breaking captchas on the dark web
play

Breaking CAPTCHAs on the Dark Web Using neural networks to enable - PowerPoint PPT Presentation

Jul 22, 2023 •395 likes •972 views

Breaking CAPTCHAs on the Dark Web Using neural networks to enable scraping RP #62, Kevin Csuka & Dirk Gaastra Supervisor: Yonne de Bruijn, Fox-IT 6 February, 2018 University of Amsterdam Introduction Scraping the Dark Web Useful for

  1. Breaking CAPTCHAs on the Dark Web Using neural networks to enable scraping RP #62, Kevin Csuka & Dirk Gaastra Supervisor: Yonne de Bruijn, Fox-IT 6 February, 2018 University of Amsterdam

  2. Introduction

  3. Scraping the Dark Web Useful for threat intelligence companies 1

  4. Scraping the Dark Web Useful for threat intelligence companies ... sometimes hard to get to. 1

  5. Scraping the Dark Web Useful for threat intelligence companies ... sometimes hard to get to. Mainly the blockades, such as CAPTCHAs, is an issue for the scrapers. 1

  6. CAPTCHA Figure 1: CAPTCHA example • Completely Automated Public Turing test to tell Computer and Humans Apart 2

  7. CAPTCHA Figure 1: CAPTCHA example • Completely Automated Public Turing test to tell Computer and Humans Apart • Test to determine whether the user is human or not 2

  8. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? 3

  9. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? Sub-questions: 1. Impact of solving CAPTCHAs 3

  10. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? Sub-questions: 1. Impact of solving CAPTCHAs 2. Solve CAPTCHAs by using Optical Character Recognition (OCR)? 3

  11. Main question How would a scraper be able to circumvent CAPTCHAs that prevent it from properly scraping dark web websites? Sub-questions: 1. Impact of solving CAPTCHAs 2. Solve CAPTCHAs by using Optical Character Recognition (OCR)? 3. Solving CAPTCHAs by using Machine Learning (ML) 3

  12. Related Work

  13. Related Work 1. Lawrence et al. created their own dark web scraping tool, D-miner; CAPTCHAs were solved by human labor [1] 4

  14. Related Work 1. Lawrence et al. created their own dark web scraping tool, D-miner; CAPTCHAs were solved by human labor [1] 2. Ryan Mitchell demonstrated how to solve CAPTCHAs using Optical Character Recognition with Tesseract [2] 4

  15. Related Work 1. Lawrence et al. created their own dark web scraping tool, D-miner; CAPTCHAs were solved by human labor [1] 2. Ryan Mitchell demonstrated how to solve CAPTCHAs using Optical Character Recognition with Tesseract [2] 3. Torch has previously been used to train a neural network to solve CAPTCHAs by Arun Patala [3] 4

  16. Methods

  17. Methods Two methods to solve the questions: 1. Categorizing dark web websites 2. Breaking CAPTCHAs 5

  18. 1. Categorizing websites 6

  19. 1. Categorizing websites Analysis of 633 dark web websites 6

  20. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? 6

  21. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? • Are there any duplicates? 6

  22. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? • Are there any duplicates? • Which ones block scraping? 6

  23. 1. Categorizing websites Analysis of 633 dark web websites • Which ones are up? • Are there any duplicates? • Which ones block scraping? • What kind of blockade are they using? 6

  24. 2. Breaking CAPTCHAs 7

  25. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 7

  26. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 7

  27. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 2. Exploiting bugs in the implementation that allow the attacker to bypass the CAPTCHA 7

  28. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 2. Exploiting bugs in the implementation that allow the attacker to bypass the CAPTCHA 3. Character recognition software to solve the CAPTCHA 7

  29. 2. Breaking CAPTCHAs There are 3 common approaches to defeat CAPTCHAs: 1. Using a service which solves CAPTCHAs through human labor 2. Exploiting bugs in the implementation that allow the attacker to bypass the CAPTCHA 3. Character recognition software to solve the CAPTCHA 8

  30. 2. Breaking CAPTCHAs - Dataset Testing two common types of CAPTCHA: Figure 2: CAPTCHAs set 1, generated using PHP Figure 3: CAPTCHAs set 2, generated with Python 9

