Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley.

Published byKathleen Bryant Modified over 6 years ago

Similar presentations

Presentation on theme: "Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley."— Presentation transcript:

1 Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces
Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley 姓名:应臣浩 学号:

2 Consider This…

3 Consider This…

4 The Problem Enormous effort toward analyzing malicious applications
App may itself be benign But may lead to malicious content through links App-web interface Links inside the app leading to web-content Not well-explored Types Advertisements Other links in app

5 Outline App-Web Interface Characteristics Solution Results Conclusion

6 Outline App-Web Interface Characteristics Solution Results Conclusion

7 App-Web Interface Characteristics
Can be highly dynamic A link may recursively redirect to another before leading to a final web page Links embedded in apps Can be dynamically generated Can lead to dynamic websites Advertisements Ad libraries create links dynamically Ad economics can lead to complex redirection chains

8 Advertising Overview

9 Ad Networks Ad libraries act as the interface between apps and ad network servers It is some embed code from ad networks It manages and serves advertisement Ad networks may interface with each other Syndication – One network asks another to fill ad space Ad exchange – Real-time auction of ad space

10 Outline App-Web Interface Characteristics Solution Results Conclusion
10

11 Solution Components Triggering: Interact with app to launch web links
Detection: Process the results to identify malicious content Provenance: Identify the origin of a detected malicious activity Attribute malicious content to domains and ad networks

12 Solution Architecture

13 Triggering Use AppsPlayground1
A gray box tool for app UI exploration Extracts features from displayed UI and iteratively generates a UI model A novel computer graphics-based algorithm for identifying buttons See widgets and buttons as a human would 1Rastogi, Vaibhav, Yan Chen, and William Enck. "AppsPlayground: automatic security analysis of smartphone applications.” In Proceedings of the third ACM conference on Data and application security and privacy, pp ACM, 2013.

14 Detection Automatically download content from landing pages
Use VirusTotal for detecting malicious files and URLs

15 Provenance How did the user come across an attack?
Code-level attribution App code Ad libraries Identified 201 ad libraries Redirection chain-level attribution Which URLs led to attack page or content

16 Outline App-Web Interface Characteristics Solution Results Conclusion

17 Results Deployments in US and China
600 K apps from Google Play and Chinese stores 1.4 M app-web links triggered 2,423 malicious URLs 706 malicious files

18 Case Study: Fake AV Scam
Multiple apps, one ad network: Tapcontext Ad network solely serving this scam campaign Phishing webpages detected by Google and other URL blacklists about 20 days after we detected first instance

19 Case Study: Free iPad Scam
Asked to give personal information without any return Origins at Mobclix and Tapfortap Ad exchanges Neither developers nor the primary ad networks likely aware of this

20 Case Study: iPad Scam from static link
Another Scam, this time through a static link embedded in app Link target opens in browser and redirects to scam Not affiliated with Facebook 20

21 Case Study: SMS Trojan Video Player
Ad from nobot.co.jp leads to download a movie player Player sends SMS messages to a premium number without user consent Click on ad

22 Outline App-Web Interface Characteristics Solution Results Conclusion

23 Limitations Incomplete detection Incomplete triggering
Antiviruses and URL blacklists are not perfect Incomplete triggering App UI can be very complex May still be sufficient to capture advertisements

24 Conclusion Benign apps can lead to malicious content
Provenance makes it possible to identify responsible parties Can provide a safer landscape for users Screening offending applications Holding ad networks accountable for content

25 Future Work Speeding up collection of ads
Goals of analyzing an order of magnitude more ads in shorter time

26 Thank you!

Download ppt "Are these Ads Safe: Detecting Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi, Rui Shao, Yan Chen, Xiang Pan, Shihong Zou, and Ryan Riley."

Similar presentations

Understanding and Detecting Malicious Web Advertising

Understanding and Detecting Malicious Web Advertising
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***

JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.

Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
HTTP: cookies and advertising Concepts to cover:  web page content (including ads) from multiple site: composition at client  cookies  third-party cookies:

HTTP: cookies and advertising Concepts to cover:  web page content (including ads) from multiple site: composition at client  cookies  third-party cookies:
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang 2010/3/29.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
2010.11.22 資安新聞簡報 報告者:劉旭哲、曾家雄. Spam down, but malware up 報告者:劉旭哲.

資安新聞簡報 報告者:劉旭哲、曾家雄. Spam down, but malware up 報告者:劉旭哲.
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
INTRODUCTION TO FRONTPAGE. TOPICS TO BE DISCUSSED……….  Introduction Introduction  Features Features  Starting Front Page Starting Front Page  Components.

INTRODUCTION TO FRONTPAGE. TOPICS TO BE DISCUSSED……….  Introduction Introduction  Features Features  Starting Front Page Starting Front Page  Components.
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.

Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Using Social Networks to Harvest Addresses Reporter: Chia-Yi Lin Advisor: Chun-Ying Huang Mail: 9/14/2015 1.

Using Social Networks to Harvest Addresses Reporter: Chia-Yi Lin Advisor: Chun-Ying Huang Mail: 9/14/
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.

Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.

Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.

Similar presentations

Ads by Google