Authors: Mona Gandhi, Markus Jakobsson, Jacob Ratkiewicz (Indiana University at Bloomington) Presented By: Lakshmy Mohanan.

Slides:

Advertisements

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Advertisements

Reinventing using REST. Anything addressable by a URI is called a resource GET, PUT, POST, DELETE WebDAV (MOVE, LOCK)

Tutorial 6 Creating a Web Form

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Understanding and Detecting Malicious Web Advertising

Google AdSense Presented by: Naresh Gourishetty.

What is WEB SPAM Many slides from a lecture by Marc Najork, Microsoft: “Detecting Spam Web Pages”

On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.

The Evolution of Online Advertisement Casey Shannon CompSci 49S February 21, 2008.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Web Page Behavior IS 373—Web Standards Todd Will.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

CLICK FRAUD Alexander Tuzhilin By Vinny Rey. Why was the study done? Google was getting sued by advertisers because of click fraud. Google agreed to have.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Marketing with YouTube Why is YouTube Important? 3,000,000,000 + Views a Day That’s double the prime-time audience of all 3 major TV networks combined.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Web Design, 4 th Edition 7 Promoting and Maintaining a Web Site.

Prevent Cross-Site Scripting (XSS) attack

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

SpotRank : A Robust Voting System for Social News Websites

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories Mona Gandhi Markus Jakobsson Jacob Ratkiewicz Indiana University at Bloomington Presented.

XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.

Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Search engines are the key to finding specific information on the vast expanse of the World Wide Web. Without sophisticated search engines, it would be.

Lecture 4 Title: Search Engines By: Mr Hashem Alaidaros MKT 445.

9-1 Chapter 9 The Internet.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

CCT355H5 F Presentation: Phishing November Jennifer Li.

By Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna Presented By Awrad Mohammed Ali 1.

EVALUATE YOUR SITE’S PERFORMANCE. Web site statistics Affiliate Sales Figures.

Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.

Advertising 1 *The red circles show the position of the keyframes on the timeline. What are banner and pop-up advertisements? 1 Answer Banner and pop-up.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Search Engines By: Faruq Hasan.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Safe browsing - is an ad-blocker extension enough? AIMILIOS TSOUVELEKAKIS IT-DI-CSO IT LIGHTNING TALK – 12/

What is Web Information retrieval from web Search Engine Web Crawler Web crawler policies Conclusion How does a web crawler work Synchronization Algorithms.

G053 - Lecture 02 Search Engines Mr C Johnston ICT Teacher

How to create a high traffic website. Ok, so your site is now live and you still haven't seen any traffic whatsoever to your website. Although getting.

What is WEB SPAM Many slides are from a lecture by Marc Najork: “Detecting Spam Web Pages”

John Paul Aguiar | BrainyMarketer.com WE HAVE THE MARKETING HELP YOU NEED!

Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.

Online Advertising You’ve seen millions of these! But you need to know some of the reasons why companies use them And some basic details of how.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

ONLINE DETECTION AND PREVENTION PHISHING ATTACKS

Computer Security Keeping you and your computer safe in the digital world.

G046 – Lecture 2A Recognising Web-Technologies Mr C Johnston ICT Teacher

Client-Side Malware Protection for your site

Escalation Of Ad Wars Boosts Malware Delivery

How do Web Applications Work?

Identity theft vector of the electronic age

Discover How Your Business Can Benefit from a Facebook Fanpage

Discover How Your Business Can Benefit from a Facebook Fanpage

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

Auditing Etsy The Security of Etsy

Unit 27 Web Server Scripting Extended Diploma in ICT

Presentation transcript:

Authors: Mona Gandhi, Markus Jakobsson, Jacob Ratkiewicz (Indiana University at Bloomington) Presented By: Lakshmy Mohanan

What are Badvertisements Facades and Dual Personality pages Making of a Badvertisement Hiding the implementation Prevention Economic impact Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Lecture: Click Fraud  Invalid Clicks  Types of Click Fraud  Why the Click Fraud detection techniques mentioned in the class will not work?  This is a type of Click Laundering mechanism. Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Code that silently generates automatic click-throughs on advertisement banners when users visit the site. Targeted at the unwitting advertiser Appear to be clicked by the legitimate users but are invisible to them. Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Easier than infecting a machine with malware. Not detected by click fraud detection algorithms (since it appears as if click originated from a valid user on an allowed webpage) No user complaints! Random enough to not get detected and wide spread enough to earn a lot of revenue. Worse for the advertiser : Ad is never even seen. Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Dual personality page  appears differently when viewed by different agents. Typically one “personality” of the page may be termed “good,” and the other “evil.” Façade  what the visitors see. Shows them content only, hiding advertisements and auto-clicking. Purpose is to hide the badvertisements from the users. Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Two parts of the attack: Delivery  Brings users to the corrupt information  Brings corrupt information to the users Execution  Causes the automated but invisible display of an advertisement to a targeted user Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Known ways to detect click fraud will not work Suspicious Java Script is hard to pinpoint Since crawlers ignore JavaScript Content 1) Large Number of Clicks from the same IP. 2) Statistically learning average click through rates for ads and then detecting deviations. What’s Worse than BAD: JavaScript can be obfuscated to the point that you have to execute the code to know what it does Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

From Ad Providers – (and Auditing Spiders) Assigning Unique IDs to visitors entering the dual-personality page via the Façade. When it is given no ID or a visited ID it shows its good side. From Clients Achieved by using the Dual Personality page. Camouflage rules  Don’t “click” all ads.  Chains of colluding sites  Detect if visitor is a human by using CAPTCHAs  Showing the Evil side only if the user has actually used the Façade. (Rather than just visiting it – like the spider)  Check users browser history to determine ‘safeness’  Use spam mails which link to a server that is not listed on search engines Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

These can be divided into two classes: Active:-  Active schemes that attempt to seek out instances of click fraud  Interacts with search engines, performs popular searches, and visits the resulting sites(posing as users.) Passive  Watch for click fraud in progress.  Suited for detection of -instigated click-fraud. Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Revenue for the fraudster is proportional to:  Risk Factor  Number of users attacked.  Probability of showing evil side  Probability that a user will visit the site repeatedly  Average benefit per click What we can Control:- Risk Factor Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Above graph shows how much a fraudster can earn given he carries out n attacks, each with a probability p of being instantly caught. (p increases as more counter measures are put in place) Reward per click is $1.00 Reward Per Click is $0.25 Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr

Pro  Detailed explanation of concepts  Explains in detail as to why this kind of an attack is a big deal Cons  Does not explain prevention of attacks in as much detail as the method to carry out the attacks  None of the methods of prevention offer 100% protection. Badvertisements: Stealthy Click-Fraud with Unwitting AccessoriesApr