Jienan Liu scite author profile

In this paper, we present ChromePic, a web browser equipped with a novel forensic engine that aims to greatly enhance the browser's logging capabilities. ChromePic's main goal is to enable a fine-grained post-mortem reconstruction and trace-back of web attacks without incurring the high overhead of record-andreplay systems. In particular, we aim to enable the reconstruction of attacks that target users and have a significant visual component, such as social engineering and phishing attacks. To this end, ChromePic records a detailed snapshot of the state of a web page, including a screenshot of how the page is rendered and a "deep" DOM snapshot, at every significant interaction between the user and the page. If an attack is later suspected, these finegrained logs can be used to reconstruct the attack and trace back the sequence of steps the user followed to reach the attack page. We develop ChromePic by implementing several careful modifications and optimizations to the Chromium code base, to minimize overhead and make always-on logging practical. We then demonstrate that ChromePic can successfully capture and aid the reconstruction of attacks on users. Our evaluation includes the analysis of an in-the-wild social engineering download attack on Android, a phishing attack, and two different clickjacking attacks, as well as a user study aimed at accurately measuring the overhead introduced by our forensic engine. The experimental results show that browsing snapshots can be logged very efficiently, making the logging events practically unnoticeable to users. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

Applying Deep Learning to Combat Mass Robocalls

Pandit

Liu²,

Perdisci

et al. 2021

View full text Add to dashboard Cite

Cooperative Fraud Detection Model With Privacy-Preserving in Real CDR Datasets

2019

View full text Add to dashboard Cite

The researchers have shown broad concern about detection and recognition of fraudsters since telecommunication operators and the individual user are both suffering significant losses from fraud activities. Researchers have proposed various solutions to counter fraudulent activity. However, those methods may lose effectiveness in fraud detection because fraudsters always tend to cover their tracks by roaming among different telecommunication operators. What is more, due to the lack of real data, researchers have to do simulations in a virtual scenario, which makes their models and results less persuasive. In our previous paper, we proposed a novel strategy with high accuracy and security through cooperation among mobile telecommunication operators. In this manuscript, we will validate it in a real-world scenario using real Call Detail Records(CDR) data. We apply the Latent Dirichlet Allocation (LDA) model to profile users. Then we use a method based on Maximum Mean Discrepancy (MMD) to compare the distribution of samples to match roaming fraudsters. Cooperation between telecommunication operators may boost the accuracy of detection while the potential risk of privacy leakage exists. A strategy based on Differential Privacy(DP) is used to address this problem. We demonstrate that it can detect the fraudsters without revealing private data. Our model was validated using simulated dataset and showed its effectiveness. In this manuscript, experiments are performed on real CDRs data, and the result shows that our method has impressive performance in the real-world scenario as well.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jienan Liu

Wire and arc additive manufacturing of metal components: a review of recent research developments

Augmenting Telephone Spam Blacklists by Mining Large CDR Datasets

Enabling Reconstruction of Attacks on Users via Efficient Browsing Snapshots

Applying Deep Learning to Combat Mass Robocalls

Cooperative Fraud Detection Model With Privacy-Preserving in Real CDR Datasets

Contact Info

Product

Resources

About