Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
158 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Dismantling Common Internet Services for Ad-Malware Detection (2404.14190v1)

Published 22 Apr 2024 in cs.NI and cs.CR

Abstract: Online advertising represents a main instrument for publishers to fund content on the World Wide Web. Unfortunately, a significant number of online advertisements often accommodates potentially malicious content, such as cryptojacking hidden in web banners - even on reputable websites. In order to protect Internet users from such online threats, the thorough detection of ad-malware campaigns plays a crucial role for a safe Web. Today, common Internet services like VirusTotal can label suspicious content based on feedback from contributors and from the entire Web community. However, it is open to which extent ad-malware is actually taken into account and whether the results of these services are consistent. In this pre-study, we evaluate who defines ad-malware on the Internet. In a first step, we crawl a vast set of websites and fetch all HTTP requests (particularly to online advertisements) within these websites. Then we query these requests both against popular filtered DNS providers and VirusTotal. The idea is to validate, how much content is labeled as a potential threat. The results show that up to 0.47% of the domains found during crawling are labeled as suspicious by DNS providers and up to 8.8% by VirusTotal. Moreover, only about 0.7% to 3.2% of these domains are categorized as ad-malware. The overall responses from the used Internet services paint a divergent picture: All considered services have different understandings to the definition of suspicious content. Thus, we outline potential research efforts to the automated detection of ad-malware. We further bring up the open question of a common definition of ad-malware to the Web community.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (18)
  1. Threats to Online Advertising and Countermeasures: A Technical Survey. Digital Threats 1, 2, Article 11 (May 2020), 27 pages.
  2. Cisco. 2024. Umbrella DNS User Guide. Retrieved January 1, 2024 from https://docs.umbrella.com/deployment-umbrella/docs/set-up-dns-security
  3. Cloudflare. 2024. 1.1.1.1 DNS resolver. Retrieved January 1, 2024 from https://developers.cloudflare.com/1.1.1.1/setup/
  4. Steven Englehardt and Arvind Narayanan. 2016. Online Tracking: A 1-million-site Measurement and Analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1388–1401.
  5. On the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android Malware. In Proceedings of the 13th International Conference, 2016, Vol. 9721. Springer, 142–162.
  6. Cloak of Visibility: Detecting When Machines Browse a Different Web. In IEEE Symposium on Security and Privacy, 2016. IEEE Computer Society, 743–758.
  7. Malwarebytes Labs. 2024. Malvertisers zoom in on cryptocurrencies and initial access. Retrieved January 1, 2024 from https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
  8. Knowing your enemy: understanding and detecting malicious web advertising. In the ACM Conference on Computer and Communications Security, 2012. ACM, 674–686.
  9. GeoEdge Ltd. 2024. Ad Quality Report Q3 2023. Retrieved January 1, 2024 from https://www.geoedge.com/q3-2023-ad-quality-report/
  10. Katti: An Extensive and Scalable Tool for Website Analyses. In Companion Proceedings of the ACM Web Conference 2023, WWW 2023. ACM, 217–220.
  11. Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines. In Proceedings of the Internet Measurement Conference, 2019. ACM, 478–485.
  12. Pi-hole. 2024. Network-wide ad blocking via your own Linux hardware. Retrieved January 1, 2024 from https://github.com/pi-hole
  13. Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation. In 26th Annual Network and Distributed System Security Symposium, 2019. The Internet Society.
  14. Quad9. 2024. An open DNS recursive service for free security and high privacy. Retrieved January 1, 2024 from https://www.quad9.net/
  15. Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection. ACM Trans. Priv. Secur. 24, 4 (2021), 25:1–25:35.
  16. VirusTotal. 2024. API v3 Overview. Retrieved January 1, 2024 from https://docs.virustotal.com/reference/overview
  17. Display Advertising with Real-Time Bidding (RTB) and Behavioural Targeting. CoRR abs/1610.03013 (2016).
  18. The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements. In Proceedings of the 2014 Internet Measurement Conference. ACM, 373–380.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets