are these ads safe detecting hidden attacks through
play

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web - PowerPoint PPT Presentation

Oct 16, 2023 •218 likes •490 views

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang

  1. Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang University 3 Northwestern University 4 Beijing University of Posts and Telecommunications 5 Qatar University

  2. Consider This… 2

  3. Consider This… 3

  4. The Problem • Enormous effort toward analyzing malicious applications • App may itself be benign • But may lead to malicious content through links • App-web interface • Links inside the app leading to web-content • Not well-explored • Types • Advertisements • Other links in app 4

  5. Outline App-Web Interface Characteristics Solution Results Conclusion 5

  6. Outline App-Web Interface Characteristics Solution Results Conclusion 6

  7. App-Web Interface Characteristics • Can be highly dynamic • A link may recursively redirect to another before leading to a final web page • Links embedded in apps • Can be dynamically generated • Can lead to dynamic websites • Advertisements • Ad libraries create links dynamically • Ad economics can lead to complex redirection chains 7

  8. Advertising Overview 8

  9. Ad Networks • Ad libraries act as the interface between apps and ad network servers • Ad networks may interface with each other • Syndication – One network asks another to fill ad space • Ad exchange – Real-time auction of ad space • App or original ad network may not have control on ads served 9

  10. Outline App-Web Interface Characteristics Solution Results Conclusion 10

  11. Solution Components • Triggering : Interact with app to launch web links • Detection : Process the results to identify malicious content • Provenance : Identify the origin of a detected malicious activity • Attribute malicious content to domains and ad networks 11

  12. Solution Architecture 12

  13. Triggering • Use AppsPlayground 1 • A gray box tool for app UI exploration • Extracts features from displayed UI and iteratively generates a UI model • A novel computer graphics-based algorithm for identifying buttons • See widgets and buttons as a human would 1 Rastogi, Vaibhav, Yan Chen, and William Enck. "AppsPlayground: automatic security analysis of smartphone applications.” In Proceedings of the third ACM conference on Data and application security and privacy , pp. 209-220. ACM, 2013. 13

  14. Detection • Automatically download content from landing pages • Use VirusTotal for detecting malicious files and URLs 14

  15. Provenance • How did the user come across an attack? • Code-level attribution • App code • Ad libraries • Identified 201 ad libraries • Redirection chain-level attribution • Which URLs led to attack page or content 15

  16. Outline App-Web Interface Characteristics Solution Results Conclusion 16

  17. Results • Deployments in US and China • 600 K apps from Google Play and Chinese stores • 1.4 M app-web links triggered • 2,423 malicious URLs • 706 malicious files 17

  18. Case Study: Fake AV Scam • Multiple apps, one ad network: Tapcontext • Ad network solely serving this scam campaign • Phishing webpages detected by Google and other URL blacklists about 20 days after we detected first instance 18

  19. Case Study: Free iPad Scam • Asked to give personal information without any return • New email address receiving spam ever since • Origins at Mobclix and Tapfortap • Ad exchanges • Neither developers nor the primary ad networks likely aware of this 19

  20. Case Study: iPad Scam from static link • Another Scam, this time through a static link embedded in app • Link target opens in browser and redirects to scam • Not affiliated with Facebook 20

  21. Case Study: SMS Trojan Video Player • Ad from nobot.co.jp leads to download a movie player • Player sends SMS messages to a premium number without user consent Click on ad 21

  22. Outline App-Web Interface Characteristics Solution Results Conclusion 22

  23. Limitations • Incomplete detection • Antiviruses and URL blacklists are not perfect • Our work DroidChameleon 2 shows this • Incomplete triggering • App UI can be very complex • May still be sufficient to capture advertisements 2 Rastogi, Vaibhav, Yan Chen, and Xuxian Jiang. "Catch me if you can: Evaluating android anti-malware against transformation attacks." Information Forensics and Security, IEEE Transactions on 9.1 (2014): 99-108. 23

  24. Conclusion • Benign apps can lead to malicious content • Provenance makes it possible to identify responsible parties • Can provide a safer landscape for users • Screening offending applications • Holding ad networks accountable for content • Working with CNCERT to improve the situation 24

