Deep Confusables: Improving Unicode Encoding Attacks with Deep Learning

In this talk we use deep learning and transfer learning to improve attacks based on unicode characters. We cover how to create the best dictionary of confusables (similarity among unicode characters) using a VGG16 model. This dictionary allows to create new sophisticated offensive tools and create new application testing procedures.

During the talk we discuss about of the limits of countermeasures for unicode encoding attacks, for example, how to avoid punycode and will show some bad validation in famous products as Whatsapp, Signal, Telegram, Skype, Openoffice, software for detection plagarism, among others.

We also plan to release this dictionary and the tool Deepconfusables.

Location: Track 2 Date: May 10, 2019 Time: 10:30 am - 11:30 am Alfonso Muñoz Miguel Hernández Boza José Ignacio Escribano