building a wide reach corpus for secure parser development
play

Building a Wide Reach Corpus for Secure Parser Development LangSec - PowerPoint PPT Presentation

Sep 06, 2022 •47 likes •467 views

Click to add text Building a Wide Reach Corpus for Secure Parser Development LangSec 2020 May 21, 2020 The Team Chris Mattmann Tim Allison Tom Barber Wayne Burke Valentino Constantinou Edwin Goh Deputy CTO Files and Search Doer/Maker

  1. Click to add text Building a Wide Reach Corpus for Secure Parser Development LangSec 2020 May 21, 2020

  2. The Team Chris Mattmann Tim Allison Tom Barber Wayne Burke Valentino Constantinou Edwin Goh Deputy CTO Files and Search Doer/Maker Cognizant Engineer Data Scientist Data Scientist JPL PI Anastasia Menshikova Eric Junkins Phil Southam Ryan Stonebraker Mike Milano Data Scientist Virisha Timmaraju Data Scientist Trouble (Fun?) Maker Data Data Scientist Data Scientist Scientist/Alaskan jpl.nasa.gov

  3. Debts of Gratitude Sergey Bratus Peter Wyatt and Duff Johnson, PDF Association Dan Becker, John Kansky and team at Kudu Dynamics Trail of Bits, Galois, BAE and SRI jpl.nasa.gov

  4. Outline 1. Motivation for LangSec Corpus Development 2. Background and Related Work 3. Gathering Files 4. Extracting Features 5. Visualizing Features jpl.nasa.gov

  5. Motivation Who needs files? Inducing grammars ● Devtesting parsers during development ● Testing/profiling/tracing existing parsers ● ○ Literal files ○ Seeds for fuzzing jpl.nasa.gov

  6. Motivation But I have ‘wget’ and ‘curl’, how hard can it be?! Hyperlinks -- noisy, broken...and cycles! Hyperlink graph coverage Javascript rendered pages Connectivity/bandwidth issues Needles, haystacks Coverage, coverage, coverage jpl.nasa.gov

  7. Background and Related Work jpl.nasa.gov

  8. Related Work Govdocs1 • Common Crawl • Apache Tika’s regression corpus • jpl.nasa.gov

  9. Gathering Files jpl.nasa.gov

  10. Two Approaches Common Crawl ● APIs ● jpl.nasa.gov

  11. Common Crawl Monthly open source crawls of large portions of • the web: for December 2019, 2.45 trillion pages (234 TB). Available via Amazon Web Services Public • Datasets Searchable indexes available • https://commoncrawl.org/ jpl.nasa.gov

  12. Common Crawl Formats WARC - Web ARChive Format, http headers and • literal bytes retrieved (47 TB*) WAT - Metadata files about the crawl (18 TB*) • WET - Text extracted from X?HTML/Text (8 TB*) • URL Index files - metadata for each URL (0.3 TB*) • Sizes are the compressed sizes for the December, 2019 crawl. jpl.nasa.gov

  13. CommonCrawl HttpHeader Information jpl.nasa.gov

  14. Observed Limitations of Common Crawl Files are truncated at 1MB (22% of PDFs in the • December, 2019 crawl) Detected mime type not available in older crawls • Scale of the data • jpl.nasa.gov

  15. Detected Mimes on 200-Status Pages in the 12/2019 Crawl File Type Counts text/html 1,916,642,639 application/xhtml+xml 536,459,845 text/plain 68,596,968 message/rfc822 4,197,870 application/rss+xml 3,503,936 image/jpeg 3,405,543 application/atom+xml 3,292,446 application/pdf 3,275,094 application/xml 1,898,145 text/calendar 1,083,796 jpl.nasa.gov

  16. Website coverage: one deep dive Search Engine Condition Number of Files Google site:jpl.nasa.gov 1.2 million Bing site:jpl.nasa.gov 1.8 million Common Crawl *.jpl.nasa.gov 128,406 site:jpl.nasa.gov Google filetype:pdf 50,700 site:jpl.nasa.gov Bing filetype:pdf 64,300 *.jpl.nasa.gov mime= pdf Common Crawl 7 jpl.nasa.gov

  17. Common Crawl Takeaways Extraordinarily useful for gathering heaps of files No guarantees on coverage of the web Some post processing/refetching required Web crawling generally: No guarantees of representativeness of files in “typically” offline domains jpl.nasa.gov

  18. Common Crawl: How we’ve used it Gathered 30 million unique PDFs to date • Refetched the truncated PDFs • Stored provenance (and WARC metadata) in • AWS Athena jpl.nasa.gov

