are these ads safe detec ng hidden a4acks through mobile
play

Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web - PowerPoint PPT Presentation

Feb 24, 2024 •170 likes •481 views

Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang

  1. Are these Ads Safe: Detec/ng Hidden A4acks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang University 3 Northwestern University 4 Beijing University of Posts and TelecommunicaJons 5 Qatar University

  2. Consider This… 2

  3. Consider This… 3

  4. The Problem • Enormous effort toward analyzing malicious applicaJons • App may itself be benign • But may lead to malicious content through links • App-web interface • Links inside the app leading to web-content • Not well-explored • Types • AdverJsements • Other links in app 4

  5. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 5

  6. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 6

  7. App-Web Interface Characteris/cs • Can be highly dynamic • A link may recursively redirect to another before leading to a final web page • Links embedded in apps • Can be dynamically generated • Can lead to dynamic websites • AdverJsements • Ad libraries create links dynamically • Ad economics can lead to complex redirecJon chains 7

  8. Adver/sing Overview 8

  9. Ad Networks • Ad libraries act as the interface between apps and ad network servers • Ad networks may interface with each other • SyndicaJon – One network asks another to fill ad space • Ad exchange – Real-Jme aucJon of ad space • App or original ad network may not have control on ads served 9

  10. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 10

  11. Solu/on Components • Triggering : Interact with app to launch web links • Detec*on : Process the results to idenJfy malicious content • Provenance : IdenJfy the origin of a detected malicious acJvity • A_ribute malicious content to domains and ad networks 11

  12. Solu/on Architecture 12

  13. Triggering • Use AppsPlayground 1 • A gray box tool for app UI exploraJon • Extracts features from displayed UI and iteraJvely generates a UI model • A novel computer graphics-based algorithm for idenJfying bu_ons • See widgets and bu_ons as a human would 1 Rastogi, Vaibhav, Yan Chen, and William Enck. "AppsPlayground: automaJc security analysis of smartphone applicaJons.” In Proceedings of the third ACM conference on Data and applica6on security and privacy , pp. 209-220. ACM, 2013. 13

  14. Detec/on • AutomaJcally download content from landing pages • Use VirusTotal for detecJng malicious files and URLs 14

  15. Provenance • How did the user come across an a_ack? • Code-level a_ribuJon • App code • Ad libraries • Iden*fied 201 ad libraries • RedirecJon chain-level a_ribuJon • Which URLs led to a_ack page or content 15

  16. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 16

  17. Results • Deployments in US and China • 600 K apps from Google Play and Chinese stores • 1.4 M app-web links triggered • 2,423 malicious URLs • 706 malicious files 17

  18. Case Study: Fake AV Scam • MulJple apps, one ad network: Tapcontext • Ad network solely serving this scam campaign • Phishing webpages detected by Google and other URL blacklists about 20 days aier we detected first instance 18

  19. Case Study: Free iPad Scam • Asked to give personal informaJon without any return • New email address receiving spam ever since • Origins at Mobclix and Tapfortap • Ad exchanges • Neither developers nor the primary ad networks likely aware of this 19

  20. Case Study: iPad Scam from sta/c link • Another Scam, this Jme through a staJc link embedded in app • Link target opens in browser and redirects to scam • Not affiliated with Facebook 20

  21. Case Study: SMS Trojan Video Player • Ad from nobot.co.jp leads to download a movie player • Player sends SMS messages to a premium number without user consent Click on ad 21

  22. Outline App-Web Interface CharacterisJcs SoluJon Results Conclusion 22

  23. Limita/ons • Incomplete detecJon • AnJviruses and URL blacklists are not perfect • Our work DroidChameleon 2 shows this • Incomplete triggering • App UI can be very complex • May sJll be sufficient to capture adverJsements 2 Rastogi, Vaibhav, Yan Chen, and Xuxian Jiang. "Catch me if you can: EvaluaJng android anJ-malware against transformaJon a_acks." Informa6on Forensics and Security, IEEE Transac6ons on 9.1 (2014): 99-108. 23

  24. Conclusion • Benign apps can lead to malicious content • Provenance makes it possible to idenJfy responsible parJes • Can provide a safer landscape for users • Screening offending applicaJons • Holding ad networks accountable for content • Working with CNCERT to improve the situaJon 24

  25. Future Work • Speeding up collecJon of ads • Goals of analyzing an order of magnitude more ads in shorter Jme 25

  26. SoOware and Dataset • Dataset of 201 ad libraries: h_p://bit.ly/adlibset • New release of AppsPlayground: h_p://bit.ly/appsplayground 26

  27. Thank you! 27

  28. Backup 28

  29. Related Work • Web MalverJsing • Other ad security and Privacy • UI exploraJon • Malware analysis and detecJon 29

  30. Comparison with Web Malver/sing • Focus on mobile applicaJons • Triggering component for web malverJsing is trivial • Different malware propagaJon mechanisms: drive- by-downloads vs. trojans 30

Recommend

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 ,

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 ,

Are these Ads Safe: Detecting Hidden Attacks through Mobile App-Web Interfaces Vaibhav Rastogi 1 , Rui Shao 2 , Yan Chen 3 , Xiang Pan 3 , Shihong Zou 4 , and Ryan Riley 5 1 University of Wisconsin and Pennsylvania State University 2 Zhejiang

490 views • 27 slides
Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson

Retroac(ve Detec(on of Malware with Applica(ons to Mobile Pla8orms Markus Jakobsson KarlAnders Johansson FatSkunk 1 Market forecast for mobile More smartphones than PCs in 23 years Dominant pla@orms targeted 4G will fuel

790 views • 16 slides
T ruth in Advertising: The Hidden Cost of Mobile Ads for Software Developers Jiaping Gui

T ruth in Advertising: The Hidden Cost of Mobile Ads for Software Developers Jiaping Gui

T ruth in Advertising: The Hidden Cost of Mobile Ads for Software Developers Jiaping Gui (jgui@usc.edu), , Stuart t Mcil ilroy, , Meiy iyappa pan Nagapp ppan an, , Will lliam iam G.J. Half lfond ond This work was supported by NSF

377 views • 27 slides
Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa)

Surveillance Event Detec/on (SED) Time ime Pres esent entation ion 11:10 11:30 Task Overview (NIST) Surveillance Event Detec/on 11:30 11:50 University of Ottawa (VIVA_uOttawa) 11:50 12:10 Dublin City

674 views • 28 slides
Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Ac,ve a4acks on CPA-secure encryp,on Dan Boneh Recap:

Online Cryptography Course

1.02k views • 62 slides
Safe Driving Techniques Road Safety Management Use of mobile phones Safe Driving Policy

Safe Driving Techniques Road Safety Management Use of mobile phones Safe Driving Policy

Safe Driving Techniques Road Safety Management Use of mobile phones Safe Driving Policy Driving License checks / Driving on School penalty points Premises Tiredness whilst driving Weekly Vehicle Condition Checks Van

161 views • 14 slides
Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about

Object Detec)on Ali Farhadi CSE 576 We have talked about Nearest Neighbor Nave Bayes Logis)c Regression Boos)ng We saw face

707 views • 36 slides
Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0

Framing and error detec.on 1 1 0 1 1 0 0 1 1 0 1 0 1 0 1 1 1 0 1 1 0 0 1 1 1 0 1 1 0 0 0 1 1 0 1 1 0 1 1 1 1 0 1 1 1 0 0 1 1 0 1 1 1 0 1 1 1 0 1 0 CSCI 466: Networks Keith Vertanen

461 views • 27 slides
OverFeat Integrated Recogni.on, Localiza.on and Detec.on using

OverFeat Integrated Recogni.on, Localiza.on and Detec.on using

OverFeat Integrated Recogni.on, Localiza.on and Detec.on using Convolu.onal Networks Sermanet et. al Presenta.on by Eric Holmdahl Roadmap 1. Goal 2. Background

743 views • 47 slides
1/24/14 February 7, 2014 Fraud Detec/on and Preven/on

1/24/14 February 7, 2014 Fraud Detec/on and Preven/on

1/24/14 February 7, 2014 Fraud Detec/on and Preven/on Presented by: Steve Wischmann, CPA, CFE, CFF, CCFE, MAFF Agenda 1. Actual Minnesota School Cases in the

497 views • 12 slides
DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements

DISTROY: Detec-ng IC Trojans with Compressive Measurements Youngjune Gwon, H. T. Kung, and Dario Vlah Harvard University August 9, 2011 Understanding

415 views • 17 slides
Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S.

