DOCSLIB.ORG

Factors of Influence for Transfer Learning Across Diverse Appearance Domains and Task Types

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Factors of Influence for Transfer Learning Across Diverse Appearance Domains and Task Types FACTORS OF POSITIVE TRANSFER 1 Factors of Influence for Transfer Learning across Diverse Appearance Domains and Task Types Thomas Mensink*, Jasper Uijlings*, Alina Kuznetsova, Michael Gygli, and Vittorio Ferrari Abstract—Transfer learning enables to re-use knowledge learned on a source task to help learning a target task. A simple form of transfer learning is common in current state-of-the-art computer vision models, i.e. pre-training a model for image classification on the ILSVRC dataset, and then fine-tune on any target task. However, previous systematic studies of transfer learning have been limited and the circumstances in which it is expected to work are not fully understood. In this paper we carry out an extensive experimental exploration of transfer learning across vastly different image domains (consumer photos, autonomous driving, aerial imagery, underwater, indoor scenes, synthetic, close-ups) and task types (semantic segmentation, object detection, depth estimation, keypoint detection). Importantly, these are all complex, structured output tasks types relevant to modern computer vision applications. In total we carry out over 1200 transfer experiments, including many where the source and target come from different image domains, task types, or both. We systematically analyze these experiments to understand the impact of image domain, task type, and dataset size on transfer learning performance. Our study leads to several insights and concrete recommendations for practitioners. Index Terms—Transfer Learning, Computer Vision. F 1 INTRODUCTION ranfer learning is omnipresent in computer vision. ing a large-scale exploration of transfer learning across a T The common practice is transfer learning through wide variety of image domains and task types. In particular, ILSVRC’12 pre-training: train on the ILSVRC’12 image clas- we perform over 1200 transfer learning experiments across sification task [4], copy the resulting weights to a target 20 datasets spanning seven diverse image domains (con- model, then fine-tune for the target task at hand. This sumer, driving, aerial, underwater, indoor, synthetic, close- strategy was shown to be effective on a wide variety of ups) and four task types (semantic segmentation, object datasets and task types, including image classification [7], detection, depth estimation, keypoint detection). In many of [17], [37], [42], [55], object detection [35], semantic segmen- our experiments the source and target come from different tation [90], human pose estimation [38], [123], [126], and image domains, task types, or both. For example, we find depth estimation [16], [29]. Intuitively, the reason for this that semantic segmentation on COCO [65] is a good source success is that the network learns a strong generic visual for depth estimation on SUN RGB-D [94](Tab. 3e); and even representation, providing a better starting point for learning that keypoint detection on Stanford Dogs [8], [48] helps ob- a new task than training from scratch. ject detection on the Underwater Trash [30] dataset (Tab. 4b). But can we do better than ILSVRC’12 pre-training? And We then do a systematic meta-analysis of these experiments, what factors make a source task good for transferring to a relating transfer learning performance to three underlying given target task? Some previous works aim to demonstrate factors of variation: the difference in image domain between that a generic representation trained on a single large source source and target tasks, their difference in task type, and the dataset works well for a variety of classification tasks [54], size of their training sets. This yields new insights into when [71], [122]. Others instead try to automatically find a subset transfer learning brings benefits and which source works arXiv:2103.13318v1 [cs.CV] 24 Mar 2021 of the source dataset that transfers best to a given target [33], best for a given target. [74], [77], [117]. By virtue of dataset collection suites such as At a high level, our main conclusions are: (1) for most VTAB [122] and VisDA [76], recently several works in trans- target tasks we are able to find sources that significantly fer learning and domain adaptation experiment with target outperform ILSVRC’12 pre-training; (2) the image domain datasets spanning a variety of image domains [23], [54], [57], is the most important factor for achieving positive transfer; [71], [76], [122], [124]. However, most previous work focuses (3) the source dataset should include the image domain of solely on image classification [23], [33], [57], [66], [77], [87], the target dataset to achieve best results; (4) conversely, we [122] or a single structured prediction task [40], [62], [101], observe almost no negative effects when the image domain [103], [117]. of the source task is much broader than that of the target; (5) In this paper, we go beyond previous works by provid- transfer across task types can be beneficial, but its success is heavily dependent on