Malicious Advertisements

Slides:

Advertisements

Similar presentations

PhishZoo: Detecting Phishing Websites By Looking at Them

Advertisements

LeadManager™- Internet Marketing Lead Management Solution May, 2009.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008.

Understanding and Detecting Malicious Web Advertising

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

All Media ADS. About All Media ADS All Media ADS offers Internet advertising that provides innovative advertising and publishing solutions that speak.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

chapter 9 Communication McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Marketing and Advertising in E-Commerce

Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.

Norman SecureSurf Protect your users when surfing the Internet.

Prof. Vishnuprasad Nagadevara Indian Institute of Management Bangalore

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

1.Understand the decision-making process of consumer purchasing online. 2.Describe how companies are building one-to-one relationships with customers.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.

Internet Advertising David HinojosaKelly Hodges. Internet Advertising Online advertising is a form of promotion that uses the internet to deliver marketing.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Improving Cloaking Detection Using Search Query Popularity and Monetizability Kumar Chellapilla and David M Chickering Live Labs, Microsoft.

All Your iFRAMEs Point to Us Cheng Wei. Acknowledgement This presentation is extended and modified from The presentation by Bruno Virlet All Your iFRAMEs.

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

Chapter Twelve Digital Interactive Media Arens|Schaefer|Weigold Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution.

The Koobface Botnet and the Rise of Social Malware Kurt Thomas David M. Nicol

Safe browsing - is an ad-blocker extension enough? AIMILIOS TSOUVELEKAKIS IT-DI-CSO IT LIGHTNING TALK – 12/

DIGITAL ADVERTISING Standard 4. THE ROLE OF DIGITAL ADVERTISING IS TO INCREASE SALES OR IMPROVE BRAND AWARENESS.

Trends and Lessons from Three Years Fighting Malicious Extensions Nav Jagpal, Eric Dingle, Jean-Philippe, Gravel Panayiotis, Mavrommatis Niels, Provos.

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

Chapter 4: Marketing on the Web. 2 How do you reach customers? Identify groups of potential customers Select the appropriate media Build the right message.

Discovering Computers Fundamentals, 2011 Edition Living in a Digital World.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

Maximize Your Web site and Build Your Business. ABOUT US Pen Publishing Interactive, Inc.  VP of Marketing  Founded in 1994  Web hosting and software.

Heat-seeking Honeypots: Design and Experience John P. John, Fang Yu, Yinglian Xie, Arvind Krishnamurthy and Martin Abadi WWW 2011 Presented by Elias P.

CHAPTER 16 SEARCH ENGINE OPTIMIZATION. LEARNING OBJECTIVES How to monitor your site’s traffic What are the pros and cons of keyword advertising within.

What mobile ads know about mobile users

Data mining in web applications

Terms – Online Advertising

Lecture 9 Communication.

Introduction to Digital Marketing Game-Changing Techniques

Exchange Online Advanced Threat Protection

TMG Client Protection 6NPS – Session 7.

PIWIK JUNIOR TIDAL ASSOCIATE PROF., WEB SERVICES & MULTIMEDIA LIBRARIAN NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY.

A lustrum of malware network communication: Evolution & insights

Are these ads safe? Detecting hidden attacks through the mobile app-web interface Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan.

Audience Ads Greece.

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

9 Communication chapter McGraw-Hill/Irwin

Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley.

Protect Your Computer Against Harmful Attacks!

Jon Peppler, Menlo Security Channels

Exchange Online Advanced Threat Protection

Demo Advanced Threat Protection

Dude, where’s that IP? Circumventing measurement-based geolocation

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

Chapter 4 Online Consumer Behavior, Market Research, and Advertisement

Section 14.1 Section 14.2 Identify the technical needs of a Web server

Marketing and Advertising in E-Commerce

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

Mobile Security Evangelos Markatos FORTH-ICS and University of Crete

When Machine Learning Meets Security – Secure ML or Use ML to Secure sth.? ECE 693.

Cybersecurity Simplified: Phishing

Presentation transcript:

Malicious Advertisements Boyu Ran and Ben Rothman

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Focus Online Advertisement Mobile Advertisement

Online Advertisement Online Advertisement growing trend aka Online Marketing or Internet Advertising Use internet to deliver promotional messages to consumers includes email marketing, social media marketing , search engine marketing, display advertising and mobile advertising.

Actors in Web Advertising publishers advertisers audiences others(ex: tracker)

Advertising Model Cost Per Click (CPC) / Pay Per Click (PPC) Advertisers only pay when a user clicks the ad and is directed to the website Cost Per Mille (CPM) / Cost Per Impression (CPI) Advertisers pay for exposure (view) of their message to a specific audience

Major Types of Online Advertising Search/Contextual Social networks and blogs Display

Search/Contextual Example

Social Networks Example

Display Ads Example

Comparison Benefits Drawbacks Display SEM(Search) Social Media high visibility, effective behavioral and geographical targeting. blindness SEM(Search) Origination Inorganic Results Social Media Low Cost, Increased Visibility( push notification) TOS limitations

Mobile Advertising https://www.youtube.com/watch?v=rSRc6ICK_yU

Some Statistics!

