Learn about advanced techniques for detecting filter list evasion in web security through a 15-minute IEEE conference talk. Explore the concept of event-loop-turn granularity JavaScript signatures and their application in identifying evasion attempts. Dive into topics such as filter lists, PageGraph, signature generation using event loops, privacy-relevant aspects, and ground truth establishment. Examine evaluation methods, matched scripts, and various evasion techniques. Gain insights into the evasion taxonomy and potential future developments in this critical area of web security research.
Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures
Overview
Syllabus
Intro
What are Filter Lists?
Goal
Methodology
PageGraph (fingerprintjs2)
Signature Generation: Event Loop
Signature Generation: Extract Event Loop
Signature Generation: Privacy-Relevant
Signature Generation: Ground Truth
Signature Generation: Minimum Size
Evaluation
Ground-Truth Signatures
Scripts Matched by Signatures
Evasion Techniques (Revisited)
Evasion Taxonomy (Cont'd)
Future work
Taught by
IEEE Symposium on Security and Privacy