both the source and target task types. The rest of our paper is organized as follows: Sect. 2 • Google Research discusses related work. Sect. 3 discusses the three factors • Primary contacts: [email protected] and [email protected]. of variation. Sect. 4 details and validates the network archi- * Equal contribution. tectures that we use. Sect. 5 presents our transfer learning Manuscript submitted in March, 2021 to TPAMI. This work has been submitted to the IEEE for possible publication. Copyright may be transferred experiments. Sect. 6 presents a detailed analysis of our without notice, after which this version may no longer be accessible. results. Sect. 7 concludes our paper. FACTORS OF POSITIVE TRANSFER 2 Fig. 1: We explore transfer learning across a wide variety of image domain and task types. We show here example images for the 20 datasets we consider, highlighting their visual diversity. We grouped them into manually defined image domains: consumer in orange, driving in green, synthetic in red, aerial in purple, underwater in blue, close-ups in yellow, and indoor in magenta. 2 RELATED WORK ferent cameras [87]. Recent works explored larger domain We review here related work on transfer learning in com- shifts, e.g. across clipart, web-shopping products, consumer puter vision. We take a rather broad definition of this photos and artist paintings [105], or across simple synthetic term, and include several families of works that transfer renderings and real consumer photos [57], [76], and even knowledge from a task to another, even though they are not fusing multiple datasets spanning several modalities such as explicitly positioned as ‘transfer learning’. We pay particular hand-drawn sketeches, synthetic renderings and consumer attention to their experimental setting and analyses, as this photos [124]. Despite this substantial variation in domain, is the aspect most related to our work. most works consider only object classification tasks, with Domain adaptation. This family of works adapts image relatively few papers tackling semantic segmentation [40], classifiers from a source domain to a target domain, typi- [62], [76], [98], [101], [119]. cally containing the same classes but appearing in different Few-shot learning. Works in this area aim to learn to kind of images. Some of the most common techniques are classify new target classes from very few examples, typically minimizing the discrepancy in feature distributions [32], 1-10, by transferring knowledge from source classes with [66], [87], [96], [102], [105], [124], embedding domain align- many training samples. Typically the source and target ment layers into a network [13], [68], [84], directly transform classes come from the same dataset, hence there is no images from the target to the source domain [9], [86], [88]. domain shift. There are two main approaches: metric-based Earlier works consider relatively small domain shifts, e.g. and optimization-based. Optimization-based methods em- where the source and target datasets are captured by dif- ploy meta-learning [28], [75], [79], [80], [112]. These methods FACTORS OF POSITIVE TRANSFER 3 train a model such that it can be later adapted to new classes large source dataset works well for all target tasks [54], with few update steps. MAML [28] is the most prominent [122]. Others instead try to automatically find a subset of the example of this line of work. Despite its success, [79] later source dataset that transfers best to a given target [33], [74], showed that its performance largely stems from learning [77], [117]. The subsets correspond either to subtrees of the a generic feature embedding, rather than a model that source class hierarchy [74], [77], or are derived by clustering can adapt to new data faster. Metric-based methods [52], source images by appearance [117]. After selecting a subset, [69], [93], [99], [106] aim at learning an embedding space they retrieve its corresponding pre-trained source model which allows to classify examples of any class using a and fine-tune only that one on the target dataset. distance-based classifier, e.g. nearest neighbor [93]. Overall, Taskonomy [121] explores a converse scenario. They the community seems to be reaching a consensus [15], [34], perform transfer learning across many task types, including [41], [78], [95], [100]: the key ingredient to high-performing several dense prediction ones, e.g. surface normal estima- few-shot classification is learning a general representation, tion and semantic segmentation. However, there is only one rather than sophisticated algorithms for adapting to the new image domain (indoor scenes) as all the tasks are defined classes. In line with these works, we study what repre- on the same images (one dataset). This convenient setting sentation is suitable for solving a target task. In contrast enables them to study which source task type helps the most with these works, our focus is on more complex structured which target task type, by exhaustively trying out all pairs. prediction. As an powerful outcome, they derive a taxonomy of task While most few-shot learning works focus on classifica- types, with directed edges weighted by how much a task tion, there are a few exceptions, e.g.
