PURL: Safe and Effective Sanitization of Link Decoration

• URL: http://arxiv.org/abs/2308.03417v2
• Date: Wed, 6 Mar 2024 09:58:49 GMT
• Title: PURL: Safe and Effective Sanitization of Link Decoration
• Authors: Shaoor Munir, Patrick Lee, Umar Iqbal, Zubair Shafiq, Sandra Siby
• Abstract summary: We present PURL, a machine-learning approach that leverages a cross-layer graph representation of webpage execution to safely and effectively sanitize link decoration. Our evaluation shows that PURL significantly outperforms existing countermeasures in terms of accuracy and reducing website breakage.
• Score: 20.03929841111819
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: While privacy-focused browsers have taken steps to block third-party cookies and mitigate browser fingerprinting, novel tracking techniques that can bypass existing countermeasures continue to emerge. Since trackers need to share information from the client-side to the server-side through link decoration regardless of the tracking technique they employ, a promising orthogonal approach is to detect and sanitize tracking information in decorated links. To this end, we present PURL (pronounced purel-l), a machine-learning approach that leverages a cross-layer graph representation of webpage execution to safely and effectively sanitize link decoration. Our evaluation shows that PURL significantly outperforms existing countermeasures in terms of accuracy and reducing website breakage while being robust to common evasion techniques. PURL's deployment on a sample of top-million websites shows that link decoration is abused for tracking on nearly three-quarters of the websites, often to share cookies, email addresses, and fingerprinting information.

Related papers

• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• CRATOR: a Dark Web Crawler [1.7224362150588657]
  This study proposes a general dark web crawler designed to extract pages handling security protocols, such as captchas. Our approach uses a combination of seed URL lists, link analysis, and scanning to discover new content.
  arXiv  Detail & Related papers  (2024-05-10T09:39:12Z)
• Characterizing Browser Fingerprinting and its Mitigations [0.0]
  This work explores one of these tracking techniques: browser fingerprinting. We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
  arXiv  Detail & Related papers  (2023-10-12T20:31:24Z)
• Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection [69.59980270078067]
  We explore the untargeted backdoor watermarking scheme, where the abnormal model behaviors are not deterministic. We also discuss how to use the proposed untargeted backdoor watermark for dataset ownership verification.
  arXiv  Detail & Related papers  (2022-09-27T12:56:56Z)
• Real-time Online Multi-Object Tracking in Compressed Domain [66.40326768209]
  Recent online Multi-Object Tracking (MOT) methods have achieved desirable tracking performance. Inspired by the fact that the adjacent frames are highly relevant and redundant, we divide the frames into key and non-key frames. Our tracker is about 6x faster while maintaining a comparable tracking performance.
  arXiv  Detail & Related papers  (2022-04-05T09:47:24Z)
• PhishMatch: A Layered Approach for Effective Detection of Phishing URLs [8.658596218544774]
  We present a layered anti-phishing defense, PhishMatch, which is robust, accurate, inexpensive, and client-side. A prototype plugin of PhishMatch, developed for the Chrome browser, was found to be fast and lightweight.
  arXiv  Detail & Related papers  (2021-12-04T03:21:29Z)
• Masked LARk: Masked Learning, Aggregation and Reporting worKflow [6.484847460164177]
  Many web advertising data flows involve passive cross-site tracking of users. Most browsers are moving towards removal of 3PC in subsequent browser iterations. We propose a new proposal, called Masked LARk, for aggregation of user engagement measurement and model training.
  arXiv  Detail & Related papers  (2021-10-27T21:59:37Z)
• Precise URL Phishing Detection Using Neural Networks [0.0]
  We present you with ways to detect such malicious URLs with state of art accuracy with neural networks. Different from previous works, where web content, URL or traffic statistics are examined, we analyse only the URL text. The network is optimised and can be used even on small devices such as Ras-Pi without a change in performance.
  arXiv  Detail & Related papers  (2021-10-26T05:55:53Z)
• Temporally-Transferable Perturbations: Efficient, One-Shot Adversarial Attacks for Online Visual Object Trackers [81.90113217334424]
  We propose a framework to generate a single temporally transferable adversarial perturbation from the object template image only. This perturbation can then be added to every search image, which comes at virtually no cost, and still, successfully fool the tracker.
  arXiv  Detail & Related papers  (2020-12-30T15:05:53Z)
• Learning Spatio-Appearance Memory Network for High-Performance Visual Tracking [79.80401607146987]
  Existing object tracking usually learns a bounding-box based template to match visual targets across frames, which cannot accurately learn a pixel-wise representation. This paper presents a novel segmentation-based tracking architecture, which is equipped with a local-temporal memory network to learn accurate-temporal correspondence.
  arXiv  Detail & Related papers  (2020-09-21T08:12:02Z)
• Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
  Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
  arXiv  Detail & Related papers  (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.