Dismantling Common Internet Services for Ad-Malware Detection
- URL: http://arxiv.org/abs/2404.14190v1
- Date: Mon, 22 Apr 2024 13:59:37 GMT
- Title: Dismantling Common Internet Services for Ad-Malware Detection
- Authors: Florian Nettersheim, Stephan Arlt, Michael Rademacher,
- Abstract summary: We evaluate who defines ad-malware on the Internet.
Up to 0.47% of the domains found during crawling are labeled as suspicious by DNS providers.
Only about 0.7% to 3.2% of these domains are categorized as ad-malware.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Online advertising represents a main instrument for publishers to fund content on the World Wide Web. Unfortunately, a significant number of online advertisements often accommodates potentially malicious content, such as cryptojacking hidden in web banners - even on reputable websites. In order to protect Internet users from such online threats, the thorough detection of ad-malware campaigns plays a crucial role for a safe Web. Today, common Internet services like VirusTotal can label suspicious content based on feedback from contributors and from the entire Web community. However, it is open to which extent ad-malware is actually taken into account and whether the results of these services are consistent. In this pre-study, we evaluate who defines ad-malware on the Internet. In a first step, we crawl a vast set of websites and fetch all HTTP requests (particularly to online advertisements) within these websites. Then we query these requests both against popular filtered DNS providers and VirusTotal. The idea is to validate, how much content is labeled as a potential threat. The results show that up to 0.47% of the domains found during crawling are labeled as suspicious by DNS providers and up to 8.8% by VirusTotal. Moreover, only about 0.7% to 3.2% of these domains are categorized as ad-malware. The overall responses from the used Internet services paint a divergent picture: All considered services have different understandings to the definition of suspicious content. Thus, we outline potential research efforts to the automated detection of ad-malware. We further bring up the open question of a common definition of ad-malware to the Web community.
Related papers
- Attacking Vision-Language Computer Agents via Pop-ups [61.744008541021124]
We show that VLM agents can be easily attacked by a set of carefully designed adversarial pop-ups.
This distraction leads agents to click these pop-ups instead of performing the tasks as usual.
arXiv Detail & Related papers (2024-11-04T18:56:42Z) - Accessibility Issues in Ad-Driven Web Applications [3.9531869396416344]
Third-party advertisements (ads) are a vital revenue source for free web services, but they introduce significant accessibility challenges.
We conduct the first large-scale investigation of 430K website elements, including nearly 100K ad elements, to understand the accessibility of ads on websites.
arXiv Detail & Related papers (2024-09-27T09:50:06Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - MalDICT: Benchmark Datasets on Malware Behaviors, Platforms, Exploitation, and Packers [44.700094741798445]
Existing research on malware classification focuses almost exclusively on two tasks: distinguishing between malicious and benign files and classifying malware by family.
We have identified four tasks which are under-represented in prior work: classification by behaviors that malware exhibit, platforms that malware run on, vulnerabilities that malware exploit, and packers that malware are packed with.
We are releasing benchmark datasets for each of these four classification tasks, tagged using ClarAVy and comprising nearly 5.5 million malicious files in total.
arXiv Detail & Related papers (2023-10-18T04:36:26Z) - User Attitudes to Content Moderation in Web Search [49.1574468325115]
We examine the levels of support for different moderation practices applied to potentially misleading and/or potentially offensive content in web search.
We find that the most supported practice is informing users about potentially misleading or offensive content, and the least supported one is the complete removal of search results.
More conservative users and users with lower levels of trust in web search results are more likely to be against content moderation in web search.
arXiv Detail & Related papers (2023-10-05T10:57:15Z) - Targeted and Troublesome: Tracking and Advertising on Children's
Websites [10.066090482189015]
We measure the prevalence of trackers, fingerprinting scripts, and advertisements on child-directed websites.
Our results show that around 90% of child-directed websites embed one or more trackers, and about 27% contain targeted advertisements.
Next, we identify improper ads on child-directed websites by developing an ML pipeline that processes both images and text extracted from ads.
arXiv Detail & Related papers (2023-08-09T11:37:39Z) - The Devil is in the Details: Analyzing the Lucrative Ad Fraud Patterns of the Online Ad Ecosystem [2.1456348289599134]
Bad actors have found ways to circumvent restrictions, and generate substantial revenue that can support websites with objectionable or even illegal content.
We show how identifier pooling can redirect ad revenues from reputable domains to notorious domains serving objectionable content.
We publish a Web monitoring service that enhances the transparency of supply chains and business relationships between publishers and ad networks.
arXiv Detail & Related papers (2023-06-14T10:28:07Z) - Characterizing Malicious URL Campaigns [16.807162826069185]
URLs are central to a myriad of cyber-security threats, from phishing to the distribution of malware.
Their inherent ease of use and familiarity is continuously abused by attackers to evade defences and deceive end-users.
We refer to such behaviours as campaigns, with the hypothesis being that attacks are often coordinated to maximize success rates and develop evasion tactics.
arXiv Detail & Related papers (2021-08-29T01:00:44Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z) - Maat: Automatically Analyzing VirusTotal for Accurate Labeling and
Effective Malware Detection [71.84087757644708]
The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 scanners.
There are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies.
We implemented a method, Maat, that tackles these issues of standardization and sustainability by automatically generating a Machine Learning (ML)-based labeling scheme.
arXiv Detail & Related papers (2020-07-01T14:15:03Z) - adPerf: Characterizing the Performance of Third-party Ads [5.9535711951131205]
We apply an in-depth and first-of-a-kind performance evaluation of web ads.
We aim to characterize the cost by every component of an ad, so the publisher, ad syndicate, and advertiser can improve the ad's performance with detailed guidance.
arXiv Detail & Related papers (2020-02-06T02:09:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.