1

Constrained Gradient Descent: A Powerful and Principled Evasion Attack Against Neural Networks

Minimal adversarial perturbations added to inputs have been shown to be effective at fooling deep neural networks. In this paper, we introduce several innovations that make white-box targeted attacks follow the intuition of the attacker's goal: to …

Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes

Motivated by the transformative impact of deep neural networks (DNNs) in various domains, researchers and anti-virus vendors have proposed DNNs for malware detection from raw bytes that do not require manual feature engineering. In this work, we …

How Risky Are Real Users' IFTTT Applets?

Smart-home devices are becoming increasingly ubiquitous and interconnected with other devices and services, such as phones, fitness trackers, cars, and social media accounts. Built-in connections between these services are still emerging, but …

A Field Study of Computer-Security Perceptions Using Anti-Virus Customer-Support Chats

Understanding users' perceptions of suspected computer-security problems can help us tailor technology to better protect users. To this end, we conducted a field study of users' perceptions using 189,272 problem descriptions sent to the …

Predicting Impending Exposure to Malicious Content from User Behavior

Many computer-security defenses are reactive---they operate only when security incidents take place, or immediately thereafter. Recent efforts have attempted to predict security incidents before they occur, to enable defenders to proactively protect …

Riding Out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting

Cross-site scripting (XSS) vulnerabilities are the most frequently reported web application vulnerability. As complex JavaScript applications become more widespread, DOM (Document Object Model) XSS vulnerabilities---a type of XSS vulnerability where …

Topics of Controversy: An Empirical Analysis of Web Censorship Lists

Studies of Internet censorship rely on an experimental technique called probing. From a client within each country under investigation, the experimenter attempts to access network resources that are suspected to be censored, and records what happens. …

Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior

Computer security tools usually provide universal solutions without taking user characteristics (origin, income level, ...) into account. In this paper, we test the validity of using such universal security defenses, with a particular focus on …

Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition

Machine learning is enabling a myriad innovations, including new algorithms for cancer diagnosis and self-driving cars. The broad use of machine learning makes it important to understand the extent to which machine-learning algorithms are subject to …

(Do Not) Track Me Sometimes: Users' Contextual Preferences for Web Tracking

Online trackers compile profiles on users for targeting ads, customizing websites, and selling users' information. In this paper, we report on the first detailed study of the perceived benefits and risks of tracking---and the reasons behind …