Computer Science > Cryptography and Security
[Submitted on 8 Nov 2018 (v1), revised 26 Feb 2019 (this version, v2), latest version 26 Aug 2019 (v3)]
Title:Ad-versarial: Perceptual Ad-Blocking meets Adversarial Machine Learning
View PDFAbstract:Perceptual ad-blocking is a novel approach that detects online advertisements using visual cues. Compared to traditional filter lists, perceptual ad-blocking is believed to be less prone to an arms race with web publishers and ad networks. In this work, we use techniques from adversarial machine learning to demonstrate that this may not be the case. We show that perceptual ad-blocking engenders a new arms race that likely disfavors ad-blockers. Unexpectedly, perceptual ad-blocking can also introduce new vulnerabilities that let an attacker bypass web security boundaries and mount DDoS attacks. We first analyze the design space of perceptual ad-blockers and present a unified architecture that incorporates prior academic and commercial work. We then explore a variety of attacks on the ad-blocker's visual detection pipeline, that enable publishers or ad networks to evade or detect ad-blocking, and at times even abuse its high privilege level to bypass web security boundaries. Our attacks exploit the unreasonably strong threat model that perceptual ad-blockers must resist. Finally, we present a concrete set of attacks on an ad-blocker's internal ad-classifier by constructing adversarial examples in a real Web page context. For six ad-detection techniques, we create perturbed ads, perturbed ad-disclosure logos, and native web content that misleads perceptual ad-blocking with 100% success rates. In one of our attacks, we demonstrate how a malicious user can upload adversarial content, such as a perturbed image in a Facebook post, that fools the ad-blocker into removing another users' non-ad content. Moving beyond the Web and visual domain, we also build adversarial examples for AdblockRadio, an open source radio client that uses machine learning to detects ads in raw audio.
Submission history
From: Florian Tramèr [view email][v1] Thu, 8 Nov 2018 00:20:12 UTC (8,531 KB)
[v2] Tue, 26 Feb 2019 09:02:47 UTC (7,942 KB)
[v3] Mon, 26 Aug 2019 10:27:39 UTC (8,413 KB)
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.