Load more

Recommended publications
  • Plugin to Run Oracle Forms in Chrome
    Plugin To Run Oracle Forms In Chrome Emmott deuterate prenatal. Ataxic Clarance ambuscades: he tinkles his lairdships phonetically and occupationally. Slovenian and electrifying Ishmael often shuns some peregrination transversally or clapping competently. Desupport of Java Applet Plugin is my Forms Application at. Good Riddance to Oracle's Java Plugin Krebs on Security. Support the the java plug-in used to friend these applications ends with this version of Firefox. Oracle Forms Browser Alternatives DOAG. Note Chrome is not supported for Oracle Formsbased EBS applications Supported Java plug-ins also differ according to the operating system great well as. Configure browser to favor the Adobe PDF plug-in and open. Many recent browser versions include their particular native PDF plug-ins that automatically. Similar to Chrome Firefox will drop support must all NPAPI plugins such as. Oracle Forms 12c version can apology be used without a browser while still keeping the native appearance of the application Either JDK or Java Plugin JRE has not be installed on the client PC An inn of inventory to trigger this answer of configuration can blood found love the Forms web configuration file formsweb. Ui objects in the new row is not only one of the following parmaments in to determine whether you never supported. Why need use Google Chrome for Oracle APEX Grassroots Oracle. How something I run Oracle Forms 11g locally? After you download the crx file for ThinForms 152 open Chrome's. So her whole application is a web based login and stealth launch Java J-initiator. The location for npapi will not clear history page in apex competitors and chrome release and to run oracle forms in chrome, more of the application express file that they would prompt.
    [Show full text]
  • Detecting and Analyzing Insecure Component Integration
    Taeho Kwon December 2011 Computer Science Detecting and Analyzing Insecure Component Integration Abstract Component technologies have been widely adopted for designing and engineering software ap- plications and systems, which dynamically integrate software components to achieve desired func- tionalities. Engineering software in a component-based style has significant benefits, such as im- proved programmer productivity and software reliability. To support component integration, oper- ating systems allow an application to dynamically load and use a component. Although developers have frequently utilized such a system-level mechanism, programming errors can lead to insecure component integration and serious security vulnerabilities. The security and reliability impact of component integration has not yet been much explored. This dissertation systematically investigates security issues in dynamic component integration and their impact on software security. On the conceptual level, we formulate two types of insecure component integration—unsafe component loading and insecure component usage—and present practical, scalable techniques to detect and analyze them. Our techniques operate directly on soft- ware binaries and do not require source code. On the practical level, we have used them to discover new vulnerabilities in popular, real-world software, and show that insecure component integration is prevalent and can be exploited by attackers to subvert important software and systems. Our research has had substantial practical impact and helped
    [Show full text]
  • Cisco Telepresence Management Suite Software Release Notes (15.13)
    Cisco TelePresence Management Suite 15.13 Software Release Notes First Published: November 2020 Cisco Systems, Inc. www.cisco.com 1 Cisco TelePresence Management Suite Software Release Notes 2 Cisco TelePresence Management Suite Software Release Notes Preface Change History Table 1 Software Release Notes Change History Date Change Reason November 2020 Release of Software Cisco TMS 15.13 Product Documentation The following documents provide guidance on installation, initial configuration, and operation of the product: ■ Cisco TelePresence Management Suite Installation and Upgrade Guide ■ Cisco TelePresence Management Suite Administrator Guide ■ Cisco TMS Extensions Deployment Guides New Features in 15.13 Bridge selection based on IX 5000 endpoint Cisco TMS provides an option to select the preferred bridge to be Cisco TelePresence Server (added to Cisco TMS directly or behind the conductor) for the conferences that has the IX 5000 endpoint as a participant. Support for Dual home domain for Cisco Meeting Server IP Zone/ cluster This feature enables Cisco TMS to configure Dual-home Domains for the Cisco Meeting Server/ s configured with multiple IP Zones. The criteria for the selection of the Cisco Meeting Server Dual home domain for a Skype for business meeting would be based on the IP zone that has maximum number of participants in that meeting. Enter the Dual-home domain name that is used to schedule a Skype meeting on Office 365/Exchange server. Support for Microsoft SQL Server 2019 and ESXi 7.0 Cisco TMS now supports the following: ■