  25. Future Work • Speeding up collection of ads • Goals of analyzing an order of magnitude more ads in shorter time 25

  26. Software and Dataset • Dataset of 201 ad libraries: http://bit.ly/adlibset • New release of AppsPlayground: http://bit.ly/appsplayground 26

  27. Thank you! 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Master Defense Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS) Presented by: Niclas Bewermeier Electrical and Computer December 14, 2018 Engineering Detecting Sybil Attacks using Proofs of

510 views • 49 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
Countering Hidden-Action Attacks on Networked Systems Tyler Moore University of Cambridge

Countering Hidden-Action Attacks on Networked Systems Tyler Moore University of Cambridge

Motivation Social Capital Hidden-Action Attacks Discussion & Conclusions Countering Hidden-Action Attacks on Networked Systems Tyler Moore University of Cambridge Workshop on the Economics of Information Security, 2005 Tyler Moore

215 views • 18 slides
Detecting Power Attacks on Reconfigurable Hardware Adrien Le Masle Wayne Luk Department of

Detecting Power Attacks on Reconfigurable Hardware Adrien Le Masle Wayne Luk Department of

Detecting Power Attacks on Reconfigurable Hardware Adrien Le Masle Wayne Luk Department of Computing Imperial College London, UK 22 nd International Conference on Field Programmable Logic and Applications A. Le Masle and W. Luk Detecting

285 views • 24 slides
ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances

ICANN 50 Detecting Distributed DNS Attacks Utilizing Levenshtein String Distances Nils Clausen, M.Sc. University Lecturer n.clausen@ium.edu.na Detecting Distributed DNS Attacks Utilizing Levenshtein String

328 views • 14 slides
Detecting Hidden Anomalies in DNS Communication CZ.NIC Ondrej Mikle-Barat / ondrej.mikle@nic.cz

Detecting Hidden Anomalies in DNS Communication CZ.NIC Ondrej Mikle-Barat / ondrej.mikle@nic.cz

Detecting Hidden Anomalies in DNS Communication CZ.NIC Ondrej Mikle-Barat / ondrej.mikle@nic.cz Karel Slan / karel.slany@nic.cz 18. 10. 2011 1 Outline Motivation Method description original work algorithm DNS specifics

366 views • 18 slides
Detecting Zero-Day Attacks in Web Server Requests Dr. Melissa Danforth Dept. of Computer &

Detecting Zero-Day Attacks in Web Server Requests Dr. Melissa Danforth Dept. of Computer &

WCIS: A Prototype for Detecting Zero-Day Attacks in Web Server Requests Dr. Melissa Danforth Dept. of Computer & Electrical Engineering & Computer Science California State University, Bakersfield Presentation Outline Web

217 views • 20 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
Abusing Wi-Fi Beacons and Detecting & Preventing Attacks Mathy Vanhoef, Prasant Adhikari, and

Abusing Wi-Fi Beacons and Detecting & Preventing Attacks Mathy Vanhoef, Prasant Adhikari, and

Abusing Wi-Fi Beacons and Detecting & Preventing Attacks Mathy Vanhoef, Prasant Adhikari, and Christina Ppper. With special thanks to various IEEE members. Black Hat Webcast, 17 September 2020. Background: beacons Wi-Fi networks use

798 views • 42 slides
Detecting Attacks, Part 2 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Detecting Attacks, Part 2 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Detecting Attacks, Part 2 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 14, 2011 Announcements Talk of possible interest next Monday:

492 views • 23 slides
Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe

Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe

Detecting distributed attacks using distributed processing frameworks RP2 #59 Sudesh Jethoe Overview Introduction Problem Description Research Questions Method Results Conclusion Introduction

549 views • 38 slides
A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk

A Machine Learning Approach for Detecting Distributed Denial of Service Attacks Tanaphon Roempluk Master's degree studying Majoring in Information technology Faculty of informatics, Mahasarakham University The 4th International Conference on

207 views • 17 slides
SurFi: Detecting Surveillance Camera Looping Attacks with Wi-Fi Channel State Information Nitya

