IIT Guwahati May 2013 1 Content

Animated Captchas And Games For Advertising Suhas Aggarwal IIT Guwahati May 2013 1 Content How Captchas and Games can help in Advertising Animation Captcha Systems and their Special Benefit in Advertising Visual Effects Captcha,

820 views • 26 slides
R-Partity Breaking via Type II Seesaw, Gravitino Dark Matter and Positron Excess Shao-Long Chen

R-Partity Breaking via Type II Seesaw, Gravitino Dark Matter and Positron Excess Shao-Long Chen

R-Partity Breaking via Type II Seesaw, Gravitino Dark Matter and Positron Excess Shao-Long Chen University of Maryland Pheno 2009 Based on arXiv:0903.2562 in collaboration with R. N. Mohapatra, S. Nussinov and Yue Zhang Pheno 2009 p.1/18

542 views • 18 slides
Something about audio CAPTCHAs Elie Bursztein, Romain Bauxis, Daniele Perito, Hristo Paskov,

Something about audio CAPTCHAs Elie Bursztein, Romain Bauxis, Daniele Perito, Hristo Paskov,

Something about audio CAPTCHAs Elie Bursztein, Romain Bauxis, Daniele Perito, Hristo Paskov, Celine Fabry, John Mitchell 1 Elie Bursztein (@elie) http://ly.tl/p18 The Failure of Noise-Based Non-Continuous Audio Captchas Elie Bursztein

729 views • 45 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
How Good are Humans at Solving d r CAPTCHAs? A Large Scale Evaluation o f n a Elie

How Good are Humans at Solving d r CAPTCHAs? A Large Scale Evaluation o f n a Elie

b a L y t i r u c e S r e t u p m o C How Good are Humans at Solving d r CAPTCHAs? A Large Scale Evaluation o f n a Elie Bursztein, Steven Bethard, Celine Fabry, John t S Mitchell, Dan Jurafsky, http://ly.tl/p11 E.

1.2k views • 105 slides
Breaking Bad The dark secrets of web typography Dave Cramer / Hachette Book Group Dave Cramer

Breaking Bad The dark secrets of web typography Dave Cramer / Hachette Book Group Dave Cramer

Breaking Bad The dark secrets of web typography Dave Cramer / Hachette Book Group Dave Cramer Hachette Book Group @dauwhe W3C CSS Working Group W3C Publishing Working Group EPUB3 Community Group Web Design Paradigms 1. No design (HTML

652 views • 31 slides
UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante

UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante

UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante University of New Haven What is CAPTCHA? Term coined in 2000 at Carnegie Mellon by Luis von Ahn, Manuel Blum, Nicholas Harper, and John

576 views • 29 slides
Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and Dark Matter Modified Gravity Models and their observational implications Orfeu Bertolami Instituto Superior Tcnico Departamento de Fsica

610 views • 46 slides
A Mean Field View of the Landscape of Two-Layers Neural Networks Song Mei Stanford University

A Mean Field View of the Landscape of Two-Layers Neural Networks Song Mei Stanford University

A Mean Field View of the Landscape of Two-Layers Neural Networks Song Mei Stanford University November 14, 2018 Joint work with Andrea Montanari and Phan-Minh Nguyen Song Mei (Stanford University) Mean Field Dynamics for Neural Network

807 views • 70 slides
Word Sense Determination from Wikipedia Data Using Neural Networks Advisor Dr. Chris Pollett

Word Sense Determination from Wikipedia Data Using Neural Networks Advisor Dr. Chris Pollett

Word Sense Determination from Wikipedia Data Using Neural Networks Advisor Dr. Chris Pollett Committee Members Dr. Jon Pearce By Dr. Suneuy Kim Qiao Liu Agenda Introduction Background Model Architecture Data Sets and Data

490 views • 32 slides
Going Deeper with Convolutions Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott

Going Deeper with Convolutions Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott

Going Deeper with Convolutions Christian Szegedy, Wei Liu, Yangqing Jia, Pierre Sermanet, Scott Reed, Dragomir Anguelov, Dumitru Erhan, Vincent Vanhoucke, and Andrew Rabinovich PRESENTED BY: KAYLEE YUHAS AND KYLE COFFEY About Neural Networks

341 views • 12 slides
Artificial Neural Networks for Storm Surge Predictions in NC DHS Summer Research Team 1 Outline

Artificial Neural Networks for Storm Surge Predictions in NC DHS Summer Research Team 1 Outline

Artificial Neural Networks for Storm Surge Predictions in NC DHS Summer Research Team 1 Outline Introduction; Feedforward Artificial Neural Network; Design questions; Implementation; Improvements; Conclusions;

498 views • 23 slides
Spherical Convolutional Neural Networks Empirical analysis of SCNNs LTS2 Prof. Pierre

Spherical Convolutional Neural Networks Empirical analysis of SCNNs LTS2 Prof. Pierre

Spherical Convolutional Neural Networks Empirical analysis of SCNNs LTS2 Prof. Pierre Vandergheynst Sup. Michal Defferrard Nathanal Perraudin Master Thesis - Frdrick Gusset 16.07.2019 Introduction CNNs are very powerful

438 views • 32 slides
Make Digital Mak al Real al | | Execute Smar art t The Digital Five Forces and Composite

Make Digital Mak al Real al | | Execute Smar art t The Digital Five Forces and Composite

Reimagining Manufactu turi ring with th Digital Technologies s Dr. Satya Ramaswamy Make Digital Mak al Real al | | Execute Smar art t The Digital Five Forces and Composite Forces Big Data =1- g g ! ; Iii - fJ Mindtree 2 - ~ ~

487 views • 13 slides
Senior Project I XiaoEx - The Exchange Expert By Kasperi Reinikainen5818014 Hein Htet Naing

Senior Project I XiaoEx - The Exchange Expert By Kasperi Reinikainen5818014 Hein Htet Naing

Senior Project I XiaoEx - The Exchange Expert By Kasperi Reinikainen5818014 Hein Htet Naing 5818035 Asnai Narang 5815228 Content 1. Introduction 2. Motivation and background 3. In brief: Forex & Neural Networks 4. Reference study

409 views • 40 slides
Deep Neural Network Enhanced VSLAM Landmark Selection Dr. Patrick Benavidez University of Texas

Deep Neural Network Enhanced VSLAM Landmark Selection Dr. Patrick Benavidez University of Texas

Introduction Background on methods used in VSLAM Proposed Method Testbed Preliminary Results Deep Neural Network Enhanced VSLAM Landmark Selection Dr. Patrick Benavidez University of Texas at San Antonio - Department of Electrical and

529 views • 30 slides

More recommend