don t use computer vision for web security
play

Dont Use Computer Vision For Web Security Florian Tramr CV-COPS - PowerPoint PPT Presentation

Apr 12, 2023 •318 likes •549 views

Dont Use Computer Vision For Web Security Florian Tramr CV-COPS August 28 th 2020 Computer Vision For Web Security (Most) users ingest web content visually Detection of undesirable content can (partially) be framed as a computer vision

  1. Don’t Use Computer Vision For Web Security Florian Tramèr CV-COPS August 28 th 2020

  2. Computer Vision For Web Security (Most) users ingest web content visually Detection of undesirable content can (partially) be framed as a computer vision problem Content takedown Anti Phishing Ad-blocking “Does this webpage look “Is this a video of a “Is this image an ad?” similar to Google.com?” terrorist attack” 2

  3. Act I Don’t Use Computer Vision For Client-Side Web Security ML model is run on the user’s machine 3

  4. An illustrative example: Ad-Blocking “AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning” (with Pascal Dupré, Gili Rusak, Giancarlo Pellegrino and Dan Boneh) ACM CCS 2019, https://arxiv.org/abs/1811.03194 4

  5. Why use CV for Ad-Blocking? Humans should be able to recognize ads 5

  6. Why use CV for Ad-Blocking? Detecting ad-disclosures programmatically is hard! 6

  7. Perceptual Ad-Blocking Ad Highlighter [Storey et al., 2017] > Traditional vision techniques (image hash, OCR) Sentinel by Adblock Plus [Paraska, 2018] > Locates ads in screenshots using neural networks Percival by Brave [Din et al., 2019] > CNN embedded in Chromium’s rendering pipeline 7

  8. The Problem: Adversarial Examples Biggio et al. 2014, Szegedy et al. 2014, Goodfellow et al. 2015, ... 8

  9. How Secure is Perceptual Ad-Blocking? 9

  10. How (in)-Secure is Perceptual Ad-Blocking? … so that Tom’s post Jerry uploads gets blocked malicious content … 10

  11. Attacking Perceptual Ad-Blocking How? Adversarial Examples (aka gradient descent) > Nothing too special here Why? Ad-blocking is the perfect threat model for adversarial examples > This is the cool part! 11

  12. The Adversarial Examples Threat Model 1. (There’s an adversary) 2. Adv. cannot change the distribution of inputs > Otherwise, Adv could just use a “test-set attack” (Gilmer et al. 2018) 3. Adv. can only use “small” perturbations > Otherwise, Adv could just change the class semantics 4. Adv. has access to model weights or query API 12

  13. The Adversarial Examples Threat Model 1. There’s an adversary 2. Adv. cannot change the distribution of inputs 3. Adv. can only use “small” perturbations 4. Adv. has access to model weights or query API Challenge: find a setting where this threat model is realistic 13

  14. The Ad-Blocking Threat Model 1. There’s an adversary > Web publishers, ad-networks have financial incentive to evade ad-blocking 2. Adv. cannot change the distribution of inputs > Ad campaigns are meticulously designed to maximize user engagement 3. Adv. can only use “small” perturbations > Website users should be unaffected and still click on ads! 4. Adv. has access to model weights or query API > Ad-blocker is run client-side so the model weights are public New challenge: find a setting other than ad-blocking where this threat model is realistic 14

  15. Client-Side Web-Security is Hard Near-impossible to resist dynamic/adaptive attacks True beyond ad-blocking: > Don’t do client-side visual anti-phishing! True beyond computer vision: > Don’t use client-side ML models to detect spam or malware 15

  16. So What Can We Do? 1. Client-side black-lists: > Signatures of known malware > List of known phishing domains (e.g., Google safe browsing) > Ad-blocking filter lists 2. Server-side ML: Efficiency > Real-time spam & malware detection > More features Content takedown > What about computer-vision? “Security by obscurity” 16

  17. Act II Computer Vision In Server-Side Web Security: A Privacy Nightmare 17

  18. The Problem Server-side ML = Server-side Data 18

  19. Privacy vs Security: Choose One Does content-security warrant sharing our... • Emails? > It seems so • Downloaded apps? > Google / Apple / ... already know this anyway • Website screenshots for ad-blocking or anti-phishing? > That seems excessive... 19

