NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking - - PowerPoint PPT Presentation

nomoads
SMART_READER_LITE
LIVE PREVIEW

NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking - - PowerPoint PPT Presentation

Oct 09, 2022 569 likes •862 views

NoMoAds: Effective and Efficient Cross-App Mobile Ad-Blocking Anastasia Shuba Athina Markopoulou Zubair Shafiq UC Irvine UC Irvine University of Iowa Motivation Issues with Mobile Ads: 1. Intrusive 2. Overhead 3. Tracking 4. Malware

slide-1
SLIDE 1

NoMoAds:

Effective and Efficient Cross-App Mobile Ad-Blocking

Anastasia Shuba UC Irvine Athina Markopoulou UC Irvine Zubair Shafiq University of Iowa

slide-2
SLIDE 2

Motivation

Issues with Mobile Ads:

  • 1. Intrusive
  • 2. Overhead
  • 3. Tracking
  • 4. Malware
  • NoMoAds. Shuba et al.

2

slide-3
SLIDE 3

Background: Ads & Ad-Blocking

  • NoMoAds. Shuba et al.

3

Get ad!

EasyList (~64K rules)

slide-4
SLIDE 4

Background: Related Work

  • NoMoAds. Shuba et al.

4

Detects Ads Automated Fine- Grained Mobile- Specific Cross-App Runs on Device DNS66, Disconnect, etc.

 × ×   

[Razaghpanah et al. NDSS ‘18]

  ×   

ReCon [Ren et al. MobiSys ‘16]

×     ×

NoMoAds

     

AdblockPlus

 ×  ×  

86% of Ad-Blocking Apps

 ×  × × 

slide-5
SLIDE 5

NoMoAds Design

  • NoMoAds. Shuba et al.

5

Effectiveness Efficiency

Built on top of AntMonitor Avoid Java parsing

AntMonitor [Shuba et al. ‘16]

Ad Request

No Ad Request Classifier NoMoAds Trained on mobile ads Uses ML Per-packet Trained on mobile data Detects Ads Automated Fine- Grained Mobile- Specific Cross-App Runs on Device VPN-based solution VPN app, no server

slide-6
SLIDE 6

System Overview

  • NoMoAds. Shuba et al.

6

slide-7
SLIDE 7

Data Collection

  • Tested 50 most popular apps that serve ads
  • Used EasyList as a starting point
  • NoMoAds. Shuba et al.

7

Interact with the app for 5 min Interact with the app for 5 min Save packet traces + labels Delete rule Create and add new rule

Different ad shown Same ad shown

slide-8
SLIDE 8

The NoMoAds Dataset

  • Apps: 50
  • Packets: >15k
  • Packets with ads: >4.5k
  • Ad libraries: 41
  • Good coverage: all libraries

that account for at least 2%

  • f installs
  • NoMoAds. Shuba et al.

8

  • First mobile ads dataset
  • Using EasyList (and/or other lists) is not enough:
  • EasyList fails to detect >37% of ad requests
  • Detects ads generated by two of the most popular ad libraries (AdMob and MoPub)
  • Have desktop counterparts: Google owns AdMob, and Twitter owns MoPub
  • Fails to detect ads generated by libraries such as UnityAds and AppsFlyer

Available on our website! http://athinagroup.eng.uci.edu/projects/nomoads/

slide-9
SLIDE 9

System Overview

  • NoMoAds. Shuba et al.

9

slide-10
SLIDE 10

Training: Feature Selection

  • NoMoAds. Shuba et al.

10

Approaches Under Comparison F1 score (%) Number of Initial Features Training Time (ms) Tree Size Ad- blocking lists

EasyList: URL + Content Type + HTTP Referer 77.1 63,977 N/A N/A hpHosts: Host 61.7 47,557 N/A N/A AdAwayHosts: Host 58.1 409 N/A N/A

NoMoAds with Different Sets of Features

Destination IP + Port 87.6 2 298 304 Domain 86.3 1 26 1 Path Component of URL 92.7 3,557 424,986 188 URL 93.7 4,133 483,224 196 URL+Headers 96.3 5,320 755,202 274 URL+Headers+PII 96.9 5,326 770,015 277 URL+Headers+Apps+PII 97.7 5,327 555,126 223 URL+Headers+Apps 97.8 5,321 635,400 247

slide-11
SLIDE 11

Training

  • Built on ReCon – a system for detecting privacy leaks in mobile packets
  • NoMoAds. Shuba et al.