    [Show full text]
  • UC Common Commands: Most Common Commands (Beginner, Intermediate, Advanced)
    UC Common Commands: most common commands (Beginner, Intermediate, Advanced) Turning the microphone on and off (1.1) (Navigating menus and dialog boxes con’d) Speech On/Off 0-9 Short Microphone Off 1-40 Control/Shift/Shift Control Tab Space (toggle checkbox) Correcting misrecognitions, training words and vocabulary (1.3, 1.4, 1.5) Alternate Down (toggle drop-down list) Nope Escape Nope <any words on the screen> Cancel NatSpeak/This Train/Vocabulary NatSpeak Recognition (shows what NatSpeak has heard) Clicking, placing and moving the mouse arrow (4.1, 4.2, 4.3, 4.4) Touch Accessing NatSpeak and UC Menu Items (1.6, 1.9) Touch Twice UC/Rulers/NatSpeak Menu Touch Right UC/Rulers/NatSpeak <menu item or dialog box> Rulers Open/Close Correcting more quickly (1.10) 0-100 By 0-100 (Touch Twice/No Touch/Touch Right) 1-20 Down 1st-20th Word/Letter Local 0-100 By 0-100 Mouse 1-100 Up/Down/Left/Right (Touch/Touch Right) Opening and closing programs (2.1, 2.2, also 5.1) Dragging the mouse arrow (4.5) <standard program> Open/New/Close Drag 0-100 By 0-100 [Standard programs: Access, Acrobat, Address Book, Base, Calc, Drag 1-100 Up/Down/Left/Right Calculator, Draw, Dreamweaver, Emacs, Eudora, Excel, (Outlook) Express, Filezilla, Firefox, Google Desktop, Illustrator, InDesign, Calling up files and folders (5.6, 5.7) Impress, Internet (Explorer), iTunes, Math, (Windows) Media UC List Player, Netscape, Notepad, Outlook, PageMaker, Photoshop, List/Add File/Folder Picasa, PowerPoint, Project, Quark, QuickView, Quicken, Solitaire, <any file on the File List> File/Folder Thunderbird, Visio, Visual (Studio), Windows (Explorer), Word, Save To <any folder on the Folder List> WordPad, Writer] Note: words in parentheses are for reference only.
    [Show full text]
  • Chrome Request Desktop Site Not Working
    Chrome Request Desktop Site Not Working Is Allan always androdioecious and furzy when patronages some tidies very lifelessly and octagonally? Unanalyzable Patrik relives, his emulsoid knee anthropomorphising alee. Wilt often fine-tunes Malaprop when effluvial Ed bushwhacks head-on and disembarrass her fornicators. The website is caught in the google chrome firefox and android phone. There remain many different browser apps in Android market. After every relevant binary is executed, Google Update uploads statistics on the actions that were performed. How change request desktop version of a Web site in Chrome for Android. When compared to site not chrome working or storage and. It has fixed all sorts of problems with Chrome. You can enable desktop view but you are still getting a mobile version. URL in extra background. Hope that works for you! Opening a site not work actually works. If you sync your browsing history bring a sync passphrase, this forecast also contains a temporary authentication token tied to your Google account shall provide better protections to some users whose face may be one attack. Please extract a smaller file and iron again. How To Load on desktop websites permanently in Chrome. Using the Zoom Chrome Extension Zoom Help Center. However, entity can see more of the widow without some being concealed by other cards. How do these enable desktop running on Google Chrome? Note that integral mode having not protect you use example, how the computer you are using is infected by a keylogger that records what character type. Just not work for desktop site requests to chrome works on android phone is.
    [Show full text]
  • Security Analysis of Browser Extension Concepts
    Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Bachelor's thesis Security Analysis of Browser Extension Concepts A comparison of Internet Explorer 9, Safari 5, Firefox 8, and Chrome 14 submitted by Karsten Knuth submitted January 14, 2012 Supervisor Prof. Dr. Michael Backes Advisors Raphael Reischuk Sebastian Gerling Reviewers Prof. Dr. Michael Backes Dr. Matteo Maffei Statement in Lieu of an Oath I hereby confirm that I have written this thesis on my own and that I have not used any other media or materials than the ones referred to in this thesis. Saarbr¨ucken, January 14, 2012 Karsten Knuth Declaration of Consent I agree to make both versions of my thesis (with a passing grade) accessible to the public by having them added to the library of the Computer Science Department. Saarbr¨ucken, January 14, 2012 Karsten Knuth Acknowledgments First of all, I thank Professor Dr. Michael Backes for giving me the chance to write my bachelor's thesis at the Information Security & Cryptography chair. During the making of this thesis I have gotten a deeper look in a topic which I hope to be given the chance to follow up in my upcoming academic career. Furthermore, I thank my advisors Raphael Reischuk, Sebastian Gerling, and Philipp von Styp-Rekowsky for supporting me with words and deeds during the making of this thesis. In particular, I thank the first two for bearing with me since the release of my topic. My thanks also go to Lara Schneider and Michael Zeidler for offering me helpful advice.