  31. 2. Breaking CAPTCHAs Figure 4: Training the neural network 10

  32. 2. Breaking CAPTCHAs Figure 5: Login web page with generated CAPTCHA 11

  33. 2. Breaking CAPTCHAs Figure 6: Workflow of solving CAPTCHA with TensorFlow via Scrapy 12

  34. Results

  35. 1. Categorizing websites 13

  36. 1. Categorizing websites Figure 7: Percentage of scraping blockade using CAPTCHAs (n = 465 ) 13

  37. 1. Categorizing websites Figure 8: Percentage of scraping blockades using CAPTCHAs (n = 465, n = 55) 14

  38. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract 15

  39. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract Figure 9: Success rate of Tesseract and TensorFlow (n = 1,000), higher is better 15

  40. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract Levenshtein distance : minimal edit distance to get the correct result [5] E.g. kitten to mitten = 1 16

  41. 2. Breaking CAPTCHAs - TensorFlow vs. Tesseract Levenshtein distance : minimal edit distance to get the correct result [5] E.g. kitten to mitten = 1 Figure 10: Combined Levenshtein distance, lower is better 16

  42. Conclusion

  43. Conclusion • Circumventing CAPTCHAs is necessary to scrape blocked parts of websites 17

  44. Conclusion • Circumventing CAPTCHAs is necessary to scrape blocked parts of websites • Machine Learning is most effective 17

  45. Conclusion • Circumventing CAPTCHAs is necessary to scrape blocked parts of websites • Machine Learning is most effective • However, if immediacy takes precedent over success rate and accuracy, then Tesseract (OCR) might be a better option 17

  46. Future Research

  47. Future Research A more granular analysis of dark web websites: 18

  48. Future Research A more granular analysis of dark web websites: • What content? 18

  49. Future Research A more granular analysis of dark web websites: • What content? • Any content hidden, due to lack of privileges? 18

  50. Future Research Increase readability for Tesseract by ”cleaning up” the image Figure 11: Removing noise from CAPTCHA [6] 19

  51. Future Research Achieve a more efficient training model, by using character segmentation Figure 12: CAPTCHA character segmentation [7] 20

  52. Future Research Try more CAPTCHAs: 21

  53. Future Research Try more CAPTCHAs: • Increased difficulty 21

  54. Future Research Try more CAPTCHAs: • Increased difficulty • If software to generate the CAPTCHAs, including the answers, is not available; send a training set to be solved by human labor. This costs money, $ 1,39 per 1,000 images [8] 21

  55. Questions ? 22

  56. References [1] Lawrence, H., Hughes, A., Tonic, R., & Zou, C. (2017, October). D-miner: A framework for mining, searching, visualizing, and alerting on darknet events. In Communications and Network Security (CNS), 2017 IEEE Conference on (pp. 1-9). IEEE. [2] Mitchell, R. (2015). Web scraping with Python: collecting data from the modern web. ” O’Reilly Media, Inc.”. [3] Arun Patala. https://deepmlblog.wordpress.com/2016/01/03/how- to-break-a-captcha-system/ [4]people.cs.pitt.edu [5]extremetech.com [6]ahm3dibrahim.wordpress.com [7] medium.com [8] http://www.deathbycaptcha.com/ 23

Recommend

Breaking e-Banking CAPTCHAs Shujun Li 1 , Syed Amier Haider Shah 2 , Muhammad Asad Usman Khan 2 ,

Breaking e-Banking CAPTCHAs Shujun Li 1 , Syed Amier Haider Shah 2 , Muhammad Asad Usman Khan 2 ,

ACSAC 26 Breaking e-Banking CAPTCHAs Shujun Li 1 , Syed Amier Haider Shah 2 , Muhammad Asad Usman Khan 2 , Syed Ali Khayam 2 , Ahmad-Reza Sadeghi 3 , Roland Schmitz 4 1 Zukunftskolleg, University of Konstanz, Germany 2 National University of

941 views • 39 slides
The art of breaking and designing captchas Elie Bursztein Session ID: HT02-402 Insert

The art of breaking and designing captchas Elie Bursztein Session ID: HT02-402 Insert

The art of breaking and designing captchas Elie Bursztein Session ID: HT02-402 Insert presenter logo here Session Classification: xxxxxxxxxxxx on slide master. See hidden slide 4 for direc6ons Insert presenter logo here on slide master.