11

GET /m/ad?v=6&id=…&bundle=com.BeresnevGames.Knife… &o=p&w=1440&h=2560&sc_a=3.5&ct=2&av=1.5&udid=ifa …&dnt=0&mr=1&android_perms_ext_storage=0 Host: ads.mopub.com\r\n 1) /m/ 2) /ad? 3) ?v= 4) &id= 5) &w= 6) &h= 7) &dnt= 8) ads.mopub.com\r\n Ad Request

No Ad Request

Packet

Classifier

slide-12
SLIDE 12

Training

  • Built on ReCon – a system for detecting privacy leaks in mobile packets
  • NoMoAds. Shuba et al.

12

GET /m/ad?v=6&id=…&bundle=com.BeresnevGames.Knife… &o=p&w=1440&h=2560&sc_a=3.5&ct=2&av=1.5&udid=ifa …&dnt=0&mr=1&android_perms_ext_storage=0 Host: ads.mopub.com\r\n 1) /m/ 2) /ad? 3) ?v= 4) &id= 5) &w= 6) &h= 7) &dnt= 8) ads.mopub.com\r\n 9) /network_ads_common 10) www.facebook.com\r\n Ad Request

No Ad Request Classifier

slide-13
SLIDE 13

Training: Feature Selection

  • NoMoAds. Shuba et al.

13

Approaches Under Comparison F1 score (%) Number of Initial Features Training Time (ms) Tree Size Ad- blocking lists

EasyList: URL + Content Type + HTTP Referer 77.1 63,977 N/A N/A hpHosts: Host 61.7 47,557 N/A N/A AdAwayHosts: Host 58.1 409 N/A N/A

NoMoAds with Different Sets of Features

Destination IP + Port 87.6 2 298 304 Domain 86.3 1 26 1 URL 93.7 4,133 483,224 196

slide-14
SLIDE 14

Training: Feature Selection

  • NoMoAds. Shuba et al.

14

Approaches Under Comparison F1 score (%) Number of Initial Features Training Time (ms) Tree Size Ad- blocking lists

EasyList: URL + Content Type + HTTP Referer 77.1 63,977 N/A N/A hpHosts: Host 61.7 47,557 N/A N/A AdAwayHosts: Host 58.1 409 N/A N/A

NoMoAds with Different Sets of Features

Destination IP + Port 87.6 2 298 304 Domain 86.3 1 26 1 URL 93.7 4,133 483,224 196 URL+Headers 96.3 5,320 755,202 274

slide-15
SLIDE 15

Training: Feature Selection

  • NoMoAds. Shuba et al.

15

Approaches Under Comparison F1 score (%) Number of Initial Features Training Time (ms) Tree Size Ad- blocking lists

EasyList: URL + Content Type + HTTP Referer 77.1 63,977 N/A N/A hpHosts: Host 61.7 47,557 N/A N/A AdAwayHosts: Host 58.1 409 N/A N/A

NoMoAds with Different Sets of Features

Destination IP + Port 87.6 2 298 304 Domain 86.3 1 26 1 URL 93.7 4,133 483,224 196 URL+Headers 96.3 5,320 755,202 274 URL+Headers+PII 96.9 5,326 770,015 277

slide-16
SLIDE 16

Training: Feature Selection

  • NoMoAds. Shuba et al.

16

Approaches Under Comparison F1 score (%) Number of Initial Features Training Time (ms) Tree Size Ad- blocking lists

EasyList: URL + Content Type + HTTP Referer 77.1 63,977 N/A N/A hpHosts: Host 61.7 47,557 N/A N/A AdAwayHosts: Host 58.1 409 N/A N/A

NoMoAds with Different Sets of Features

Destination IP + Port 87.6 2 298 304 Domain 86.3 1 26 1 URL 93.7 4,133 483,224 196 URL+Headers 96.3 5,320 755,202 274 URL+Headers+PII 96.9 5,326 770,015 277 URL+Headers+Apps+PII 97.7 5,327 555,126 223

slide-17
SLIDE 17

Training: Feature Selection

  • NoMoAds. Shuba et al.