Online Ads vs Mobile Ads Source: Dynamic Logic Market Norms for Online

Online Ads vs Mobile Ads Source: U.S. Bureau of Economic Analysis

Online Ads vs Mobile Ads Source: Interactive Advertising Bureau

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Problem Subject to illegal usage drive-by downloads scamming (deceptive downloads) click-fraud (link hijacking) drive-by downloads - > when you visit a page, the malicious code will be downloaded in the background to your device. scamming - > fake anti-virus click-fraud -> a person who manually or use a script to click the add in order to increase his own ad revenue.

Drive-by Download Demo https://www.youtube.com/watch?v=_cBed6-ufIQ

Fake Antivirus Scam Demo https://www.youtube.com/watch?v=xxDm_sKhIBM

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Challenge Little is known about the infrastructures used to deliver the malicious ad contents. The partner relations of ad entities are often determined dynamically Attackers use obfuscation of content and compromising ad networks Malicious ads exhibit different behaviors

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Related Works (Ref Paper) Detecting malvertisements: HTML redirection analysis (Stringhini et al. and Mekky et al.) High-interaction honeypots (Provos et al.) Flash-based malvertising analysis (Ford et al.) Restricting access: AdJail, AdSandbox, AdSentry Preventing click-hijacking (lots of related work)

Related Works(Primary) previous work focus on controlling the behavior of ads in order to prevent malvertising. Stone-Gross fraudulent activities in online ad exchange Wang Ad distribution networks. Focus on network performance and user latency. None of them focus on network topology for malicious ad detection

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Methodology Overview Collect ad samples Use oracles to identify malvertisements Analyze trends in malvertisements

Methodology Collected the contents of 673,596 ad frames from: Alexa top 10,000 websites Alexa bottom 10,000 websites Alexa 23,000 random websites over 3 months (used EasyList from AdBlock Plus to identify ads)

Methodology Identify suspicious activity Wepawet - emulates browser, analyzes JS execution for anomaly-based detection of suspicious code Malware/Phishing blacklists - ads served from domains included in blacklists, used threshold of 5 blacklists to improve accuracy VirusTotal - if an ad tried to force the user to download a file, that file was analyzed with VirusTotal to classify file

Methodology Analyze properties of malvertisements Are any particular ad networks used? Are any particular types of websites targeted? Does ad arbitration expose safe ad networks to malicious ads?

Results 6,601 malvertisements discovered, representing 1% of all ads analyzed

Ad Networks No matter how sophisticated the filtering used by ad networks, malicious ads will manage to infiltrate Some networks are better than others at prevent malvertisements relative to their popularity

Targets Website popularity

Targets Malicious ads target mainly .com, but all categories of website

Ad Arbitration Ad networks serving between each other make trusted ad networks vulnerable

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

MadTracer Two components first part analyze path and attributes second part monitor publisher’s page and study cloaking techniques

Detection Methodology Node annotation node popularity, role, domain registration info, and URL properties

Detection Methodology Extract path segment and select a subset of them as training data to build detection rules based on decision tree

Detection Methodology Uses rules to match against each ad-path to be detected. If matched, report as Malvertising path. Sent to analyzer for further analysis.

Evaluation MadTracer works effectively against real-world malvertising activities: it caught 15 times as many malicious domain paths as Google Safe Browsing and Microsoft Forefront combined.

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Primary vs. Reference Paper Primary Paper Reference Paper Duration of Experiment 3-month period Machine Learning Yes No Scale of Experiment Alexa’s top 90,000 web sites Alexa top 10,000, bottom 10,000, middle 23,000 Detection Method Google Safe-Browsing API, Microsoft Forefront, MadTracer Anomaly JS detection, domain blacklists, and malware in download requests Malvertising Defend Mechanism MadTracer (suggests using ad blocking, ad network collaboration, iframe sandboxing)

Web vs. Mobile Ads Web Ads Mobile Ads Channels web servers ( web sites) Wifi SSID, SMS, QR Code, Contacts, Calendars, Etc. Basis of Advertising IP-based Geolocation-based Malvertising Detection Methods dynamic analysis static and dynamic analysis Malvertising Defend Mechanism MadTracer NoInjection Ad Serving Client Redirects Server Redirects

Web vs Mobile Ad Serving

Roadmap Background Problem Challenge Related works Reference Paper MadTracer Comparison between Ref. and MadTracer Conclusions

Conclusion There are lots of attack vectors when it comes to ads, and they are a necessary risk for the economy of the web (primary and reference paper in agreement) No single approach will be sufficient, it requires work on the part of the browser developers, ad network managers, web/app developers to reduce risk of malvertising

Any Questions?