  20. Screenshot Sharing For Security is a Thing! source: https://www.phish.ai/ 20

  21. Some Research Questions Is visual anti-phishing secure? > Can computer vision achieve low-enough false positives? > Do phishing websites have to look similar to legitimate websites? > Automated black-box attacks? Is it private? > Can browser extensions be tricked into screenshotting sensitive data? > Can this data be extracted from trained neural nets? 21

  22. Conclusion 1. Don’t Use Computer Vision Machine Learning For Client-Side Web Security “In fact, it’s better if you don’t use ML at all” 2. Don’t collect screenshots from my browser! Þ Don’t Use Computer Vision For Web Security Questions? tramer@cs.stanford.edu 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS262: Computer Vision (and Human-Computer Interaction) John Magee 1 Computer Vision How are

CS262: Computer Vision (and Human-Computer Interaction) John Magee 1 Computer Vision How are

CS262: Computer Vision (and Human-Computer Interaction) John Magee 1 Computer Vision How are Computer Graphics and Computer Vision Related? Computer graphics in general Description of scene Visual representation (Image) Computer Vision

369 views • 9 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Computer Vision Neurobio 230 Bill Lotter Exciting time: Neuroscience computer vision

Computer Vision Neurobio 230 Bill Lotter Exciting time: Neuroscience computer vision

Computer Vision Neurobio 230 Bill Lotter Exciting time: Neuroscience computer vision -Traditionally: computer vision relied on hand crafted features -Today: Deep Learning -loosely based on how the brain does computations -most of

555 views • 21 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introductions Computer Vision Automatic understanding of images and video Instructor :

Introductions Computer Vision Automatic understanding of images and video Instructor :

CS 376 Computer Vision : Lecture 1 What is computer vision? Computer Vision Jan 18, 2018 Done? Kristen Grauman, University of Texas at Austin Introductions Computer Vision Automatic understanding of images and video Instructor : 1.

250 views • 11 slides
A Computer Vision Sampler COMPSCI 527 Today: Introduction to computer vision Course

A Computer Vision Sampler COMPSCI 527 Today: Introduction to computer vision Course

A Computer Vision Sampler COMPSCI 527 Today: Introduction to computer vision Course logistics Sameer Agarwal et al CACM 2011 Benfold and Reid CVPR 2011 Apple Computers 2010 Tian Lan et al ICCV 2013 [slide idea by Fei-Fei Li] Detect:

374 views • 15 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Computer Vision Introduction Historical context Connections to other disciplines Vision and

Computer Vision Introduction Historical context Connections to other disciplines Vision and

Computer Vision Introduction Historical context Connections to other disciplines Vision and Graphics Dual aspect of vision: analysis and synthesis Applications of computer vision Applications of computer vision Historical context Machine

630 views • 45 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Vision Computer Vision How does vision work? What is vision for? Ela Claridge

Computer Vision Computer Vision How does vision work? What is vision for? Ela Claridge

Computer Vision Computer Vision How does vision work? What is vision for? Ela Claridge Can we trust vision? E.Claridge@cs.bham.ac.uk Studying vision www.cs.bham.ac.uk/~exc Computer vision The eye How does vision work?

297 views • 11 slides
CS4495/6495 Introduction to Computer Vision 1A-L1 Introduction Outline What is computer

CS4495/6495 Introduction to Computer Vision 1A-L1 Introduction Outline What is computer

CS4495/6495 Introduction to Computer Vision 1A-L1 Introduction Outline What is computer vision? State of the art Why is this hard? Course overview Software Why study Computer Vision? Images (and movies) have become

1.01k views • 52 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Thomas Wood Computer vision and data science consultant www.fastdatascience.com Past projects

Thomas Wood Computer vision and data science consultant www.fastdatascience.com Past projects

Thomas Wood Computer vision and data science consultant www.fastdatascience.com Past projects in computer vision Face recognition Pharma pill bottle detection Biometric security Fingerprint recognition Face recognition

536 views • 7 slides
Camera Calibration COMPSCI 527 Computer Vision COMPSCI 527 Computer Vision Camera

Camera Calibration COMPSCI 527 Computer Vision COMPSCI 527 Computer Vision Camera

Camera Calibration COMPSCI 527 Computer Vision COMPSCI 527 Computer Vision Camera Calibration 1 / 12 Outline 1 General Ideas 2 A Camera Model 3 Parameter Optimization 4 Lab Setup and Imaging COMPSCI 527 Computer Vision Camera

