Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malicious Advertisements

Published byAsbjørg Fredriksen Modified over 6 years ago

Similar presentations

Presentation on theme: "Malicious Advertisements"— Presentation transcript:

1 Malicious Advertisements
Boyu Ran and Ben Rothman

2 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

3 Focus Online Advertisement Mobile Advertisement

4 Online Advertisement Online Advertisement growing trend
aka Online Marketing or Internet Advertising Use internet to deliver promotional messages to consumers includes marketing, social media marketing , search engine marketing, display advertising and mobile advertising.

5 Actors in Web Advertising
publishers advertisers audiences others(ex: tracker)

6 Advertising Model Cost Per Click (CPC) / Pay Per Click (PPC)
Advertisers only pay when a user clicks the ad and is directed to the website Cost Per Mille (CPM) / Cost Per Impression (CPI) Advertisers pay for exposure (view) of their message to a specific audience

7 Major Types of Online Advertising
Search/Contextual Social networks and blogs Display

8 Search/Contextual Example

9 Social Networks Example

10 Display Ads Example

11 Comparison Benefits Drawbacks Display SEM(Search) Social Media
high visibility, effective behavioral and geographical targeting. blindness SEM(Search) Origination Inorganic Results Social Media Low Cost, Increased Visibility( push notification) TOS limitations

12 Mobile Advertising

13 Some Statistics!

14 Online Ads vs Mobile Ads
Source: Dynamic Logic Market Norms for Online

15 Online Ads vs Mobile Ads
Source: U.S. Bureau of Economic Analysis

16 Online Ads vs Mobile Ads
Source: Interactive Advertising Bureau

17 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

18 Problem Subject to illegal usage drive-by downloads
scamming (deceptive downloads) click-fraud (link hijacking) drive-by downloads - > when you visit a page, the malicious code will be downloaded in the background to your device. scamming - > fake anti-virus click-fraud -> a person who manually or use a script to click the add in order to increase his own ad revenue.

19 Drive-by Download Demo

20 Fake Antivirus Scam Demo

21 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

22 Challenge Little is known about the infrastructures used to deliver the malicious ad contents. The partner relations of ad entities are often determined dynamically Attackers use obfuscation of content and compromising ad networks Malicious ads exhibit different behaviors

23 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

24 Related Works (Ref Paper)
Detecting malvertisements: HTML redirection analysis (Stringhini et al. and Mekky et al.) High-interaction honeypots (Provos et al.) Flash-based malvertising analysis (Ford et al.) Restricting access: AdJail, AdSandbox, AdSentry Preventing click-hijacking (lots of related work)

25 Related Works(Primary)
previous work focus on controlling the behavior of ads in order to prevent malvertising. Stone-Gross fraudulent activities in online ad exchange Wang Ad distribution networks. Focus on network performance and user latency. None of them focus on network topology for malicious ad detection

26 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

27 Methodology Overview Collect ad samples
Use oracles to identify malvertisements Analyze trends in malvertisements

28 Methodology Collected the contents of 673,596 ad frames from:
Alexa top 10,000 websites Alexa bottom 10,000 websites Alexa 23,000 random websites over 3 months (used EasyList from AdBlock Plus to identify ads)

29 Methodology Identify suspicious activity
Wepawet - emulates browser, analyzes JS execution for anomaly-based detection of suspicious code Malware/Phishing blacklists - ads served from domains included in blacklists, used threshold of 5 blacklists to improve accuracy VirusTotal - if an ad tried to force the user to download a file, that file was analyzed with VirusTotal to classify file

30 Methodology Analyze properties of malvertisements
Are any particular ad networks used? Are any particular types of websites targeted? Does ad arbitration expose safe ad networks to malicious ads?