17

Approaches Under Comparison F1 score (%) Number of Initial Features Training Time (ms) Tree Size Ad- blocking lists

EasyList: URL + Content Type + HTTP Referer 77.1 63,977 N/A N/A hpHosts: Host 61.7 47,557 N/A N/A AdAwayHosts: Host 58.1 409 N/A N/A

NoMoAds with Different Sets of Features

Destination IP + Port 87.6 2 298 304 Domain 86.3 1 26 1 URL 93.7 4,133 483,224 196 URL+Headers 96.3 5,320 755,202 274 URL+Headers+PII 96.9 5,326 770,015 277 URL+Headers+Apps+PII 97.7 5,327 555,126 223 URL+Headers+Apps 97.8 5,321 635,400 247

slide-18
SLIDE 18

Training: The Decision Tree

  • NoMoAds. Shuba et al.

18

slide-19
SLIDE 19

Training: The Decision Tree

  • NoMoAds. Shuba et al.

19

slide-20
SLIDE 20

Training: Summary

  • The more information we use, the better the F1 score
  • Classifier trained on URL+Headers+PII perform well
  • Split test and training sets:
  • Based on packets: 96.9% F1 score
  • Based on apps: 70% of apps have an F1 score ≥ 80%
  • Based on ad libraries: 100% F1 score, even with library overlap below 100%
  • NoMoAds. Shuba et al.

20

Code available on our website! http://athinagroup.eng.uci.edu/projects/nomoads/

slide-21
SLIDE 21

System Overview

  • NoMoAds. Shuba et al.

21

slide-22
SLIDE 22

Applying Classifiers to Packets

  • NoMoAds. Shuba et al.

22

GET /m/ad?v=6&id=…&bundle=com.BeresnevGames.Knife… &o=p&w=1440&h=2560&sc_a=3.5&ct=2&av=1.5&udid=ifa …&dnt=0&mr=1&android_perms_ext_storage=0 Host: ads.mopub.com\r\n 1) GET 2) /m/ 3) /ad? 4) ?v= 5) =6& 6) &id= 7) &w= 8) &h= 9) &dnt= 10) ads.mopub.com\r\n

How to avoid this parsing step?

slide-23
SLIDE 23

Applying Classifiers to Packets

  • NoMoAds. Shuba et al.

23

1) &dnt= 2) ads.mopub.com\r\n 3) &model= 4) &ifa= 5) /api/ 6) /native/ 7) cdn.outfit7.com\r\n 8) /soft/ 9)

  • khttp/

10) &device_id= 11) com.smule.singandroid/ 12) helpgrid1.ksmobile.com\r\n 13) boundary= 14) ….

slide-24
SLIDE 24

Applying Classifiers to Packets

  • NoMoAds. Shuba et al.

24

GET /m/ad?v=6&id=…&bundle=com.BeresnevGames.Knife… &o=p&w=1440&h=2560&sc_a=3.5&ct=2&av=1.5&udid=ifa …&dnt=0&mr=1&android_perms_ext_storage=0 Host: ads.mopub.com\r\n 1) &dnt= 2) ads.mopub.com\r\n 3) &model= 4) &ifa= 5) /api/ 6) /native/ 7) cdn.outfit7.com\r\n 8) /soft/ 9)

  • khttp/

10) &device_id= 11) com.smule.singandroid/ 12) helpgrid1.ksmobile.com\r\n 13) boundary= 14) …. 1) &dnt= 2) ads.mopub.com\r\n

slide-25
SLIDE 25

Applying Classifiers to Packets: Evaluation

  • First time on-device per-packet classification in real-time
  • Setup
  • Timed how long prediction takes on a Nexus 6
  • Fed 10 HTTP packets of varying sizes (between 300-2000B), repeated 100

times

  • Results:
  • Extracting features and applying the DT classifier: 2.96 ± 2.07 ms
  • Most of the delay from applying the classifier
  • Recent improvement: 1.87 ± 0.77 ms
  • NoMoAds. Shuba et al.

25

slide-26
SLIDE 26

Conclusion & Future Directions

  • NoMoAds: cross-app mobile ad-blocker
  • Effective and efficient machine learning on the mobile device

Future Directions

  • Larger dataset
  • Detect app breakage
  • Extend to trackers
  • NoMoAds. Shuba et al.

26 Photo by Jimmy Nelson

slide-27
SLIDE 27

Anastasia Shuba

ashuba@uci.edu

NoMoAds Code and Dataset Available at:

http://athinagroup.eng.uci.edu/projects/nomoads

  • NoMoAds. Shuba et al.

27