SurFi: Detecting Surveillance Camera Looping Attacks with Wi-Fi Channel State Information Nitya

SurFi: Detecting Surveillance Camera Looping Attacks with Wi-Fi Channel State Information Nitya Lakshmanan * , Inkyu Bang + , Min Suk Kang * , Jun Han * , Jong Taek Lee # * National University of Singapore, + Agency for Defense Development, #

578 views • 36 slides
Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs:

Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 7, 2010 The Problem

580 views • 28 slides
Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman, Yacine Chakhchoukh and Frederick T. Sheldon Departments of Computer Science and Electrical & Computer Engineering, University of Idaho, Moscow

425 views • 20 slides
Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V. Mahoney Philip K. Chan Intrusion Detection Systems. Is data x hostile? Signature - models known hostile behavior: P( x |attack) Good: low

237 views • 22 slides
CSE 158 Lecture 15 Web Mining and Recommender Systems AdWords Advertising 1. We cant

CSE 158 Lecture 15 Web Mining and Recommender Systems AdWords Advertising 1. We cant

CSE 158 Lecture 15 Web Mining and Recommender Systems AdWords Advertising 1. We cant recommend everybody the same thing (even if they all want it!) So far, we have an algorithm that takes budgets into account, so that users are

612 views • 58 slides
ana Project Outlook autonomic network architecture ANA is funded by the European Union in

ana Project Outlook autonomic network architecture ANA is funded by the European Union in

The ANA Project: "Federating networks" EuroView Workshop Wrzburg, July 2008 ana Project Outlook autonomic network architecture ANA is funded by the European Union in FP6. 4 years: January 2006 to December 2009. 10

292 views • 7 slides
FCCN: Network and Services Gavle, 7 May 2008 RCTS RCTS (Rede Cincia Tecnologia e

FCCN: Network and Services Gavle, 7 May 2008 RCTS RCTS (Rede Cincia Tecnologia e

FCCN: Network and Services Gavle, 7 May 2008 RCTS RCTS (Rede Cincia Tecnologia e Sociedade) Science Technology and Society Network Portuguese NREN Managed by FCCN Private Non-Profit Foundation Financed by Ministry

510 views • 32 slides
Rural wireless networks Internet access networks, in aDSL white spots The RAN acronym The scheme

Rural wireless networks Internet access networks, in aDSL white spots The RAN acronym The scheme

Le Net du Kermeur Rural wireless networks Internet access networks, in aDSL white spots The RAN acronym The scheme that comprizes of serving rural areas thanks to WLAN links was presented to the Conseil Gnral of T arn in 1998 by

679 views • 23 slides
Ad-hoc Task Team on Space weather Information Service for Aviation (TT-AVI) Site assessment and

Ad-hoc Task Team on Space weather Information Service for Aviation (TT-AVI) Site assessment and

Ad-hoc Task Team on Space weather Information Service for Aviation (TT-AVI) Site assessment and audit of prospective space weather information providers Second meeting of the Inter-Programme Team on Space Weather Information, Systems and

310 views • 26 slides
Homogeneous spaces and Wadge theory Sandra M uller Universit at Wien January 2019 joint

Homogeneous spaces and Wadge theory Sandra M uller Universit at Wien January 2019 joint

Homogeneous spaces and Wadge theory Sandra M uller Universit at Wien January 2019 joint work with Rapha el Carroy and Andrea Medini Arctic Set Theory Workshop 4 Sandra M uller (Universit at Wien) Homogeneous spaces and Wadge

1.1k views • 77 slides
The Joint Effort for Data assimilation Integration Observation Operators (Unified Forward

The Joint Effort for Data assimilation Integration Observation Operators (Unified Forward

The Joint Effort for Data assimilation Integration Observation Operators (Unified Forward Operators, UFO) Joint Center for Satellite Data Assimilation (JCSDA) Unified Forward Operators (UFO) Main idea: have forward operators as independent

655 views • 19 slides
Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA, projet CODES Outline 1 Introduction 2 A first algorithm 3 A more efficient version 4 Benchmarks Part 1 Introduction Boolean functions and

579 views • 24 slides

More recommend