2.36k views • 192 slides
EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic

EPL682 - PAPERS ---------- Re: CAPTCHAs Understanding CAPTCHA-Solving Services in an Economic Context I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs Antreas Dionysiou - Department of Computer Science University of Cyprus

867 views • 39 slides
THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING p.1/31 OUTLINE Introduction Higgs sector Tree-level masses EWSB and fine-tuning Supersymmetric spectrum Dark

361 views • 34 slides
Cosmological B L Breaking: (Dark) Matter & Gravitational Waves Wilfried Buchm uller

Cosmological B L Breaking: (Dark) Matter & Gravitational Waves Wilfried Buchm uller

Cosmological B L Breaking: (Dark) Matter & Gravitational Waves Wilfried Buchm uller DESY, Hamburg with Valerie Domcke, Kai Schmitz & Kohei Kamada 1202.6679; 1203.0285, 1210.4105, 1305.3392 GGI, Florence, June 2013 I. B L

508 views • 26 slides
Axion as a Dark matter 20195513 Minsang Yu 1 Contents 1. Spontaneous Symmetry Breaking (SSB) U

Axion as a Dark matter 20195513 Minsang Yu 1 Contents 1. Spontaneous Symmetry Breaking (SSB) U

Axion as a Dark matter 20195513 Minsang Yu 1 Contents 1. Spontaneous Symmetry Breaking (SSB) U 1 A problem 2. 3. Strong CP problem 4. Axion Search 5. Summary 2 1. Spontaneous Symmetry Breaking (SSB) Consider a simple Lagrangian for

492 views • 30 slides
Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software

Reverse Engineering CAPTCHAs WCRE 2008 Reverse Engineering CAPTCHAs Abram Hindle, Micheal W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton School of Computer Science University of Waterloo Canada

726 views • 57 slides
Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental

Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental

Chirality and cosmology Marc Kamionkowski Johns Hopkins University The gist Fundamental interactions are parity breaking maybe parity breaking is manifest in new cosmological physics (inflation, dark matter, dark energy, baryogenesis) as

551 views • 37 slides
Animated Captchas And Games For Advertising Suhas Aggarwal IIT Guwahati May 2013 1 Content

Animated Captchas And Games For Advertising Suhas Aggarwal IIT Guwahati May 2013 1 Content

Animated Captchas And Games For Advertising Suhas Aggarwal IIT Guwahati May 2013 1 Content How Captchas and Games can help in Advertising Animation Captcha Systems and their Special Benefit in Advertising Visual Effects Captcha,

820 views • 26 slides
R-Partity Breaking via Type II Seesaw, Gravitino Dark Matter and Positron Excess Shao-Long Chen

R-Partity Breaking via Type II Seesaw, Gravitino Dark Matter and Positron Excess Shao-Long Chen

R-Partity Breaking via Type II Seesaw, Gravitino Dark Matter and Positron Excess Shao-Long Chen University of Maryland Pheno 2009 Based on arXiv:0903.2562 in collaboration with R. N. Mohapatra, S. Nussinov and Yue Zhang Pheno 2009 p.1/18

542 views • 18 slides
Something about audio CAPTCHAs Elie Bursztein, Romain Bauxis, Daniele Perito, Hristo Paskov,

Something about audio CAPTCHAs Elie Bursztein, Romain Bauxis, Daniele Perito, Hristo Paskov,

Something about audio CAPTCHAs Elie Bursztein, Romain Bauxis, Daniele Perito, Hristo Paskov, Celine Fabry, John Mitchell 1 Elie Bursztein (@elie) http://ly.tl/p18 The Failure of Noise-Based Non-Continuous Audio Captchas Elie Bursztein

729 views • 45 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
How Good are Humans at Solving d r CAPTCHAs? A Large Scale Evaluation o f n a Elie

How Good are Humans at Solving d r CAPTCHAs? A Large Scale Evaluation o f n a Elie

b a L y t i r u c e S r e t u p m o C How Good are Humans at Solving d r CAPTCHAs? A Large Scale Evaluation o f n a Elie Bursztein, Steven Bethard, Celine Fabry, John t S Mitchell, Dan Jurafsky, http://ly.tl/p11 E.