  19. Architectural Flyby jpl.nasa.gov

  20. Custom Crawlers/APIs Issue trackers can have non-optimal hyperlink • structures We’ve used APIs for Bugzilla and JIRA based • issue trackers so that we can query and gather issues with attachments. For a handful of sites, we have custom crawlers • jpl.nasa.gov

  21. Files, files and more files: Issue tracker data 27,000 PDFs (20 GB) • Post-processed compression/package files: • • PDFBOX-975-0.zip-3.pdf jpl.nasa.gov

  22. Extracting Features jpl.nasa.gov

  23. Features, features and more features Internal metadata (Apache Tika) • ClamAV hits (ClamAV) • PolyFile structural elements • Error messages, exit values, processing times • from standard commandline PDF processing tools: pdftotext, pdftops, pdfinfo, caradoc, pdfid jpl.nasa.gov

  24. Status: Extracting Features into AWS tika-annotate - Apache Tika Annotator Author U.S Government Printing Office Goal: Generate an extensive set of descriptors for a targeted search of documents and capability test of performer solutions. PDF Version 1.4 Digital Signature False Method: Using the python wrapper for Apache Tika, a Java-based Creator Tool content detection and analysis framework. ACOMP.exe WinVer 1b43 jul 14 2003 Why Tika: Capable of extracting metadata and content for 1400 file Producer Acrobat Distiller 4.0 formats. for Windows Outcomes: Application Type PDF - Successfully scanned and generated the following descriptors (in Number of Pages 4 the table) for the JPL workshop demo documents. Number of 3 Annotations Descriptors extracted using tika-annotate with example output jpl.nasa.gov

  25. Status: Extracting Features into AWS av-annotate - ClamAV Go(lang) Annotator JPL Abuse Malicious Emails Goal: develop a performant means of scanning and labeling (n=3128) documents for “malicious” documents against known signatures. Signature Count Method: use Go as a wrapper around the multi-threaded scanner Doc.Macro.MaliciousHeuristic 34 daemon, clamd → rapid scanning of thousands of files. -6329080-0 Why ClamAV: benchmark of a currently-standard tool, another point of Win.Trojan.Agent-5440575-0 26 comparison for SafeDocs parsers and a helpful document annotation. Documents in Paper Corpus Outcomes: (n=~20000) - Works well against a set of malicious JPL emails used as part of the DARPA ASED program (many positive detections). Signature Count - Small amount of positive detections against GovDocs and JPL Pdf.Exploit.CVE_2018_4882- 1 workshop demo documents (little positive detections). 6449963-0 - We need SafeDocs parsers! jpl.nasa.gov

  26. Common Crawl WARC info jpl.nasa.gov

  27. Metadata extracted by Apache Tika jpl.nasa.gov

  28. PolyFile and QPDF keys (for now) jpl.nasa.gov

  29. Features, features and more features An oversimplification of structural hierarchy Use Text and metadata Rendering Interactivity Embedded XMP, XFA, JS, fonts, multimedia, Resources ICC profiles...and? Putting the objects together. Issues: orphaned Document Graph objects, infinite loops in references... 32 0 obj stream Object/Stream Where does the ...endstream... Parsing ...endstream... stream actually endobj end? 33 0 obj Tokenization ...32 0 R %comment 33 0 R Reference Token: “32 0 R” jpl.nasa.gov

  30. Visualizing Features with Kibana jpl.nasa.gov

  31. File types: Containers and embedded files jpl.nasa.gov

  32. PDF Version by Created Date jpl.nasa.gov

  33. Creator tools by year jpl.nasa.gov

  34. Detected Languages Govdocs1 Common Crawl jpl.nasa.gov

  35. Histogram of Out of Vocabulary (OOV) % jpl.nasa.gov

  36. Sort by OOV% descending jpl.nasa.gov

  37. Significant Terms -- What Keys Appear More Frequently in Version 1.7 vs 1.6 jpl.nasa.gov

  38. Next Steps Corpora “Publish” issue tracker PDFs Features More tools, more commandline options Analysis and visualization Correlations, clustering of features and visualizations Long term Corpus minimization (cmin) (thank you, John Kansky) jpl.nasa.gov

  39. Questions/Discussion Thank you! • Contact info: • timothy.b.allison@jpl.nasa.gov (@_tallison) • vconstan@jpl.nasa.gov • jpl.nasa.gov

  40. jpl.nasa.gov

  41. Extras jpl.nasa.gov

  42. Features, features and more features An oversimplification of structural hierarchy Use Text and metadata Rendering Interactivity Embedded XMP, XFA, JS, fonts, multimedia, Resources ICC profiles...and? Putting the objects together. Issues: orphaned Document Tree objects, infinite loops in references... 32 0 obj stream Object/Stream Where does the ...endstream... Parsing ...endstream... stream actually endobj end? 33 0 obj Tokenization ...32 0 R %comment 33 0 R Reference Token: “32 0 R” jpl.nasa.gov

