are these ads safe detec ng hidden a4acks through mobile
play

Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web - PowerPoint PPT Presentation

Feb 24, 2024 •170 likes •481 views

Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang

  1. Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang University 3 Northwestern University 4 Beijing University of Posts and TelecommunicaJons 5 Qatar University

  2. Consider This… 2

  3. Consider This… 3

  4. The Problem • Enormous effort toward analyzing malicious applicaJons • App may itself be benign • But may lead to malicious content through links • App-web interface • Links inside the app leading to web-content • Not well-explored • Types • AdverJsements • Other links in app 4

  5. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 5

  6. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 6

  7. App-Web Interface Characteris/cs • Can be highly dynamic • A link may recursively redirect to another before leading to a final web page • Links embedded in apps • Can be dynamically generated • Can lead to dynamic websites • AdverJsements • Ad libraries create links dynamically • Ad economics can lead to complex redirecJon chains 7

  8. Adver/sing Overview 8

  9. Ad Networks • Ad libraries act as the interface between apps and ad network servers • Ad networks may interface with each other • SyndicaJon – One network asks another to fill ad space • Ad exchange – Real-Jme aucJon of ad space • App or original ad network may not have control on ads served 9

  10. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 10

  11. Solu/on Components • Triggering : Interact with app to launch web links • Detec*on : Process the results to idenJfy malicious content • Provenance : IdenJfy the origin of a detected malicious acJvity • A_ribute malicious content to domains and ad networks 11

  12. Solu/on Architecture 12

  13. Triggering • Use AppsPlayground 1 • A gray box tool for app UI exploraJon • Extracts features from displayed UI and iteraJvely generates a UI model • A novel computer graphics-based algorithm for idenJfying bu_ons • See widgets and bu_ons as a human would 1 Rastogi, Vaibhav, Yan Chen, and William Enck. "AppsPlayground: automaJc security analysis of smartphone applicaJons.” In Proceedings of the third ACM conference on Data and applica6on security and privacy , pp. 209-220. ACM, 2013. 13

  14. Detec/on • AutomaJcally download content from landing pages • Use VirusTotal for detecJng malicious files and URLs 14

  15. Provenance • How did the user come across an a_ack? • Code-level a_ribuJon • App code • Ad libraries • Iden*fied 201 ad libraries • RedirecJon chain-level a_ribuJon • Which URLs led to a_ack page or content 15

  16. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 16

  17. Results • Deployments in US and China • 600 K apps from Google Play and Chinese stores • 1.4 M app-web links triggered • 2,423 malicious URLs • 706 malicious files 17

  18. Case Study: Fake AV Scam • MulJple apps, one ad network: Tapcontext • Ad network solely serving this scam campaign • Phishing webpages detected by Google and other URL blacklists about 20 days aier we detected first instance 18

  19. Case Study: Free iPad Scam • Asked to give personal informaJon without any return • New email address receiving spam ever since • Origins at Mobclix and Tapfortap • Ad exchanges • Neither developers nor the primary ad networks likely aware of this 19

  20. Case Study: iPad Scam from sta/c link • Another Scam, this Jme through a staJc link embedded in app • Link target opens in browser and redirects to scam • Not affiliated with Facebook 20

  21. Case Study: SMS Trojan Video Player • Ad from nobot.co.jp leads to download a movie player • Player sends SMS messages to a premium number without user consent Click on ad 21

  22. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 22

  23. Limita/ons • Incomplete detecJon • AnJviruses and URL blacklists are not perfect • Our work DroidChameleon 2 shows this • Incomplete triggering • App UI can be very complex • May sJll be sufficient to capture adverJsements 2 Rastogi, Vaibhav, Yan Chen, and Xuxian Jiang. "Catch me if you can: EvaluaJng android anJ-malware against transformaJon a_acks." Informa6on Forensics and Security, IEEE Transac6ons on 9.1 (2014): 99-108. 23

  24. Conclusion • Benign apps can lead to malicious content • Provenance makes it possible to idenJfy responsible parJes • Can provide a safer landscape for users • Screening offending applicaJons • Holding ad networks accountable for content • Working with CNCERT to improve the situaJon 24

  25. Future Work • Speeding up collecJon of ads • Goals of analyzing an order of magnitude more ads in shorter Jme 25

  26. SoOware and Dataset • Dataset of 201 ad libraries: h_p://bit.ly/adlibset • New release of AppsPlayground: h_p://bit.ly/appsplayground 26

  27. Thank you! 27

  28. Backup 28

  29. Related Work • Web MalverJsing • Other ad security and Privacy • UI exploraJon • Malware analysis and detecJon 29

  30. Comparison with Web Malver/sing • Focus on mobile applicaJons • Triggering component for web malverJsing is trivial • Different malware propagaJon mechanisms: drive- by-downloads vs. trojans 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 ,

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 ,

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang

490 views • 27 slides
Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson KarlAnders Johansson FatSkunk 1 Market forecast for mobile More smartphones than PCs in 23 years Dominant pla@orms targeted 4G will fuel

790 views • 16 slides
T ruth in Advertising: The Hidden Cost of Mobile Ads for Software Developers Jiaping Gui

T ruth in Advertising: The Hidden Cost of Mobile Ads for Software Developers Jiaping Gui

T ruth in Advertising: The Hidden Cost of Mobile Ads for Software Developers Jiaping Gui (jgui@usc.edu), , Stuart t Mcil ilroy, , Meiy iyappa pan Nagapp ppan an, , Will lliam iam G.J. Half lfond ond This work was supported by NSF

377 views • 27 slides
Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on (SED) Time ime Pres esent entation ion 11:10 11:30 Task Overview (NIST) Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa) 11:50 12:10 Dublin City

674 views • 28 slides
Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Online Cryptography Course