1.2k views • 105 slides
Breaking Bad The dark secrets of web typography Dave Cramer / Hachette Book Group Dave Cramer

Breaking Bad The dark secrets of web typography Dave Cramer / Hachette Book Group Dave Cramer

Breaking Bad The dark secrets of web typography Dave Cramer / Hachette Book Group Dave Cramer Hachette Book Group @dauwhe W3C CSS Working Group W3C Publishing Working Group EPUB3 Community Group Web Design Paradigms 1. No design (HTML

652 views • 31 slides
UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante

UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante

UNDERSTANDING CAPTCHA The Need for CAPTCHAs To Prevent Abuse of Online Systems William Sembiante University of New Haven What is CAPTCHA? Term coined in 2000 at Carnegie Mellon by Luis von Ahn, Manuel Blum, Nicholas Harper, and John

576 views • 29 slides
Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and Dark Matter Modified Gravity Models and their observational implications Orfeu Bertolami Instituto Superior Tcnico Departamento de Fsica

610 views • 46 slides
CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*,

CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*,

CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*, Lior Gordon, Robert Langenberg, Michael Ltzow, Dominique Schrder* * TU Darmstadt, supported by DFG Emmy Noether Program October 7, 2010 | 1

573 views • 21 slides
Search for Dark Matter in the Lab. A personal bit of history OR from Dark MatterWhats

Search for Dark Matter in the Lab. A personal bit of history OR from Dark MatterWhats

Search for Dark Matter in the Lab. A personal bit of history OR from Dark MatterWhats that?? to Dark MatterWhat is it?? Transition was not easy Until mid-80s particle physicists never heard of DMand couldnt care less

424 views • 18 slides
A Simple Generic Attack on Text Captchas Haichang Gao (Xidian University), Jeff Yan (Lancaster

A Simple Generic Attack on Text Captchas Haichang Gao (Xidian University), Jeff Yan (Lancaster

A Simple Generic Attack on Text Captchas Haichang Gao (Xidian University), Jeff Yan (Lancaster University), Fang Cao, Zhengya Zhang, Lei Lei, Mengyun Tang, Ping Zhang, Xin Zhou, Xuqin Wang and Jiawei Li (Xidian University) Introduction CAPTCHA :

613 views • 26 slides
Text-based captchas strengths and weakness Elie Bursztein, Matthieu Martin, John Mitchell

Text-based captchas strengths and weakness Elie Bursztein, Matthieu Martin, John Mitchell

Text-based captchas strengths and weakness Elie Bursztein, Matthieu Martin, John Mitchell Stanford University 1 About this Research Presenter: Elie Bursztein (http://elie.im) Conference: ACM CCS 2011 Slides and paper freely

1.56k views • 110 slides
Idea: why not directly couple dark energy and dark matter? Ein eqn : G = 8 GT

Idea: why not directly couple dark energy and dark matter? Ein eqn : G = 8 GT

Interacting Dark Energy [Kodama & Sasaki (1985), Wetterich (1995), Amendola (2000) + many others ] Idea: why not directly couple dark energy and dark matter? Ein eqn : G = 8 GT General covariance : G = 0

537 views • 27 slides
Beyond Dark Matter and Dark Energy Sean Carroll Beyond Dark Matter and Dark Energy Sean Carroll,

Beyond Dark Matter and Dark Energy Sean Carroll Beyond Dark Matter and Dark Energy Sean Carroll,

Beyond Dark Matter and Dark Energy Sean Carroll Beyond Dark Matter and Dark Energy Sean Carroll, Caltech 70% dark energy We think that 95% of the universe is dark. But what if gravity is tricking us? 5% ordinary 25% dark matter matter

632 views • 47 slides
DARK MATTER IN DSPH Paolo Salucci (& G. Gilmore) SISSA (Oxford) Outline of the Review Dark

DARK MATTER IN DSPH Paolo Salucci (& G. Gilmore) SISSA (Oxford) Outline of the Review Dark

DARK MATTER IN DSPH Paolo Salucci (& G. Gilmore) SISSA (Oxford) Outline of the Review Dark Matter is main protagonist in the Universe The concept of Dark Matter in virialized objects Dark Matter in Spirals, Ellipticals, dSphs Dark and

551 views • 28 slides
Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD Breaking down iD 15% Rendering Painting 21% Javascript 64% HTML A sample of what iD is doing behind the scenes Breaking down JS 13% Draw Vector

426 views • 27 slides

More recommend