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Building system-wide capacity to reach those in need of interven8on A collabora)ve partnership

Building system-wide capacity to reach those in need of interven8on A collabora)ve partnership

Building system-wide capacity to reach those in need of interven8on A collabora)ve partnership approach to understanding uptake and sustainability of physical ac)vity promo)on in a statewide and na)onal system. SAMANTHA HARDEN, PHD ASSISTANT

409 views • 20 slides
Building a Predictive Parser I.e., How to build the parse table for a recursive-descent parser 1

Building a Predictive Parser I.e., How to build the parse table for a recursive-descent parser 1

Building a Predictive Parser I.e., How to build the parse table for a recursive-descent parser 1 Last Time: Intro LL(1) Predictive Parser Predict the parse tree top-down Parser structure 1 token of lookahead A stack tracking the

519 views • 37 slides
A Statistical Parser for Hindi Corpus-Based Natural Language Processing Workshop December 17-31,

A Statistical Parser for Hindi Corpus-Based Natural Language Processing Workshop December 17-31,

A Statistical Parser for Hindi Corpus-Based Natural Language Processing Workshop December 17-31, 2001 AU-KBC Center, Madras Institute of Technology Pranjali Kanade T. Papi Reddy Mona Parakh Vivek Mehta Anoop Sarkar 1

592 views • 27 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
Parser Evaluation over Local and Non-Local Deep Dependencies in a Large Corpus Emily M. Bender

Parser Evaluation over Local and Non-Local Deep Dependencies in a Large Corpus Emily M. Bender

Parser Evaluation over Local and Non-Local Deep Dependencies in a Large Corpus Emily M. Bender , Dan Flickinger , Stephan Oepen , and Yi Zhang Department of Linguistics, University of Washington CSLI, Stanford University

436 views • 40 slides
Development*Process*for*Secure* So2ware Development Processes ( Lecture outline ) Emphasis on

Development*Process*for*Secure* So2ware Development Processes ( Lecture outline ) Emphasis on

Development*Process*for*Secure* So2ware Development Processes ( Lecture outline ) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development Lifecycle

598 views • 34 slides
Building a Literate Parser and Proxy for DNP3 Sven M.

Building a Literate Parser and Proxy for DNP3 Sven M.

Building a Literate Parser and Proxy for DNP3 Sven M. Hallberg, Sergey Bratus, Adam Crain Outline Parsers, security, and the

368 views • 33 slides
Building a Web-Scale Dependency-Parsed Corpus from Common Crawl Introduction May 10, 2018

Building a Web-Scale Dependency-Parsed Corpus from Common Crawl Introduction May 10, 2018

Alexander Panchenko, Eugen Ruppert, Stefano Faralli, Simone Paolo Ponzetto, and Chris Biemann Building a Web-Scale Dependency-Parsed Corpus from Common Crawl Introduction May 10, 2018 Building a Web-Scale Dependency-Parsed Corpus from Common

596 views • 44 slides
7. Building Compilers with Coco/R 7.1 Overview 7.2 Scanner Specification 7.3 Parser

7. Building Compilers with Coco/R 7.1 Overview 7.2 Scanner Specification 7.3 Parser

7. Building Compilers with Coco/R 7.1 Overview 7.2 Scanner Specification 7.3 Parser Specification 7.4 Error Handling 7.5 LL(1) Conflicts 7.6 Example 1 Coco/R - Compiler Compiler / Recursive Descent Generates a scanner and a parser from an

884 views • 39 slides
Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka , Hongyi Hu, Bryan Eastes, and Michelle L. Mazurek 12 Aug 2018 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE

565 views • 39 slides
NFOCC Building Standards Reach Codes January 23, 2020 1 Topic Outline What are Reach

NFOCC Building Standards Reach Codes January 23, 2020 1 Topic Outline What are Reach

NFOCC Building Standards Reach Codes January 23, 2020 1 Topic Outline What are Reach Codes? Context Focus Areas Benefits Policy for Consideration Countywide Progress Timeline and Next Steps 2 Drivers of

478 views • 18 slides
Building world-class security response and secure development processes David Jorm, Senior

Building world-class security response and secure development processes David Jorm, Senior

Building world-class security response and secure development processes David Jorm, Senior Manager of Product Security, IIX #ODSummit Outline Introductjon SDN atuack surface Recent OpenDaylight vulnerabilitjes Defensive