Detec%ng Inconsistencies in JavaScript MVC Applica%ons Frolin S. Ocariza, Jr., Karthik PaAabiraman and Ali Mesbah University of British Columbia Most popular

504 views • 37 slides
Character Codes and Error Detec=on 2 Homework #1

Character Codes and Error Detec=on 2 Homework #1

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Character Codes and Error Detec=on 2 Homework #1

456 views • 17 slides
2012 TRECVID Workshop Mul$media Event Detec$on Task Jonathan

2012 TRECVID Workshop Mul$media Event Detec$on Task Jonathan

Mul$media Event Detec$on Task Time ime Pres esent entation ion Task Overview (NIST) 9:20 9:40 9:40 10:00 Access to Audiovisual Media (AXES) 10:00 10:20 SRI International; Sarnoff Corporation (Aurora) Break in the

549 views • 21 slides
Edge Detec)on CSE 576 Ali Farhadi Many slides from Steve

Edge Detec)on CSE 576 Ali Farhadi Many slides from Steve

Edge Detec)on CSE 576 Ali Farhadi Many slides from Steve Seitz and Larry Zitnick Edge ABneave's Cat (1954) Origin of edges surface normal discontinuity depth

556 views • 40 slides
Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved (hidden) states. We call the observed event

741 views • 13 slides
Genera&ng entanglement in solids, and detec&ng entanglement

Genera&ng entanglement in solids, and detec&ng entanglement

Genera&ng entanglement in solids, and detec&ng entanglement for QKD Josh Nunn Clarendon Laboratory, Oxford University, UK & NRC, Security &

393 views • 25 slides
Op#mizing the Alloca#ve Efficiency of TB Case Detec#on

Op#mizing the Alloca#ve Efficiency of TB Case Detec#on

Op#mizing the Alloca#ve Efficiency of TB Case Detec#on Interven#ons: What are the Key Considera#ons ? 22 nd September 2017 Glion TB MAC mee.ng Nicole

363 views • 21 slides
FluxBuster Early Detec+on of Malicious Flux Networks via

FluxBuster Early Detec+on of Malicious Flux Networks via

FluxBuster Early Detec+on of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis Roberto Perdisci S ecurity N etwork University of Georgia I ntelligence

530 views • 15 slides
2014 TRECVID Workshop: Surveillance Event Detec/on (SED)

2014 TRECVID Workshop: Surveillance Event Detec/on (SED)

2014 TRECVID Workshop: Surveillance Event Detec/on (SED) Retrospec;ve + Interac;ve (rSED+iSED) Task Overview Na/onal Ins/tute of Standards and Technology (NIST)

338 views • 19 slides
MOBILE ADVERTISING Agenda Get off to a mobile start with Media Impact! Why mobile? MI

MOBILE ADVERTISING Agenda Get off to a mobile start with Media Impact! Why mobile? MI

MOBILE ADVERTISING Agenda Get off to a mobile start with Media Impact! Why mobile? MI Portfolio Mobile programmatic Mobile targeting Mobile formats Specials 2 Mobile Advertising @ MI WHY MOBILE? Traffic shift to the mobile web

862 views • 30 slides
WINNER http://communitymeeting.ocps.net/ Hidden Oaks Elementary School 40% Construction

WINNER http://communitymeeting.ocps.net/ Hidden Oaks Elementary School 40% Construction

Orange County Public Schools Welcome! Please sign in on your mobile device: WINNER http://communitymeeting.ocps.net/ Hidden Oaks Elementary School 40% Construction Community Meeting February 5, 2018 Superintendent Dr. Barbara Jenkins

453 views • 23 slides
A Simula)on of Document Detec)on Methods and Reducing False

A Simula)on of Document Detec)on Methods and Reducing False

A Simula)on of Document Detec)on Methods and Reducing False Posi)ves for Private Stream Searching Michael Oehler University of Maryland Bal)more County

523 views • 28 slides

More recommend