31 Results 6,601 malvertisements discovered, representing 1% of all ads analyzed

32 Ad Networks No matter how sophisticated the filtering used by ad networks, malicious ads will manage to infiltrate Some networks are better than others at prevent malvertisements relative to their popularity

33 Targets Website popularity

34 Targets Malicious ads target mainly .com, but all categories of website

35 Ad Arbitration Ad networks serving between each other make trusted ad networks vulnerable

36 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

37 MadTracer Two components first part analyze path and attributes
second part monitor publisher’s page and study cloaking techniques

38 Detection Methodology
Node annotation node popularity, role, domain registration info, and URL properties

39 Detection Methodology
Extract path segment and select a subset of them as training data to build detection rules based on decision tree

40 Detection Methodology
Uses rules to match against each ad-path to be detected. If matched, report as Malvertising path. Sent to analyzer for further analysis.

41 Evaluation MadTracer works effectively against real-world malvertising activities: it caught 15 times as many malicious domain paths as Google Safe Browsing and Microsoft Forefront combined.

42 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

43 Primary vs. Reference Paper
Primary Paper Reference Paper Duration of Experiment 3-month period Machine Learning Yes No Scale of Experiment Alexa’s top 90,000 web sites Alexa top 10,000, bottom 10,000, middle 23,000 Detection Method Google Safe-Browsing API, Microsoft Forefront, MadTracer Anomaly JS detection, domain blacklists, and malware in download requests Malvertising Defend Mechanism MadTracer (suggests using ad blocking, ad network collaboration, iframe sandboxing)

44 Web vs. Mobile Ads Web Ads Mobile Ads Channels
web servers ( web sites) Wifi SSID, SMS, QR Code, Contacts, Calendars, Etc. Basis of Advertising IP-based Geolocation-based Malvertising Detection Methods dynamic analysis static and dynamic analysis Malvertising Defend Mechanism MadTracer NoInjection Ad Serving Client Redirects Server Redirects

45 Web vs Mobile Ad Serving

46 Roadmap Background Problem Challenge Related works Reference Paper
MadTracer Comparison between Ref. and MadTracer Conclusions

47 Conclusion There are lots of attack vectors when it comes to ads, and they are a necessary risk for the economy of the web (primary and reference paper in agreement) No single approach will be sufficient, it requires work on the part of the browser developers, ad network managers, web/app developers to reduce risk of malvertising

48 Any Questions?

Download ppt "Malicious Advertisements"

Similar presentations

PhishZoo: Detecting Phishing Websites By Looking at Them

PhishZoo: Detecting Phishing Websites By Looking at Them
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.

Alex Crowell, Rutgers University Computer Science and Mathematics Advisor: Prof. Danfeng Yao, Computer Science Department.
Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008.

Group Session: Malvertising: How To Detect and Deal With Malicious Ads Mike Nolet admonsters Ad Ops 360 July 17 th 2008.
Understanding and Detecting Malicious Web Advertising

Understanding and Detecting Malicious Web Advertising
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
All Media ADS. About All Media ADS All Media ADS offers Internet advertising that provides innovative advertising and publishing solutions that speak.

All Media ADS. About All Media ADS All Media ADS offers Internet advertising that provides innovative advertising and publishing solutions that speak.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
chapter 9 Communication McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved.

chapter 9 Communication McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved.
Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.

Automated Web Patrol with Strider HoneyMonkeys Present by Zhichun Li.
Marketing and Advertising in E-Commerce

Marketing and Advertising in E-Commerce
Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.

Mobile App Monetization: Understanding the Advertising Ecosystem Vaibhav Rastogi.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Prof. Vishnuprasad Nagadevara Indian Institute of Management Bangalore

Prof. Vishnuprasad Nagadevara Indian Institute of Management Bangalore
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
1.Understand the decision-making process of consumer purchasing online. 2.Describe how companies are building one-to-one relationships with customers.

1.Understand the decision-making process of consumer purchasing online. 2.Describe how companies are building one-to-one relationships with customers.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang 2010/3/29.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Similar presentations

Ads by Google