YOPO is an attack framework designed to generate a universal adversarial perturbation that deceives machine learning-based ATS blockers in a cost-effective manner. YOPO acheives high attack success rates agaisnt four state-of-the-art ATS blockers with a single perturbation. For more details, please refer to our paper, "You Only Perturb Once: Bypassing (Robust) Ad-Blockers Using Universal Adversarial Perturbations", which appeared in ACSAC 2024.
YOPO requires a Linux machine with an NVIDIA graphic card. Due to its use of multiple processes for parallel HTML file manipulation, we recommend a machine with at least 32 CPU cores, 256 GB of system memory, and 300 GB of disk space. Our tests were conducted on a machine running Ubuntu 22.04 (64-bit).
To run our scripts, the following software dependencies must be installed:
-
Docker
Install Docker by following the instructions here.
-
Run Docker without root privileges
Our scripts are designed to avoid requiring root privileges. To manage Docker as a non-root user, follow the instructions here.
-
CUDA Toolkit 12.4
YOPO is tested with CUDA Toolkit 12.4. Please install CUDA Toolkit 12.4 from this link. If using a different CUDA version, update the base image in the Dockerfile accordingly. Available base images can be found here.
-
NVIDIA Container Toolkit
To enable GPU access within Docker containers, install the NVIDIA Container Toolkit by following the guide here.
Build the Docker image using the provided Dockerfile and start a Docker container.
$ git clone --recurse-submodules https://github.com/WSP-LAB/YOPO.git
$ cd scripts
$ ./build.sh && ./launch_container.sh
Assuming you are inside the Docker container, install the CA certificate for mitmproxy,
which we use to monitor requests to target websites and redirect the response to our local server.
$ cd scripts
$ ./apply_mitmproxy_certificates.sh
Before crawling webpages, save the HTML files from Tranco's Top-10K websites.
$ cd scripts/crawler
$ ./save_html.sh
Crawl the websites using the target ATS blockers by executing the run_crawler.sh script,
passing the name of the target ATS blocker.
Each ATS blocker crawls the saved HTML files and extracts features.
- TARGET:
adgraph,webgraph,adflush,pagegraph
$ cd scripts/crawler
$ ./run_crawler.sh [TARGET]
Train the target ATS blockers with the extracted features by running the train_adblocker.sh script.
$ cd scripts
$ ./train_adblocker.sh [TARGET]
Train a surrogate model for each target ATS blocker by executing the train_surrogate.sh script.
$ cd scripts
$ ./train_surrogate.sh [TARGET]
To run the attack pipeline, execute the run_attack.sh script with the following arguments:
- EPSILON:
5,10,20,40 - COST_MODEL_TYPE:
DC,HSC,HCC,HJC - TARGET:
adgraph,webgraph,adflush,pagegraph
$ cd scripts
$ ./run_attack.sh [EPSILON] [COST_MODEL_TYPE] [TARGET]
The attack success rates and costs will be saved in the /yopo-artifact/result directory.
This research project has been conducted by WSP Lab at KAIST and SAIL Lab at Oregon State University.
To cite our paper:
@INPROCEEDINGS{shin:acsac:2024,
author = {Dongwon Shin and Suyoung Lee and Sanghyun Hong and Sooel Son},
title = {You Only Perturb Once: Bypassing (Robust) Ad-Blockers Using Universal Adversarial Perturbations},
booktitle = {Proceedings of the Annual Computer Security Applications Conference},
pages = {190--206},
year = 2024
}