    [Show full text]
  • 157 Software Tools. No Fees. No Expiration Dates. No Problems
    BestFree Software 157 software tools. No fees. No expiration dates. No problems. Sometimes even no downloads. No kidding. By Eric Griffith and PC Magazine staff We did the math: If you bought popular GIMP www.gimp.org add-ons means there's not much this apps instead of trying their gratis counter- Windows ! MacOS | Linux The GNU Im- program won't do, from calendars to parts, at the manufacturers' iist prices age Manipulation Program (GIMP) does encryption. you'd be out $5,183 and change! Why spend most of what Photoshop does; the Gimp- money when you can get what you need shop project [plastiebugs.com) even UbuntU www.ubuntu.com for nothing? Sometimes, you do get what makes it look like Photoshop. Linux This Linux-based OS comes with you don't pay for. many of these Hall of Fame products iTunes www,apple.com/itunes (Firefox. OpenOffice.org) preinstalled. Hall of Fame windows I MacOS When you're attached to (See "OS Wars," page 87.) the top media player in the land (iPod), Adobe Reader www.adobe.com success is a given. iTunes continues to Win Amp www.winamp.com windows I MacOS I LinuK | Mobile This sim- build sales and refine its organization Windows After a decade of playing mu- plest of Adobe's PDF programs lets you of songs, video, games, podcasts, and sic, the "skinnable" WinAmp has several do just about anything PDF-related (be- more. versions, including one with full CD rip- sides create new ones), including online ping and burning. collaboration. It includes a host of fea- OpenOffice.org www.openoff ice.org tures to aid users with disabilities.
    [Show full text]
  • System Requirements: How to Install IE TAB – Google Chrome
    System Requirements: 1. Web User must have 32-bit Java installed. This can be obtained directly from Oracle by using the following URL: https://www.java.com/en/download/ This will take the user directly to Oracle’s Java download page. 2. The AllPayor Web Quote will only run on computers that support Java. Supported browsers are: • IE 11 • Google Chrome – Must have IE TAB extension installed and run the Web Quote in the IE TAB URL line. • New Microsoft Edge – Must have IE TAB extension installed and run the Web Quote in the IE TAB URL line. How to install IE TAB – Google Chrome If using Google Chrome, please follow these instructions to install the IE TAB. 1. In Google Chrome, click the three dots in the upper right corner: 2. The following window will open, click the Settings option: 3. The following window will open, click the Extensions option: 4. The following window will open, click the three lines in the left hand corner of the window: 5. The following window will open, click the Open Chrome Web Store in the bottom left hand corner of the window: 6. A search bar will be on the next window on the left hand side of the screen. Enter IE TAB in the search and press ENTER. The results will be shown and you can select IE TAB to be installed. 7. Once installed, please configure IE TAB to properly print (see below for instructions). How to install IE TAB – Microsoft Edge If using Microsoft Edge, please follow these instructions to install the IE TAB.
    [Show full text]
  • IE Tab for Chrome Or Firefox (HRI) How to Set up IE Tab for Chrome How to Use Servicemonster with IE Tab
    IE Tab for Chrome or Firefox (HRI) How to Set Up IE Tab for Chrome How to Use ServiceMonster with IE tab Open Google Chrome and go to www.ietab.net. Click on the IE icon . Click on the Chrome icon that says “Get IE Tab for An Internet Explorer browser window will open Chrome.” within your Chrome browser window. Use this to go to http://hri.servicemonster.net/. If you accidently reach a warning page saying that IE is required to access ServiceMonster, then you will need to remove the part of the URL that says “BrowserReject.aspx” to get to the SM login page. http://hri.servicemonster.net//BrowserReject.aspx A pop-up will open, with a green button that says “Add to Chrome.” Click it. Add ServiceMonster to Your Bookmarks Note: Once IE Tab has been added (or if it was previously installed), the button will read “Added to Chrome.” Another pop-up will open, verifying that you want to add “IE Tab.” Click “Add.” Go to http://hri.servicemonster.net/. IE Tab is now installed. You’ll now see an Internet Explorer icon on the right top corner of your Chrome browser window. Click the icon to the end of the URL bar and ServiceMonster will be added to your Chrome bookmarks, under the IE Tab folder. DifficultyIE Tab Accessing for Chrome Bookmarks? or Firefox (HRI) Click the “lines” icon to the right of the IE tab button. Select “Settings.” Under “Appearance,” check “Always show the bookmarks bar.” This will ensure that your IE Tab bookmarks folder is shown above the IE Tab URL bar, on the left.
