Presentation on theme: "Understanding and Detecting Malicious Web Advertising"— Presentation transcript:
1 Understanding and Detecting Malicious Web Advertising Knowing Your EnemyUnderstanding and DetectingMalicious Web Advertising
2 Background Actors in Web Advertising Publishers Advertisers Audiences Other (ex: trackers)a) Direct Delivery b) Ad syndicationBackground
3 An Example An example delivery chain of a fake AV campaign. An ad delivered by adsloader.com.
5 Terminology Node, Path, and Domain-Path Malicious Node : A node that performs malicious activities on ad-delivery path is called malicious node.Malicious Path : we call any path containinga malicious node a malvertising path.Infected Publisher : The source node on malvertising path.Terminology
6 Measurement Results Encountered Malvertising Attacks : Three types of malvertising attacks takes a significant portion of all the attacks detectedThe average malvertising path length is 8.11 nodes, much longer than the average crawled ad path length of 3.59 nodesThe average life time of a particular malicious domain in our data is relatively short, ranging from 1 to 5 daysProperties of Malvertising Nodes :Node rolesDomain registrationURL patternsNode frequencyNode-pair frequencyMeasurement Results
7 Measurement Results Properties of Malvertising Paths: The use of ad syndicationPath distances among malicious nodesSummary of Findings :Malicious nodes tend to stay together, which helps for detection.Measurement Results
8 Mad Tracer Mad Tracer consists of two major components. Mad Tracer InfrastructureMad Tracer consists of two major components.The first component identifies malvertising paths by analyzing ad paths and their features.The second is an analyzer component that intensively monitors the infected publisher pages, so as to study cloaking techniques and to expand our detection results.Mad Tracer
10 Evaluation Results CONCLUSION : Mad Tracer works effectively against real-world malvertising activities: it caught 15 times as many malicious domain paths as Google Safe Browsing and Microsoft Forefront combined, and also discovered several large-scale malvertising campaigns, including a new type of click-fraud attack.A more detailed summary of findings will be released onEvaluation Results
Your consent to our cookies if you continue to use this website.