615 views • 38 slides
https://bazel.build/ Inputs /usr/bin/cc Action Outputs ./parser.h cc -I. -c parser.c -o

https://bazel.build/ Inputs /usr/bin/cc Action Outputs ./parser.h cc -I. -c parser.c -o

https://bazel.build/ Inputs /usr/bin/cc Action Outputs ./parser.h cc -I. -c parser.c -o parser.o ./parser.o ./parser.c Inputs /usr/bin/cc Action Outputs ./parser.h cc -I. -c parser.c -o parser.o ./parser.o ./parser.c Workspace

206 views • 19 slides
Montc lair BOE Distr ic t Wide Impr ove me nts AGE NDA Distric t Wide Building Ma so

Montc lair BOE Distr ic t Wide Impr ove me nts AGE NDA Distric t Wide Building Ma so

Montc lair BOE Distr ic t Wide Impr ove me nts AGE NDA Distric t Wide Building Ma so nry I mpro ve me nts 2020 Ca pita l I mpro ve me nts Buzz Aldrin Middle Sc ho o l Sta ir Re pla c e me nt 3 BUIL DING MASONRY- PROJE CT

481 views • 11 slides
Building less than 18' wide 1. Many of the rooms within the 1 1 castle are inaccessible due to

Building less than 18' wide 1. Many of the rooms within the 1 1 castle are inaccessible due to

1 1 tight bend in building configuration makes interior plan layout difficult. Building less than 18' wide 1. Many of the rooms within the 1 1 castle are inaccessible due to changes in level and the need to ascend stairs before arriving

334 views • 8 slides
The development of corpus linguis4cs in Chinese context

The development of corpus linguis4cs in Chinese context

The development of corpus linguis4cs in Chinese context Richard Xiao An overview Taking a historical approach to the development of CCL, where

453 views • 42 slides
Prefetching Hyperlinks Prefetching Methods Prefetching Uncacheable/Dynamic Data

Prefetching Hyperlinks Prefetching Methods Prefetching Uncacheable/Dynamic Data

Prefetching Hyperlinks Prefetching Methods Prefetching Uncacheable/Dynamic Data Effect on Network Load Prefetching and the Wireless World Wide Web Privacy Concerns Additional References February 22, 2000 1

436 views • 15 slides
IPMS: IP Managment From IP Design To Delivery up to Royalty Reporting Gabrile Saucier Design

IPMS: IP Managment From IP Design To Delivery up to Royalty Reporting Gabrile Saucier Design

IPMS: IP Managment From IP Design To Delivery up to Royalty Reporting Gabrile Saucier Design and Reuse Outline History and Innovaton IP Provider :Do you deliver IP to the market ? Enhance your productvity Case Study 1: IP

1.41k views • 26 slides
Open Informa,on Models for an Interoperable Internet Of Things

Open Informa,on Models for an Interoperable Internet Of Things

Open Informa,on Models for an Interoperable Internet Of Things Michael Koster The Goal: Web Scale Interoperability IoT is connec,ng so>ware to the

229 views • 9 slides
t rt Ps r t

t rt Ps r t

t rt Ps r t tr s Pttr t s Pttr

1.38k views • 126 slides
Distributed Workflows with Flowy EuroPython 2015 Sever Banesiu @severb Overview 1. Distributed

Distributed Workflows with Flowy EuroPython 2015 Sever Banesiu @severb Overview 1. Distributed

Distributed Workflows with Flowy EuroPython 2015 Sever Banesiu @severb Overview 1. Distributed Workflows 2. Code + Demo 3. Workflow Engine 4. Execution Model 5. More Examples 6. Scaling EuroPython 2015 Sever Banesiu @severb What is a

518 views • 31 slides
Team Members Didier D Salem, CEO of IDinc www.internationaldevelopers.net Experience: 20+

Team Members Didier D Salem, CEO of IDinc www.internationaldevelopers.net Experience: 20+

Reporting Patient Safety Events Challenge Team Members Didier D Salem, CEO of IDinc www.internationaldevelopers.net Experience: 20+ years of experience in software development Organization: Founded in 2002, IDinc develops and supports Patient

513 views • 5 slides
Course Content Principles of Knowledge Introduction to Data Mining Discovery in Data

Course Content Principles of Knowledge Introduction to Data Mining Discovery in Data

Course Content Principles of Knowledge Introduction to Data Mining Discovery in Data Data warehousing and OLAP Data cleaning Fall 2004 Data mining operations Chapter 9: Web Mining Data summarization

582 views • 30 slides
Applications! Where we are in the Course Applicatjon layer protocols are ofuen part of

Applications! Where we are in the Course Applicatjon layer protocols are ofuen part of

Applications! Where we are in the Course Applicatjon layer protocols are ofuen part of app But dont need a GUI, e.g., DNS Applicatjon Transport Network Link Physical CSEP 561 University of Washington 2 Recall

1.22k views • 99 slides

More recommend