    [Show full text]
  • Protecting Browsers from Extension Vulnerabilities
    Protecting Browsers from Extension Vulnerabilities Adam Barth, Adrienne Porter Felt, Prateek Saxena Aaron Boodman University of California, Berkeley Google, Inc. fabarth, afelt, [email protected] [email protected] Abstract browser’s full privileges. If an attacker can exploit an ex- tension vulnerability, the attacker can usurp the extension’s Browser extensions are remarkably popular, with one in broad privileges and install malware on the user’s machine. three Firefox users running at least one extension. Although At this year’s DEFCON, Liverani and Freeman presented well-intentioned, extension developers are often not security attacks against a number of popular Firefox extensions [24]. experts and write buggy code that can be exploited by ma- In one example, if the user dragged an image from a mali- licious web site operators. In the Firefox extension system, cious web page into the extension, the web site operator these exploits are dangerous because extensions run with could install a remote desktop server on the user’s machine the user’s full privileges and can read and write arbitrary and take control of the user’s mouse and keyboard. files and launch new processes. In this paper, we analyze These attacks raise the question of whether browser ex- 25 popular Firefox extensions and find that 88% of these tensions require such a high level of privilege. To investi- extensions need less than the full set of available privileges. gate this question, we examine 25 popular Firefox exten- Additionally, we find that 76% of these extensions use un- sions to determine how much privilege each one requires.
    [Show full text]
  • DVRM10 H.264 Mobile DVR User’S Manual
    DVRM10 H.264 Mobile DVR User’s Manual Before attempting to connect or operate this product, please read these instructions carefully and save this manual for future use. DM-Mobile-DVR-M63095E - 1 - CAUTION TO REDUCE THE RISK OF ELECTRIC SHOCK, DO NOT REMOVE COVER. NO USER SERVICEABLE PARTS INSIDE. PLEASE REFER SERVICING TO QUALIFIED SERVICE PERSONNEL. WARNING TO PREVENT FIRE OR ELECTRIC SHOCK HAZARD, DO NOT EXPOSE THIS APPLIANCE TO RAIN OR MOISTURE. NOTE: This equipment has been tested and found to comply with the limits for a Class “A” digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the users will be required to correct the interference at their own expense. FCC Caution: To assure continued compliance, use only shielded interface cables when connecting to computer or peripheral devices. Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate this equipment. This Class A digital apparatus meets all the requirements of the Canadian Interference Causing Equipment Regulations. - 2 - LIMITATION OF LIABILITY THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY, FITNESS FOR ANY PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THE THIRD PARTY’S RIGHT.
    [Show full text]
  • Chrome Extensions: Threat Analysis and Countermeasures
    Chrome Extensions: Threat Analysis and Countermeasures Lei Liu∗ Xinwen Zhang Vuclip Inc. Huawei R&D Center Milpitas,CA95035 SantaClara,CA95050 [email protected] [email protected] GuanhuaYan SongqingChen Los Alamos National Laboratory George Mason University LosAlamos,NM87545 Fairfax,VA22030 [email protected] [email protected] Abstract user experience, a large number of browser extensions have been developed by browser vendors or third party develop- The widely popular browser extensions now become one ers. The wide popularity of browser extensions has attracted of the most commonly used malware attack vectors. The the attention of attackers. A recent study [25] shows that Google Chrome browser, which implements the principles nowadays many malware infections are in the form of add- of least privileges and privilege separation by design, of- ons on popular web browsers like IE and a majority of mal- fers a strong security mechanism to protect malicious web- ware have a browser extension implementation. Browser sites from damaging the whole browser system via exten- helper objects (BHOs), a widely used type of add-ons, is sions. In this study, we however reveal that Chrome’s ex- named by CERT [24] as one of the techniques that are most tension security model is not a panacea for all possible at- frequently employed by spyware writers. tacks with browser extensions. Through a series of prac- The threats posed by malicious browser extensions call tical bot-based attacks that can be performed even under for a thorough investigation of the security models that web typical settings, we demonstrate that malicious Chrome ex- browsers use to execute these extensions.
    [Show full text]