343 views • 12 slides
Computer Vision/Graphics -- Dr. Chandra Kambhamettu for SIGNEWGRAD 11/24/04 Computer Vision :

Computer Vision/Graphics -- Dr. Chandra Kambhamettu for SIGNEWGRAD 11/24/04 Computer Vision :

Computer Vision/Graphics -- Dr. Chandra Kambhamettu for SIGNEWGRAD 11/24/04 Computer Vision : Understanding of images Computer Graphics : Creation of images Courses offered: CISC4/640, CISC4/689, CISC849, CISC890 Video/Image

944 views • 52 slides
Validation of the Nuclear Data Evaluation Code CONRAD WONDER 2012 | Olivier LITAIZE 1 , Pascal

Validation of the Nuclear Data Evaluation Code CONRAD WONDER 2012 | Olivier LITAIZE 1 , Pascal

Validation of the Nuclear Data Evaluation Code CONRAD WONDER 2012 | Olivier LITAIZE 1 , Pascal ARCHIER 1 , Bjorn BECKER 2 , Peter SCHILLEBEECKX 2 1 CEA, DEN-Cadarache, F-13108 Saint-Paul-lez-Durance, France 2 EC-JRC-IRMM, Retieseweg 111, B-2440

592 views • 22 slides
Choices and Intervals P ASCAL M AILLARD (Weizmann Institute of Science) AofA, Paris, June 17, 2014

Choices and Intervals P ASCAL M AILLARD (Weizmann Institute of Science) AofA, Paris, June 17, 2014

Choices and Intervals P ASCAL M AILLARD (Weizmann Institute of Science) AofA, Paris, June 17, 2014 joint work with E LLIOT P AQUETTE (Weizmann Institute of Science) P ASCAL M AILLARD Choices and Intervals 1 / 13 Related models Random

277 views • 24 slides
On trees invariant under edge contraction Pascal Maillard (Universit Paris-Sud) based on joint

On trees invariant under edge contraction Pascal Maillard (Universit Paris-Sud) based on joint

On trees invariant under edge contraction Pascal Maillard (Universit Paris-Sud) based on joint work with Olivier Hnard (Universit Paris-Sud) ETH Zrich, Sept 23, 2015 Pascal Maillard On trees invariant under edge contraction 1 / 25

1.38k views • 53 slides
IATA's New Distribution Capability April 13, 2017 12 pm EDT www.thecompanydime.com

IATA's New Distribution Capability April 13, 2017 12 pm EDT www.thecompanydime.com

IATA's New Distribution Capability April 13, 2017 12 pm EDT www.thecompanydime.com Questions? Click the chat icon at right or email us: team@thecompanydime.com Hosts Jay Campbell The Company Dime Journalist, Co-Founder David Jonas The

415 views • 10 slides
NC-CELL: Network Coding-based Content Distribution in Cellular Networks for Cloud Applications

NC-CELL: Network Coding-based Content Distribution in Cellular Networks for Cloud Applications

IEEE GLOBECOM 2014 NC-CELL: Network Coding-based Content Distribution in Cellular Networks for Cloud Applications Claudio Fiandrino University of Luxembourg Dzmitry Kliazovich Pascal Bouvry Albert Y. Zomaya University of Sydney December

498 views • 18 slides
Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py

Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py

Py SPP attack Improving on the attack Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py SPP attack Improving on the attack Py eSTREAM entrant by Eli Biham and Jennifer Seberry Fast in

870 views • 38 slides
CSE 341 Lecture 7 anonymous functions; composition of functions Ullman 5.1.3, 5.6 slides

CSE 341 Lecture 7 anonymous functions; composition of functions Ullman 5.1.3, 5.6 slides

CSE 341 Lecture 7 anonymous functions; composition of functions Ullman 5.1.3, 5.6 slides created by Marty Stepp http://www.cs.washington.edu/341/ Review: operator -- Define an operator min -- max that will produce a list of the integers in

429 views • 13 slides
Arrays, ArrayLists, Wrapper Classes, Auto-boxing, Enhanced for loop, Array Copying Check out

Arrays, ArrayLists, Wrapper Classes, Auto-boxing, Enhanced for loop, Array Copying Check out

Arrays, ArrayLists, Wrapper Classes, Auto-boxing, Enhanced for loop, Array Copying Check out ArraysListsAnd2D from SVN Reading Pascal's Triangle Assignment Anything else? Thursday, Jan 8 (See schedule page!) Topics from Big

542 views • 21 slides

More recommend