1.02k views • 62 slides
Safe Driving Techniques Road Safety Management Use of mobile phones Safe Driving Policy

Safe Driving Techniques Road Safety Management Use of mobile phones Safe Driving Policy

Safe Driving Techniques Road Safety Management Use of mobile phones Safe Driving Policy Driving License checks / Driving on School penalty points Premises Tiredness whilst driving Weekly Vehicle Condition Checks Van

161 views • 14 slides
Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about Nearest Neighbor Nave Bayes Logis)c Regression Boos)ng We saw face

707 views • 36 slides
Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0 1 1 0 0 0 1 1 0 1 1 0 1 1 1 1 0 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 1 0 CSCI 466: Networks Keith Vertanen

461 views • 27 slides
OverFeat Integrated Recogni.on, Localiza.on and Detec.on using

OverFeat Integrated Recogni.on, Localiza.on and Detec.on using

OverFeat Integrated Recogni.on, Localiza.on and Detec.on using Convolu.onal Networks Sermanet et. al Presenta.on by Eric Holmdahl Roadmap 1. Goal 2. Background

743 views • 47 slides
1/24/14 February 7, 2014 Fraud Detec/on and Preven/on

1/24/14 February 7, 2014 Fraud Detec/on and Preven/on

1/24/14 February 7, 2014 Fraud Detec/on and Preven/on Presented by: Steve Wischmann, CPA, CFE, CFF, CCFE, MAFF Agenda 1. Actual Minnesota School Cases in the

497 views • 12 slides
DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements Youngjune Gwon, H. T. Kung, and Dario Vlah Harvard University August 9, 2011 Understanding

415 views • 17 slides
Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S. Ocariza, Jr., Karthik PaAabiraman and Ali Mesbah University of British Columbia Most popular

504 views • 37 slides
Character Codes and Error Detec=on 2 Homework #1

Character Codes and Error Detec=on 2 Homework #1

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Character Codes and Error Detec=on 2 Homework #1

456 views • 17 slides
2012 TRECVID Workshop Mul$media Event Detec$on Task Jonathan

2012 TRECVID Workshop Mul$media Event Detec$on Task Jonathan

Mul$media Event Detec$on Task Time ime Pres esent entation ion Task Overview (NIST) 9:20 9:40 9:40 10:00 Access to Audiovisual Media (AXES) 10:00 10:20 SRI International; Sarnoff Corporation (Aurora) Break in the

549 views • 21 slides
Edge Detec)on CSE 576 Ali Farhadi Many slides from Steve

Edge Detec)on CSE 576 Ali Farhadi Many slides from Steve

Edge Detec)on CSE 576 Ali Farhadi Many slides from Steve Seitz and Larry Zitnick Edge ABneave's Cat (1954) Origin of edges surface normal discontinuity depth

556 views • 40 slides
Z d Actions on the Cantor Set: Approximation, Rohlin Properties and Recursion Theory Michael

Z d Actions on the Cantor Set: Approximation, Rohlin Properties and Recursion Theory Michael

Z d Actions on the Cantor Set: Approximation, Rohlin Properties and Recursion Theory Michael Hochman Princeton University hochman @ math.princeton.edu AMS joint meeting, Washington DC, January 2009 Z d actions We want to understand the

761 views • 27 slides
Team Number: 11 Executive Summary The pandemic has accelerated the prioritization of wellness and

Team Number: 11 Executive Summary The pandemic has accelerated the prioritization of wellness and

Space Utilization & Metrics Team Number: 11 Executive Summary The pandemic has accelerated the prioritization of wellness and safety in corporate offices AND increased utilization of technology to enable (knowledge) workers to be productive

447 views • 9 slides
MapReduce and Frequent Itemsets Mining Yang Wang 1 MapReduce (Hadoop) Programming model

MapReduce and Frequent Itemsets Mining Yang Wang 1 MapReduce (Hadoop) Programming model

MapReduce and Frequent Itemsets Mining Yang Wang 1 MapReduce (Hadoop) Programming model designed for: Large Datasets (HDFS) Large files broken into chunks Chunks are replicated on different nodes Easy Parallelization Takes

1.09k views • 80 slides
Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA, projet CODES Outline 1 Introduction 2 A first algorithm 3 A more efficient version 4 Benchmarks Part 1 Introduction Boolean functions and

579 views • 24 slides
The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why a Mobile Application Code? Extend the NAI compliance program into the mobile application space Provide extra flexibility for this rapidly

319 views • 18 slides
The SeibergWitten theory Coulomb phase of N = 1 SO ( N ) N = 1, SO ( N ) F = N 2: SO ( N )

The SeibergWitten theory Coulomb phase of N = 1 SO ( N ) N = 1, SO ( N ) F = N 2: SO ( N )

The SeibergWitten theory Coulomb phase of N = 1 SO ( N ) N = 1, SO ( N ) F = N 2: SO ( N ) SU ( F = N 2) U (1) R 0 generic point in the classical moduli space SO ( N ) SO (2) U (1) homomorphic U (1) coupling = YM 2 +

680 views • 54 slides
Recent analytical and numerical studies of asymptotically AdS spacetimes in spherical symmetry

Recent analytical and numerical studies of asymptotically AdS spacetimes in spherical symmetry

Recent analytical and numerical studies of asymptotically AdS spacetimes in spherical symmetry Maciej Maliborski and Andrzej Rostworowski Institute of Physics, Jagiellonian University, Krak ow New frontiers in dynamical gravity, Cambridge,

386 views • 21 slides
Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir

Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir

Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir energies in higher spin AdS d +1 /CFT d arXiv:1402.5396 with S. Giombi and I. Klebanov Higher spins in AdS 5 at one loop: vacuum energy, boundary

937 views • 57 slides

More recommend