Dazzle-attack: Supplementary Materials
Reliability of Dazzle-attack (Understanding the success rate of Dazzle-attack): 3 experiments
We conduct 3 experiments to show the reliability of Dazzle-attack instance. Specifically, we profile the following 5 websites for 20 days (from 2019-05-07 ~ 2019-05-27). Selected DOM elements and attack triggering keywords are noted as well.
Experiment 1
Fox News (https://www.foxnews.com/)
DOM Element: #wrapper > div > div.post-content > div:nth-child(3) > section.collection.collection-section.crime > div > div.article-list > article:nth-child(3) > div > header > h2
Attack triggering keywords: charged
Earthquake Track in Japan (https://earthquaketrack.com/p/japan/recent)
DOM Element: #content > div.tab-content.row.col-lg-12 > div > div > div.col-lg-5.col-sm-4 > ul > li:nth-child(1) > div
Attack triggering keywords: in namie, japan
Kimbell Museum (https://www.kimbellart.org/)
DOM Element: body > div > div.layout-container > main > div > div > div:nth-child(3) > div.region.region-content > div.block.block-system.block-system-main-block > div > div > div > div:nth-child(3) > div > div.event-teaser-text > h3
Attack triggering keywords: happy hour
Weather in New York (https://weather.com/weather/hourbyhour/l/New+York+City+NY?canonicalCityId=a701ee19c4ab71bbbe2f6ba2fe8c250913883e5ae9b8eee8b54f8efbdb3eec03)
DOM Element: #twc-scrollabe > table > tbody > tr:nth-child(15) > td.description
Attack triggering keywords: thunderstorm
Chrome Release Blog (https://chromereleases.googleblog.com/)
DOM Element: #Blog1 > div:nth-child(7) > div.post-footer > div.label-footer > span.labels > a:nth-child(1)
Attack triggering keywords: beta updates
The below 2 figures show how the attack triggering keywords are appearing during the profiling and simulation periods. In short, during the profiling period, it triggers once in 20 days (5/18/2019 ~ 6/17/2019). During the simulation period (20 days as well), it also shows up only once. This would be a typical configuration of Dazzle-attack that triggers an attack occasionally while maintaining its reliability. Moreover, we do not observe changes of DOM structures for all the websites and DOM elements chosen in this experiment.
Data from Profiling Period (5/7/2019 ~ 5/27/2019)
(Redline indicates when all the keywords from 5 websites are appearing together)
Data from Simulation Period (5/28/2019 ~ 6/17/2019)
(Redline indicates when all the keywords from 5 websites are appearing together)
Experiment 2
We profile the following 5 websites for 20 days (from 2019-05-07 ~ 2019-05-27). Selected DOM elements and attack triggering keywords are noted as well.
USA Today (https://www.usatoday.com/)
DOM Element: #module-position-7 > div:nth-child(1) > section.shpm-section.shpm-section-odd.shpm-section-money.js-section-money.js-llc > a:nth-child(4)
Attack triggering keywords: dow
TEDx Events (https://www.ted.com/tedx/events?autocomplete_filter=TEDxAthens)
DOM Element: #results > div.tedx-events-table > table > tbody > tr:nth-child(4) > td:nth-child(3)
Attack triggering keywords: united states
Tide in New York (https://www.tide-forecast.com/locations/New-York-New-York/tides/latest)
DOM Element: #post-22852 > section > div.next-tide > table > thead > tr > th
Attack triggering keywords: the tide right now is coming in
Moon Phases in New York (https://www.timeanddate.com/moon/phases/usa/new-york)
DOM Element: #bk-focus > div > div.three.columns.tc > p
Attack triggering keywords: waning
The Official Star Wars Website (https://www.starwars.com/)
DOM Element: #body-wrapper > main > main > section > ul > li:nth-child(8) > article > section.cb-content > h2 > a
Attack triggering keywords: phantom menace
The below 2 figures show how the attack triggering keywords are appearing during the profiling and simulation periods. In short, during the profiling period, it triggers once in 20 days (5/18/2019 ~ 6/17/2019). During the simulation period (20 days as well), it also shows up only once. This would be a typical configuration of Dazzle-attack that triggers an attack occasionally while maintaining its reliability. Moreover, we do not observe changes of DOM structures for all the websites and DOM elements chosen in this experiment.
Data from Profiling Period (5/7/2019 ~ 5/27/2019)
(Redline indicates when all the keywords from 5 websites are appearing together)
Data from Simulation Period (5/28/2019 ~ 6/17/2019)
(Redline indicates when all the keywords from 5 websites are appearing together)
Experiment 3
We profile the following 5 websites for 20 days (from 2019-05-07 ~ 2019-05-27). Selected DOM elements and attack triggering keywords are noted as well.
Trinity Church Boston (https://www.trinitychurchboston.org/)
DOM Element: #main-content > div > div > div > div.view-content > div > div > table > tbody > tr:nth-child(8) > td.single-day.today
Attack triggering keywords: eucharist
Oracle Arena (https://www.warriorscentral.com/arena/)
DOM Element: #list > div:nth-child(10) > div.info.clearfix > div.text_wrapper > h3
Attack triggering keywords: athletics
NASA – Image of the Day (https://www.nasa.gov/multimedia/imagegallery/iotd.html)
DOM Element: #landing-cards > div > div.col-sm-30p.col-xs-12.masonry-item.card8 > div > div.caption > p.btn-tag-group
Attack triggering keywords: atmosphere
Twitter – Houston Rockets (https://twitter.com/HoustonRockets?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
DOM Element: #main_content > div.timeline > table:nth-child(3) > tbody > tr.tweet-container > td > div
Attack triggering keywords: #rockets
eBay (https://www.ebay.com/)
DOM Element: #w0-reviewsWidget > div:nth-child(4) > div.ebay-review-section-r
Attack triggering keywords: great
The below 2 figures show how the attack triggering keywords are appearing during the profiling and simulation periods. In short, during the profiling period, it triggers once in 20 days (5/18/2019 ~ 6/17/2019). During the simulation period (20 days as well), it also shows up only once. This would be a typical configuration of Dazzle-attack that triggers an attack occasionally while maintaining its reliability. Moreover, we do not observe changes of DOM structures for all the websites and DOM elements chosen in this experiment.
Data from Profiling Period (5/7/2019 ~ 5/27/2019)
(Redline indicates when all the keywords from 5 websites are appearing together)
Data from Simulation Period (5/28/2019 ~ 6/17/2019)
(Redline indicates when all the keywords from 5 websites are appearing together)
Calculating the divider G
As for ‘Distribution’, it means that the divider is G, 2G, 4G,8G, and 16G for iterations, respectively. Different sizes of buckets are used to handle different sizes of contents. To help understand, we add pseudo code as following. We will add and clarify this on the paper.
All definitions of terms are the same as shown in the paper. In this paper, R = 5 is used (line 13). Whenever the content of input words is appeared in a group (Grpg), distribution value, pntg is getting bigger (line 23). Note that the size of each group changes every iteration by change of G (line 24) so that it takes into account different size of input words. That is, it considers various size of group and takes average of summation of distribution values. The big pntf means that input words are distributed evenly (line 25).