Aurore Fass
@aurore-fass.bsky.social
Tenure-Track Faculty @CISPA
USENIX Security Artifact Evaluation Co-Chair 2025 & 2026
Web Security & Privacy: JavaScript (in)security, browser extensions
https://aurore54f.github.io
USENIX Security Artifact Evaluation Co-Chair 2025 & 2026
Web Security & Privacy: JavaScript (in)security, browser extensions
https://aurore54f.github.io
Repository: github.com/its-not-easy...
Paper: arxiv.org/pdf/2509.21590
Joint work with Ben Rosenzweig, @rossoalfiere.bsky.social, and Giovanni Apruzzese
Paper: arxiv.org/pdf/2509.21590
Joint work with Ben Rosenzweig, @rossoalfiere.bsky.social, and Giovanni Apruzzese
GitHub - its-not-easy/tweb25: Repository for the paper "It's not Easy: Applying Supervised Machine Learning to Detect Malicious Extensions in the Chrome Web Store"
Repository for the paper "It's not Easy: Applying Supervised Machine Learning to Detect Malicious Extensions in the Chrome Web Store" - its-not-easy/tweb25
github.com
October 7, 2025 at 6:59 PM
Repository: github.com/its-not-easy...
Paper: arxiv.org/pdf/2509.21590
Joint work with Ben Rosenzweig, @rossoalfiere.bsky.social, and Giovanni Apruzzese
Paper: arxiv.org/pdf/2509.21590
Joint work with Ben Rosenzweig, @rossoalfiere.bsky.social, and Giovanni Apruzzese
We also provide ground truth (benign or malicious), category, manifest version, date of last update, and ID of each extension. Put simply, you can just (i) grab the dataset, (ii) load it into a pandas dataframe, and (iii) train & test any type of ML-based classifier on it. Enjoy!
October 7, 2025 at 6:58 PM
We also provide ground truth (benign or malicious), category, manifest version, date of last update, and ID of each extension. Put simply, you can just (i) grab the dataset, (ii) load it into a pandas dataframe, and (iii) train & test any type of ML-based classifier on it. Enjoy!
Each extension in our dataset is provided as a *feature vector that is ready for ML-based experiments*. For instance, we provide 2.5k features extracted from extensions’ source code and over 2k features extracted from extensions’ metadata.
October 7, 2025 at 6:58 PM
Each extension in our dataset is provided as a *feature vector that is ready for ML-based experiments*. For instance, we provide 2.5k features extracted from extensions’ source code and over 2k features extracted from extensions’ metadata.
For the results, look at the paper (spoiler: the browser- extension ecosystem is strongly impacted by concept drift). For those who want to get their hands dirty, we release all our codebase in our GitHub repository.
October 7, 2025 at 6:57 PM
For the results, look at the paper (spoiler: the browser- extension ecosystem is strongly impacted by concept drift). For those who want to get their hands dirty, we release all our codebase in our GitHub repository.
In our new TWEB paper, we collected ~100k browser extensions that appeared on the Chrome Web Store in 2012–2023 and used them to develop and test a set of classifiers based on supervised machine learning (ML).
October 7, 2025 at 6:57 PM
In our new TWEB paper, we collected ~100k browser extensions that appeared on the Chrome Web Store in 2012–2023 and used them to develop and test a set of classifiers based on supervised machine learning (ML).